[security] Security Advisories

Lorenzo Iannuzzi nakis a libero.it
Gio 26 Feb 2004 21:35:43 CET 

http://www.mandrakesecure.net/en/advisories/

 Paul Staretz discovered a flaw in return value checking in the
 mremap() function in the Linux kernel, versions 2.4.24 and previous
 that could allow a local user to obtain root privileges.

 A vulnerability was found in the R128 DRI driver by Alan Cox.  This
 could allow local privilege escalation.
 
 A flaw in the ncp_lookup() function in the ncpfs code (which is used
 to mount NetWare volumes or print to NetWare printers) was found by
 Arjen van de Ven that could allow local privilege escalation.
 
 The Vicam USB driver in Linux kernel versions prior to 2.4.25 does
 not use the copy_from_user function to access userspace, which crosses
 security boundaries.  This problem does not affect the Mandrake Linux
 9.2 kernel.
 
 Additionally, a ptrace hole that only affects the amd64/x86_64
 platform has been corrected.

http://www.modpython.org/pipermail/mod_python/2003-November/014532.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0973

Updated mod_python packages that fix a denial of service vulnerability are
now available for Red Hat Linux.

http://mail.gnome.org/archives/xml/2004-February/msg00070.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110

Updated libxml2 packages that fix an overflow when parsing remote resources
are now available.

http://smoothwall.org/p/2.0-fixes2.html

  SmoothWall Express 2.0 (fixes1)

Critical security vulnerabilities have been found in the
Linux kernel in the following areas:

- Locally exploitable vulnerabilities in memory management
  code (mremap system calls)

These vulnerabilities can result in privilege escalation or
unwanted availability of sensitive information.

http://www.sgi.com/support/security/

SGI has released Patch 10051: SGI Advanced Linux Environment security
update #12, which includes updated RPMs for SGI ProPack v2.4 and SGI ProPack
v2.3 for the SGI Altix family of systems, in response to the following
security issues:

Updated XFree86 packages fix privilege escalation vulnerability
 http://rhn.redhat.com/errata/RHSA-2004-060.html

Updated metamail packages fix vulnerabilities
 http://rhn.redhat.com/errata/RHSA-2004-073.html

SGI has released Patch 10046: SGI ProPack v2.4: Kernel update fixes security
and other issues, which includes updated RPMs for SGI ProPack v2.4 for the
Altix family of systems, in response to the following security issues:

Linux kernel do_mremap() local privilege escalation vulnerability:
 http://isec.pl/vulnerabilities/isec-0013-mremap.txt
 http://rhn.redhat.com/errata/RHSA-2003-418.html
 http://rhn.redhat.com/errata/RHSA-2004-069.html
 SGI BUGs 906731 & 908397

kmod local signal DoS mentioned in SUSE Security Announcement:
 http://www.suse.de/de/security/2003_049_kernel.html
 SGI BUGs 907337 & 909161

There are several non-security related bug fixes also in patch 10046.

SGI has released Patch 10044: SGI Advanced Linux Environment security
update #11, which includes updated RPMs for SGI ProPack v2.4 for the SGI
Altix family of systems, in response to the following security issues:

Updated slocate packages fix vulnerabilities
 http://rhn.redhat.com/errata/RHSA-2004-041.html

Updated util-linux packages fix information leak
 http://rhn.redhat.com/errata/RHSA-2004-056.html

Updated mc packages resolve buffer overflow vulnerability
 http://rhn.redhat.com/errata/RHSA-2004-035.html

Updated NetPBM packages fix multiple temporary file vulnerabilities
 http://rhn.redhat.com/errata/RHSA-2004-031.html

Updated Gaim packages fix security vulnerabilities
 http://rhn.redhat.com/errata/RHSA-2004-045.html

Updated mailman packages close DoS vulnerability
 http://rhn.redhat.com/errata/RHSA-2004-019.html
Updated elm packages fix vulnerability in frm command
 http://rhn.redhat.com/errata/RHSA-2004-009.html

Updated CVS packages fix minor security issue
 http://rhn.redhat.com/errata/RHSA-2004-004.html

Updated tcpdump packages fix various vulnerabilities
 http://rhn.redhat.com/errata/RHSA-2004-008.html

Updated Ethereal packages fix security issues
  http://rhn.redhat.com/errata/RHSA-2004-002.html

Updated lftp packages fix security vulnerability
 http://rhn.redhat.com/errata/RHSA-2003-404.html

Updated Pan packages fix denial of service vulnerability
 http://rhn.redhat.com/errata/RHSA-2003-312.html

Updated apache packages fix minor security vulnerability
 http://rhn.redhat.com/errata/RHSA-2003-360.html

Updated wget packages include fix for buffer overrun
 http://rhn.redhat.com/errata/RHSA-2003-372.html

Updated gnupg packages disable ElGamal keys
 http://rhn.redhat.com/errata/RHSA-2003-395.html
-- 

Ciao e alla prossima!
Lorenzo
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome:        non disponibile
Tipo:        application/pgp-signature
Dimensione:  244 bytes
Descrizione: non disponibile
Url:         http://itlists.org/pipermail/security/attachments/20040226/079699e1/attachment.pgp

Maggiori informazioni sulla lista security