Red Hat Security Advisory RHSA-2001:007-03 - Several security problems have been found in the bind 8.2.2 series - Upgrade to 8.23! Official ISC Bind security document here.
b90668b65b8d69987023eab5f6a619fb41798252be294d436ee538efb74a81f1Red Hat Security Advisory RHSA-2001:005-03 - New micq packages are available which fix a buffer overflow vulnerability in micq v0.4.6.
91fa11d7bbaf73cf8be4bec6a8afdbcaa2e61cf6c55d10f0320ef90720ab2c5cRed Hat Security Advisory RHSA-2000:136-10 - PHP 3.0.17 can be caused to crash by clients uploading "multipart/form-data" information with form requests. Security holes in versions 4.0.0 through 4.0.4 of the PHP Apache module have been found.
49bd516233cab75acb589e5fe6145f0b36672f93b47ed654481f0bb48d780d9bRed Hat Security Advisory RHSA-2001:004-04 - A remote format string vulnerability in Icecast v1.3.8beta2 allows remote code execution. Icecast 1.3.7 is not vulnerable.
3f93642683d664439de5c1193de406878913711c80313f610e5f8ab639b1eb95Red Hat Security Advisory RHSA-2001:001-05 - A couple of bugs in GNU C library 2.2 concerning the RESOLV_HOST_CONF and RES_OPTIONS variables allow local root access under Red Hat 7.0 for alpha, alphaev6, i386, and i686.
68c7fd6a04f561babd93e36fa2aa23aee25e038b7073bb5db4908fd20d34aa20Red Hat Security Advisory RHSA-2001:001-05 - A couple of bugs in GNU C library 2.2 allow unprivileged user to read restricted files and preload libraries in /lib and /usr/lib directories into SUID programs even if those libraries have not been marked as such by system administrator. This allows users to create or overwrite a file he did not have permissions to.
f093940dbad2e26f43305ea5252e4af144e7fdcd7673d8c14438879648f383eaRed Hat Security Advisory - New slocate packages are available for Red Hat Linux 6.x and Red Hat Linux 7. These fix a heap overflow in the database parsing code of slocate allowing group slocate access.
9ef88c164fb6814d053efbaecb132a8bed3a64a0558c53ee57f3796cba96c540Red Hat Security Advisory - Bad TCP packets (e.g. a SYN packet with kind=3, len=0) over a PPP-over-Ethernet link could lock up rp-pppoe, making it vulnerable to a remote denial of service attack.
4f1fe9966d6cf70c97c2b8b494b85e06c41e213cd709a98b257807d891031a5eRed Hat Security Advisory - When importing keys from public key servers, GnuPG will import private keys (also known as secret keys) in addition to public keys. If this happens, the user's web of trust becomes corrupted. Additionally, when used to check detached signatures, if the data file being checked contained clearsigned data, GnuPG would not warn the user if the detached signature was incorrect. Updated GnuPG packages are available for Red Hat 6.x and 7.x.
a3d7a469d62f08607589d4d684c30cde65da46296d86d4bf17374486f4d6ffb7Red Hat Security Advisory - When invoked in daemon mode (that is, without the -l or -f flags), stunnel will attempt to log its process ID to a file in the /var/stunnel directory, which does not exist. This errata changes the default directory used for PID files to /var/run.
0a182e09569679f9691a22b66cc4510f387b1bc75c377fbebc37fdc213c6d47fRed Hat Security Advisory - The ed editor used files in /tmp in an insecure fashion. It was possible for local users to exploit this vulnerability to modify files that they normally could not and gain elevated privilege.
603f90530a97c999b489e1a19cb700af30630f6caf6f02cf9dd87d401c6b6620Red Hat Security Advisory - A problem exists where BitchX will process malformed DNS answers, allowing an attacker to crash the client, or possibly access the BitchX session remotely. This is fixed in v1.0c17-3.
b63aa4217992472a30e4427aab9dce2b9401c5bb0e47d6b1a64b2995359b2286Red Hat Security Advisory - Versions 6.09 and below of tcsh are vulnerable to a symbolic link attack. This attack can be used to cause users to destroy the contents of any file to which they have write access.
