[security] security advisories
nakis a libero.it
Sab 24 Apr 2004 12:57:35 CEST
Mandrake fixes a vulnerability in the Socks-5 proxy code in xchat and
two utempter vulnerabilities.
Debian fixes an exploitable buffer overflow in ident2.
Red Hat fixes a symlink overflow in the iso9660 filesytem in the
athlon/x86 kernel, multiple vulnerabilities in the IA64 kernel and a DoS
vulnerability in XFree86. (All apply to RHEL 2.1) This kernel advisory
is for RHEL 3.
Trustix fixes a root exploit in Linux kernel multicast code.
Fedora fixes several vulnerabilities in the 2.4.22 kernel.
Upgraded to xine-lib-1-rc3c.
This release fixes a security problem where opening a malicious MRL
could write to system (or other) files.
Upgraded to xine-ui-0.99.1,
which fixes a similar MRL security issue.
There are two distinct denial of service vulnerabilities addressed by this
1. Null-pointer assignment during SSL handshake
A carefully crafted SSL/TLS handshake against a server which
uses the OpenSSL library may result in a crash. Depending on how
the application uses the OpenSSL library, this may result in a
denial of service.
2. Out-of-bounds read affects Kerberos ciphersuites
A second flaw in the SSL/TLS handshake could cause a server
configured to use the Kerberos ciphersuites to crash if a carefully
crafted sequence of packets is sent by an attacker.
The longstanding TCP protocol specification has several weaknesses.
- fabricated RST packets from a malicious third party can tear down a
- fabricated SYN packets from a malicious third party can tear down a
- a malicious third party can inject data to TCP session without much
NetBSD also had an additional implementation flaw, which made these
SGI has released SGI Advanced Linux Environment security update #18,
which includes updated RPMs for SGI ProPack v2.3 and SGI ProPack v2.4
for the SGI Altix family of systems, in response to the following
Updated cadaver package fixes security vulnerability in neon
Updated mailman package closes DoS vulnerability
Updated squid package fixes security vulnerability
Updated CVS packages fix security issue
Ciao e alla prossima!
Maggiori informazioni sulla lista