[security] security alerts
Lorenzo Iannuzzi
nakis a libero.it
Gio 4 Mar 2004 18:08:38 CET
http://lwn.net/Articles/74167/
Red Hat has updated libxml2 (buffer overflow in parsing remote
resources).
The SCO Group has broken loose from its lawyers long enough to update
tcpdump (denial of service problem), gnupg (old El Gamal vulnerability),
rsync (last year's remotely exploitable vulnerability), and screen
(locally exploitable buffer overflow).
http://www.debian.org/security/
libxml2 is a library for manipulating XML files.
Yuuichi Teranishi discovered a flaw in libxml, the GNOME XML library.
When fetching a remote resource via FTP or HTTP, the library uses
special parsing routines which can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml1
or libxml2 that parses remote resources and allows the attacker to
craft the URL, then this flaw could be used to execute arbitrary code.
http://www.sgi.com/support/security/
SGI has released Patch 10056: SGI Advanced Linux Environment security
update #13, which includes updated RPMs for SGI ProPack v2.4 and SGI
ProPack v2.3 for the SGI Altix family of systems, in response to the
following security issues:
Updated mod_python packages fix denial of service vulnerability
http://rhn.redhat.com/errata/RHSA-2004-058.html
Updated libxml2 packages fix security vulnerability
http://rhn.redhat.com/errata/RHSA-2004-090.html
--
Ciao e alla prossima!
Lorenzo
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: non disponibile
Tipo: application/pgp-signature
Dimensione: 244 bytes
Descrizione: non disponibile
Url: http://itlists.org/pipermail/security/attachments/20040304/8cdf063f/attachment.pgp
Maggiori informazioni sulla lista
security