3df29adf6dbe722e28a079d8f2473dd032276ccd0f6fd07b4a2b51d0bd2478d3Red Hat Security Advisory - Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x both included a new module, pam_localuser. Although this module is not used in any default configurations, the version included was vulnerable to a buffer overflow. These updates remove this vulnerability and fix various other bugs.
d77b25d8dfbe12f53d1d71298b9ae3fc1c097de5731d8ab094222b7af68bbab1Red Hat Security Advisory - A race vulnerability exists where a user can replace the tempfile used by diskcheck with symlinks to other files on the system, making it possible to corrupt those files.
59fe9fff331f4a988eb4bfa0273ba0fb534afdb6bb9907fd7977767c54743cbeRed Hat Security Advisory - Ethereal prior to v0.8.14 allow remote root compromise.
08ce870b0a83f42cf086106e856eb6e7b15629e040e331549bfa6b3469222631Red Hat Security Advisory - An exploitable buffer overflow was found in ncurses in a part of the library which handles cursor movement which allows users to supply their own termcap files, allowing local root access.
d15bdb6eccbac5dd497e03b31d5063f15bcef95f00b8622cb440c683a5502ca0Red Hat Security Advisory - modutils, a package that helps the kernel automatically load kernel modules when they are needed, can be abused to execute code as root. Modutils versions between 2.3.0 and 2.3.20 are affected.
d79f35e014cc137a2c1518dabb49bb3452dd651410f58f0abcc7a452fbc9522eRed Hat Security Advisory - The usermode package contains a binary (/usr/bin/userhelper), which is used to control access to programs which are to be executed as root. Because programs invoked by userhelper are not actually running setuid-root, security measures built into recent versions of glibc are not active. If one of these programs supports internationalized text messages, a malicious user can use the LANG or LC_ALL environment variables (which are inherited by userhelper and, in turn, any programs it runs) to create a format-string exploit in these programs.
1db0f0456fa0d2b426f0fb186273f3437f1e0cbc4de2f5ae56b730e83a612f38Red Hat Security Advisory - Adding specific headers to messages, the pine mail reader v4.21 and the imap server could be made to exit with an error message when users attempted to manipulate mail folders containing those messages.
940bdfed990b3d5a0cd95e63dddf3ebbbb155b9cb2670e92b144e217d665d80bRed Hat Security Advisory - A remote denial of service attack is possible with bind versions prior to 8.2.2_P7.
230026a4ceabecb9b80e8daf329e37d2916897959e5ee27d66dc9ccc9a0cbfd4Red Hat Security Advisory - Security bugs in versions of Apache prior to 1.3.14 also affect Secure Web Server. A new release which incorporates 1.3.14 is now available.
a181d3fd1059016120a792f663ad268dd8d8ff7cedb6c5fa62b4b58a691b45f6Red Hat Security Advisory - A race condition has been found in the nss_ldap package. On a system running nscd, a malicious user can cause the system to hang.
b0ff2e8318af3671349742cf35fd68147fca878ced41e292fef56b78503daa80Red Hat Security Advisory - Systems using Network Information Service, or NIS, use a daemon called ypbind to request information from a NIS server. This information is then used by the local machine. The logging code in ypbind is vulnerable to a printf string format attack which an attacker could exploit by passing ypbind a carefully crafted request. This attack can successfully lead to local root access.
e2bc8aaefde02362fb2ac9bbc2b600f1dc777f40f304caf14d43b4a03937deaeRed Hat Security Advisory - A bug in some versions of curl would cause it to incorrectly parse error responses from FTP servers. A malicious FTP server could use this bug to crash its client.
6e2391e0dd98aa5ea6b0bdd5a4deb92efc6e3d76dcb3ae579ee35b9362294747
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed