[security] security updates
Lorenzo Iannuzzi
nakis a libero.it
Gio 1 Apr 2004 11:42:39 CEST
http://lwn.net/Articles/78422/
Conectiva has updated ethereal (yet another pile of remotely exploitable
vulnerabilities), libxml2 (remotely exploitable buffer overflow),
openssl (denial of service vulnerabilities), and mc (symlink
vulnerability exploitable via a crafted tar archive).
Gentoo has updated mplayer (remotely exploitable buffer overflow), squid
(ACL bypass vulnerability), openldap (denial of service problems), mc,
fetchmail (denial of service vulnerability), and monit (buffer
overflow).
MandrakeSoft has updated ethereal and squid.
Red Hat has issued an update for ethereal.
http://www.sco.com/support/security/index.html
vim 6.0 and 6.1, and possibly other versions, allows attackers
to execute arbitrary commands using the libcall feature in
modelines, which are not sandboxed but may be executed when
vim is used as an editor for other products such as mutt.
The login program in util-linux 2.11 and earlier uses a pointer
after it has been freed and reallocated, which could cause login
to leak sensitive data.
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and
earlier, may allow attackers to break out of safe compartments
in (1) Safe::reval or (2) Safe::rdo using a redefined @_
variable, which is not reset between successive calls.
--
Ciao e alla prossima!
Lorenzo
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: non disponibile
Tipo: application/pgp-signature
Dimensione: 244 bytes
Descrizione: non disponibile
Url: http://itlists.org/pipermail/security/attachments/20040401/cb677fe6/attachment.pgp
Maggiori informazioni sulla lista
security