Advisory: Gentoo Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
The file(1) command contains a buffer overflow vulnerability that canbe leveraged by an attacker to execute arbitrary code under theprivileges of another user.
Versions prior to 0.8.9 had all configuration and connection files world readable.
Remote attackers may exploit the buffer overflow condition to run arbitrary code on a Snort sensor with the privileges of the Snort IDS process, which typically runs as the superuser.
Remote attackers may exploit the buffer overflow condition to run arbitrary code on a Snort sensor with the privileges of the Snort IDS process, which typically runs as the superuser.
Remote attackers may exploit the buffer overflow condition to runarbitrary code on a Snort sensor with the privileges of the Snort IDSprocess, which typically runs as the superuser.
A vulnerability exists in the parsing of ISAKMP packets (UDP port 500) that allows an attacker to force TCPDUMP into an infinite loop upon receipt of a specially crafted packet.
A remote vulnerability exists that can result in commands can be executed with administrative privileges.
Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen.
Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen.
The VNC server acts as an X server, but the script for starting itgenerates an MIT X cookie (which is used for X authentication) withoutusing a strong enough random number generator. This could allow anattacker to be able to more easily guess the authentication cookie.
The VNC server acts as an X server, but the script for starting itgenerates an MIT X cookie (which is used for X authentication) withoutusing a strong enough random number generator. This could allow anattacker to be able to more easily guess the authentication cookie.
Due to a remotely exploitable security hole being discovered thateffects all previous Webmin releases, version 1.070 is now availablefor download.
A remote root vulnerability in slave setups and some buffer overflowsin the network information server code were discovered by the apcupsddevelopers.
Due to a remotely exploitable security hole being discovered thateffects all previous Webmin releases, version 1.070 is now availablefor download
This update fixes a timing-based attack on CBC cipher suites used in SSL and TLS which OpenSSL was found to be vulnerable to.
PHP contains code for preventing direct access to the CGI binary with configure option "--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect".
Overflowing a buffer in nethack may lead to privelige escalation to games uid.
Security flaws have been found in the SYSLINUX installer when running setuid root.