[security] Mandrake Linux Security Update
Lorenzo Iannuzzi
nakis a libero.it
Sab 24 Gen 2004 23:31:41 CET
http://www.mandrakesecure.net/en/advisories/
A vulnerability was discovered by Patrik Hornik in slocate versions up
to and including 2.7 where a carefully crafted database could overflow
a heap-based buffer. This could be exploited by a local user to gain
privileges of the 'slocate' group. The updated packages contain a
patch from Kevin Lindsay that causes slocate to drop privileges before
reading a user-supplied database.
A vulnerability was found in the jabber program where a bug in the
handling of SSL connections could cause the server process to crash,
resulting in a DoS (Denial of Service).
--
Ciao e alla prossima!
Lorenzo nakis a libero.it
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: non disponibile
Tipo: application/pgp-signature
Dimensione: 244 bytes
Descrizione: non disponibile
Url: http://itlists.org/pipermail/security/attachments/20040124/6edce37f/attachment.pgp
Maggiori informazioni sulla lista
security