[security] Security alerts
Lorenzo Iannuzzi
nakis a libero.it
Dom 8 Feb 2004 10:27:49 CET
http://lwn.net/Articles/69987/
Red Hat fixes cross-site scripting vulnerabilities in mailman and
temporary file vulnerabilities in netPBM.
Fedora fixes security holes in netpbm.
Debian fixes a heap overflow in mpg123.
http://www.sgi.com/support/security/
userland binary vulnerabilities update
The original patch 5424 had two library mismatches causing 4Dwm to hang
with rld errors appearing in SYSLOG and problems with gr_osview. New
patches 5473 and 5474 have been released to fix these issues.
http://www.pine.nl/press/pine-cert-20040201.txt
A programming error in the shmat(2) system call can result in a shared
memory segment's reference count being erroneously incremented.
http://distro.conectiva.com.br/atualizacoes/?idioma=en
CONECTIVA LINUX SECURITY ANNOUNCEMENT
libtool: insecure handling of temporary files
Joseph S. Myers and Stefan Nordhausen independently found a
vulnerability in the way the ltmain.sh script (which is part of
the libtool package) creates temporary directories for its use.
A local attacker could exploit this vulnerability to change/delete
arbitrary files in the system on behalf of the user who is calling
the script.
http://www.us-cert.gov/cas/techalerts/TA04-036A.html
Several versions of Check Point Firewall-1 contain a vulnerability
that allows remote attackers to execute arbitrary code with
administrative privileges. This allows the attacker to take
control of the firewall, and in some cases, to also control the
server it runs on.
--
Ciao e alla prossima!
Lorenzo nakis a libero.it
Ci sono 10 tipi di persone al mondo. Quelle che comprendono
i binari e quelle che non li comprendono.
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: non disponibile
Tipo: application/pgp-signature
Dimensione: 244 bytes
Descrizione: non disponibile
Url: http://itlists.org/pipermail/security/attachments/20040208/1e9ca516/attachment.pgp
Maggiori informazioni sulla lista
security