[security] Security updates

Lorenzo Iannuzzi nakis a libero.it
Sab 10 Apr 2004 14:33:42 CEST


http://lwn.net/Articles/79998/

Here are the security updates for Friday: 

Gentoo has posted the following updates:

Heimdal, a Kerberos 5 implementation has a cross-realm vulnerability,

iproute can be used by local users to create a denial of service attack.

There are multiple vulnerabilities in pwlib that can be exploited to
create a remote denial of service or buffer overflow attack.

A format string attack in the game Scorched 3D can lead to a game server
denial of service.

MandrakeSoft has updated the ipsec-tools packages. Racoon, the IKE
daemon of the KAME-tools, fails to verify the RSA signature on initial
connection.

http://www.kb.cert.org/vuls/id/323070

   A cross-domain scripting vulnerability in Microsoft Internet Explorer
   (IE) could allow an attacker to execute arbitrary code with the
   privileges of the user running IE. The attacker could also read and
   manipulate data on web sites in other domains or zones.
-- 

Ciao e alla prossima!
Lorenzo




Maggiori informazioni sulla lista security