Red Hat Security Advisory RHSA-2001:063-02 - When modifying an unsuspecting user's private keyring, an attacker can cause a user to generate incorrect signatures for data. If a user generates both a correct and an incorrect signature for the same data, the different signatures can be used to compute the user's secret key. This is fixed in v1.0.5.
f0495b4a79ee9ef8d5489f6b7cff1ee6128afd0bad6c90054acfcb63d3f51f65Red Hat Security Advisory RHSA-2001:060-04 - Updated Kerberos 5 packages are now available for Red Hat Linux 6.2, 7, and 7.1, due to the discovery of several buffer overflows.
a485986767aedff1e0389289f0c1cfd5aba7bde259b7928671e3053a2fa52f0bRed Hat Security Advisory RHSA-2001:067-03 - The minicom program allows any user with local shell access to obtain group uucp privileges due to format string bugs. It may also be possible for the malicious user to obtain root privileges as well.
697cd3fe3544adc24391407f06963c01210253ec84199b9233c9afe9546204f5Red Hat Security Advisory RHSA-2001:058-04 - Updated mount packages fixing a potential security problem are available. If any swap files were created during installation of Red Hat Linux 7.1 (they were created during updates if the user requested it), they were world-readable, meaning every user could read data in the swap file(s), possibly including passwords. The affected swap files are called /mountpoint/SWAP and /mountpoint/SWAP-(numeral). The new mount command enforces sane permissions on swap space.
124b8b8ddbcaa829ee3032564a659dd5977018fbbda66ea69f56615192c30a6cRed Hat Security Advisory RHSA-2001:059-03 - kdesu created a world-readable temporary file to exchange authentication information and delete it shortly after. This can be abused by a local user to gain access to the X server and can result in a compromise of the account kdesu accesses.
ba07e8c2e770d6a3392d1ba7d78a980ab3b7a12aaf0d6beae53b1a763be874b0Red Hat Security Advisory RHSA-2001:053-06 - A format string bug was fixed in gftp, which is present in versions below 2.08.
0b467ae59c0182524cf73277d8c629a3919eb2f6616ae25229cb6176d0184fd2Red Hat Security Advisory RHSA-2001:047-03 - All Linux kernels prior to version 2.2.19 include possibilities for local denial of service or root exploits by exercising race conditions between the ptrace, exec, and/or suid system calls. Additionally, the sysctl system call included programming errors allowing a user to write to kernel memory. The 2.2.19 kernel fixes these problems.
7372e4cee1b52dc79e7f75bec31df9e9dced09ae503395416bd50c1899f96fc9Red Hat Security Advisory RHSA-2001:046-03 - Netscape v4.77 has been released, fixing a problem with the handling of JavaScript in certain situations. Netscape did not escape GIF file comments in the image information page, allowing JavaScript commands embedded therein to be executed. These commands could access data such as the browser history.
5628f2c69aca6539e8ef52172f7db8f0811c99e6e034e02612ce4430c91dca21Red Hat Security Advisory RHSA-2001:042-02 - Updated pine packages are now available for Red Hat Linux 7.0, 6.2, and 5.2. These new updated packages fix temporary file creation issues in the pine mail client and the pico text editor that comes with pine.
9650d27684dd3a9384e0c8b6eacfde394e79da70ae4f6210b7014d748d69997eRed Hat Security Advisory RHSA-2001:045-05 - The Network Time Daemon (ntpd) supplied with all releases of Red Hat Linux is vulnerable to a buffer overflow, allowing a remote attacker to gain root access to a machine. All users of ntpd are strongly encouraged to upgrade.
dcd6a51d0e23b3b205c6c8584adddae70428954c2649ae647c767c863cf63a79Red Hat Security Advisory RHSA-2001:025-14 - Updated Kerberos 5 packages are now available for Red Hat Linux 6 and 7. These packages fix a vulnerability in the handling of Kerberos IV ticket files. Updated pam_krb5 packages are now available for Red Hat Linux 7.
8a2bf8449a320da4b4aab81e8e293d1d6cfa51b74d11d33adb8b8a0cb2e231f2Red Hat Security Advisory - Updated openssh packages are now available for Red Hat Linux 7. These packages reduce the amount of information a passive attacker can deduce from observing an encrypted session.
