25 most recent entries:
RedHat: Important: cups security update (Oct 10 2008 03:57 GMT)
LinuxSecurity.com: Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. A buffer overflow flaw was discovered in the SGI image format decoding routines used by the CUPS image converting filter "imagetops". An attacker could create a malicious SGI image file that could, possibly, execute arbitrary code as the "lp" user if the file was printed.
Fedora 9 Update: postfix-2.5.5-1.fc9 (Oct 09 2008 17:34 GMT)
LinuxSecurity.com: New upstream patch level version 2.5.5, including multiple security fixes detailed in upstream announcements:
Fedora 8 Update: postfix-2.5.5-1.fc8 (Oct 09 2008 17:32 GMT)
LinuxSecurity.com: New upstream patch level version 2.5.5, including multiple security fixes detailed in upstream announcements:
Gentoo: Portage Untrusted search path local root vulnerability (Oct 09 2008 13:37 GMT)
LinuxSecurity.com: A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories.
Debian: New iceweasel packages fix several vulnerabilities (Oct 08 2008 16:16 GMT)
LinuxSecurity.com: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems:
Debian: New mon packages fix insecure temporary files (Oct 08 2008 15:34 GMT)
LinuxSecurity.com: Dmitry E. Oboukhov discovered that the test.alert script used in one of the alert functions in mon, a system to monitor hosts or services and alert about problems, creates temporary files insecurely, which may lead to a local denial of service through symlink attacks.
Mandriva: Subject: [Security Announce] [ MDVA-2008:134 ] rpm (Oct 07 2008 17:40 GMT)
LinuxSecurity.com: This package update adds support for LZMA compression in rpm. This will allow users of Mandriva Linux 2007.1 to upgrade to the Mandriva Linux 2009.
Mandriva: Subject: [Security Announce] [ MDVA-2008:133 ] timezone (Oct 07 2008 16:50 GMT)
LinuxSecurity.com: Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information.
RedHat: Moderate: condor security, (Oct 07 2008 16:04 GMT)
LinuxSecurity.com: Updated condor packages that fix multiple security issues, several bugs and introduce feature enhancements are now available for Red Hat Enterprise MRG 1.0 for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
RedHat: Moderate: condor security, (Oct 07 2008 16:01 GMT)
LinuxSecurity.com: Updated condor packages that address multiple security issues, fix several bugs, and introduce feature enhancements are now available for Red Hat Enterprise MRG 1.0 for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
RedHat: Important: kernel security and bug fix update (Oct 07 2008 15:58 GMT)
LinuxSecurity.com: Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.0. This update has been rated as having important security impact by the Red Hat Security Response Team.
Gentoo: WordNet Execution of arbitrary code (Oct 07 2008 14:13 GMT)
LinuxSecurity.com: Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code.
Debian: New mplayer packages fix integer overflows (Oct 05 2008 16:55 GMT)
LinuxSecurity.com: Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially the execution of arbitrary code by supplying a maliciously crafted video file.
Debian: New feta packages fix denial of service (Oct 05 2008 07:53 GMT)
LinuxSecurity.com: Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks.
Mandriva: Subject: [Security Announce] [ MDVA-2008:132 ] mandriva-release (Oct 03 2008 21:50 GMT)
LinuxSecurity.com: mandriva-release for Mandriva 2008 Spring should contain a product_branch set to Official, and not devel, otherwise it could lead to an error with the new mdkonline. The updated package fixes it.
Mandriva: Subject: [Security Announce] [ MDVA-2008:131 ] rpmdrake (Oct 03 2008 21:40 GMT)
LinuxSecurity.com: This update fixes several minor issues in rpmdrake: - it fixes a crash due to bad timing with the X server (#41010) - it fix empty per importance lists of updates in rpmdrake (list of all updates was OK, MandrivaUpdate was OK) (#41331) (regression introduced in 3.95 on 2007-09-14)
Mandriva: Subject: [Security Announce] [ MDVA-2008:130 ] drakxtools (Oct 03 2008 21:30 GMT)
LinuxSecurity.com: This update fixes several minor issues in drakxtools: - it fixes management of XEN kernels in bootloader-config, when adding a new kernel, a xen entry should not replace an existing 'linux' (#40865) - it fixes a crash in rpmdrake when description begins by Gtk2::.. (#43802) It also really enable draksnapashot to use Gtk+-2's new FileChooserDialog in future.
Mandriva: Subject: [Security Announce] [ MDVSA-2008:210 ] mono (Oct 03 2008 20:15 GMT)
LinuxSecurity.com: CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
RedHat: Moderate: pam_krb5 security update (Oct 02 2008 10:33 GMT)
LinuxSecurity.com: An updated pam_krb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
RedHat: Important: tomcat security update (Oct 02 2008 10:33 GMT)
LinuxSecurity.com: Updated tomcat packages that fix multiple security issues are now available for Red Hat Developer Suite 3. This update has been rated as having important security impact by the Red Hat Security Response Team.
RedHat: Important: tomcat security update (Oct 02 2008 10:32 GMT)
LinuxSecurity.com: Updated tomcat packages that fix several security issues are now available for Red Hat Application Server v2. This update has been rated as having important security impact by the Red Hat Security Response Team.
RedHat: Moderate: thunderbird security update (Oct 01 2008 13:50 GMT)
LinuxSecurity.com: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
RedHat: Important: xen security and bug fix update (Oct 01 2008 13:50 GMT)
LinuxSecurity.com: Updated xen packages that resolve a couple of security issues and fix a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.
RedHat: Moderate: wireshark security update (Oct 01 2008 13:50 GMT)
LinuxSecurity.com: Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Mandriva: Subject: [Security Announce] [ MDVSA-2008:208 ] pam_mount (Sep 29 2008 22:39 GMT)
LinuxSecurity.com: pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount.
|
