[security] Security Advisories
Lorenzo Iannuzzi
nakis a libero.it
Mar 9 Mar 2004 00:24:11 CET
http://security.gentoo.org
A buffer overflow has been discovered in libxml2 versions prior to
2.6.6 which may be exploited by an attacker allowing the execution of
arbitrary code.
A critical security vulnerability has been found in recent Linux
kernels by Paul Starzetz of iSEC Security Research which allows for
local privilege escalations.
http://www.openpkg.org/security.html
According to a posting on Bugtraq, an issue regarding the insecure
creation of a temporary directory exists in GNU libtool versions
before 1.5.2. Use of mkdir(1) along with option "-p" makes libtool
vulnerable to symlink attacks. Stefan Nordhausen commited a fix that
removes the use of option "-p" in version 1.5.2. Discussion on Bugtraq
further indicates that an additional race condition issue exists in
the same context using chmod(1), reported by Joseph S. Myers back in
March 2000. The updated OpenPKG versions of libtool contain fixes
for both issues.
--
Ciao e alla prossima!
Lorenzo
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: non disponibile
Tipo: application/pgp-signature
Dimensione: 244 bytes
Descrizione: non disponibile
Url: http://itlists.org/pipermail/security/attachments/20040309/99ab2a07/attachment.pgp
Maggiori informazioni sulla lista
security