0b900304832b8e465535d56fbb8523658242722e02faf05f7596b5365efb7fa7Red Hat Security Advisory RHSA-2001:022-03 - licq as shipped with Red Hat Linux 7 is vulnerable to two security problems: An overrunnable buffer in its logging code, and an unguarded system() call to execute an external browser when receiving an URL.
8f5f72653aa50de5efc4afe6a9def7782f8fc6fd913d04cef6110d9ea07fd2daRed Hat Security Advisory RHSA-2001:008-02 - Users could embed malicious VIM control codes into a file - as soon as any user opened that file in vim-enhanced or vim-X11 with the status line option enabled in .vimrc, the commands would be executed as that user.
b6dc89c93189714892646a74961f273589bb71fc6037041727726eb9afe10715Red Hat Security Advisory RHSA-2001:019-02 - An exploitable buffer overflow exists in sudo prior to v1.6.3p6.
127211ea89ceb4f5e71711e19609fbfe9298d7dbb4b22275f138f5369385c9feRed Hat Security Advisory RHSA-2001:027-02 - The sgml-tools uses temp files in an insecure fashion. Upgrade to the newest version.
39eb11b23194fe2bfc8dddc989a9876eeb485ff682d70ccd2fa97242f8657279Red Hat Security Advisory RHSA-2001:029-02 - Format string vulnerabilities have been found in the IMAP code included with the mutt mail reader previous to v1.2.5, allowing a compromised or malicious IMAP server to execute code on the local machine.
651182840249b7d25c5e1384bd25fa4e5a19abf492e0af16ec9899b35d4b156aRed Hat Security Advisory RHSA-2001:028-02 - An overflow exists in the slrn package as shipped in Red Hat Linux 7 and Red Hat Linux 6.x, which leads to remote users executing arbitrary code as the user running slrn.
da1dfcdf5e3c474abd98091c906590120e6935b352dfa01345aa842c9d76f583Red Hat Security Advisory RHSA-2001:024-03 - When starting, joe looks for a configuration file in the current working directory, the user's home directory, and /etc/joe. A malicious user could create a .joerc file in a world writable directory such as /tmp and make users running joe inside that directory using a .joerc file that is customized to execute commands with their own userids.
8b5a10a9804ce067254628d3ab15350f4142534e18a05cdbc16ad6644fe09ef0Red Hat Security Advisory RHSA-2001:021-06 - Zope v2.3.1b1 and below contains vulnerabilities which allow users with through-the-web scripting capabilities on a Zope site to make inappropriate changes to ZClass instances.
b1ad22b20aafe367c47d50a1609b50e47d38a5a98223a48780d1dd4eb4199170Red Hat Security Advisory RHSA-2001:017-03 - The Red Hat Secure Web Server 2.0 contains a vulnerability in Analog which can allow a malicious user to use the ALIAS command to construct very long strings which were not checked for length.
937c98584adb80c8c76e1a4ead91999c86c9013777778032594796c4f8feb7bfRed Hat Security Advisory RHSA-2001:014-03 - A locally exploitable buffer overflow was found in the crontab command in the handling of long usernames - If the system administrator has created usernames 20 characters long, it is possible for those users to gain elevated privileges.
c9d942e6d811a70f2061f713b8b18bc5e93bc8d091867ffd6a3f723608aeeddcRed Hat Security Advisory RHSA-2001:013-05 - Three security holes have been fixed in the kernel. One involves ptrace, another involves sysctl, and the last is specific to some Intel CPUs. All three security holes involve local access only (they do not provide a hole to remote attackers without a local account). The ptrace and sysctl bugs provide local users with the potential to compromise the root account. Fixed in kernel 2.2.18-pre9.
0bab4c7593987c858fbbb1affa932e778dae773014e6cbe56e38b52de9d9d599Red Hat Security Advisory RHSA-2001:003-07 - The MySQL database that shipped with Red Hat Linux 7 and the updates for it have been reported by the MySQL authors to have remote security problems.
a0144be31b562e97acf32766b5a13bde7e12fac4482da39f4e8b8096cf33ce43Red Hat Security Advisory RHSA-2001:006-03 - The inetd server as shipped with Red Hat Linux 6.2 fails to close sockets for internal services properly, causing services to stop working when the system had leaked sufficient resources.
26ee89e77c1225e310e1167144b7338d1c66d1e87cb314ea3f258ab54769f139
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed