[security] Security advisories

Lorenzo Iannuzzi nakis a libero.it
Mer 21 Apr 2004 10:48:53 CEST


http://lwn.net/Articles/81332/

Mandrake fixes a temporary file vulnerability in xine-ui and a samba
privilege escalation. 

White Box fixes a client vulnerability in cvs, a URL decoding
vulnerability in squid and recommends an upgrade to OpenOffice.org 1.1
which patches the neon vulnerability in openoffice.

http://isec.pl/vulnerabilities/isec-0015-msfilter.txt

Linux kernel 2.4.22 - 2.4.25, 2.6.1 - 2.6.3
A critical security  vulnerability has been found in the Linux kernel in 
the ip_setsockopt() function code.

http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml

A vulnerability in the Transmission Control Protocol (TCP) specification
(RFC793) has been discovered by an external researcher. The successful
exploitation enables an adversary to reset any established TCP connection
in a much shorter time than was previously discussed publicly. Depending
on the application, the connection may get automatically re-established.
In other cases, a user will have to repeat the action (for example, open
a new Telnet or SSH session). Depending upon the attacked protocol, a
successful attack may have additional consequences beyond terminated
connection which must be considered. This attack vector is only
applicable to the sessions which are terminating on a device (such as a
router, switch, or computer), and not to the sessions that are only
passing through the device (for example, transit traffic that is being
routed by a router). In addition, the attack vector does not directly
compromise data integrity or confidentiality.
-- 

Ciao e alla prossima!
Lorenzo




Maggiori informazioni sulla lista security