Displaying 20 results from an estimated 1000 matches similar to: "[Fwd: [Full-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow]"
2008 Mar 18
0
[gentoo-announce] [ GLSA 200803-25 ] Dovecot: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Dovecot:
2004 Feb 19
1
[Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoSvulnerability]
Hi
The FreeBSD port has been updated for the DoS vulnerability but the
version is still
the same.
See:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/clamav/
David Peall
Systems Administrator
Western Cape Schools' Network
http://www.wcsn.org.za/
PO Box 44460, Claremont 7735, Cape Town
Fax +27 (021) 683-6766, Helpdesk +27 (021) 674-9140
> -----Original Message-----
> From:
2004 Feb 18
1
[Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability]
Attached is a security alert from Gentoo pertaining to clam antivirus.
It seems that as of this morning, FreeBSD's ports still contain the
affected version.
Thank in advance,
Tom Veldhouse
-------------- next part --------------
An embedded message was scrubbed...
From: Tim Yamin <plasmaroo@gentoo.org>
Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability
Date:
2006 Apr 10
1
[RFC] Ideas and Questions in security updates ( portaudit, freebsd-update)
Hi all,
I use FreeBSD for severals years and this Project now have a
possibility the full security update (src) with
freebsd-update, is really great for Release users but is break for Stable
user.
Ok !!! Exist a possibility for apply manual patch and compile issue,
but for me problem existe in fix kernel issue in stable branch because is
require a update for last stable and this
2005 Apr 21
6
Information disclosure?
Hello,
For some reason, I thought little about the "clear" command today..
Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
a file containing a password, running vipw, etc) .. then runs clear and
logout. Then anyone can press the scroll-lock command, scroll back up
and read the sensitive information.. Isn't "clear" ment to clear the
2009 Sep 19
3
sieve security problem
hi , anybody knows more about this ?
http://secunia.com/advisories/36698/
http://secunia.com/advisories/36629/
http://secunia.com/advisories/36713/
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
2008 May 28
4
CVE-2008-1105 - Boundary failure when parsing SMB responses
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Boundary failure when parsing SMB responses
== can result in a buffer overrun
==
== CVE ID#: CVE-2008-1105
==
== Versions: Samba 3.0.0 - 3.0.29 (inclusive)
==
== Summary: Specifically crafted SMB responses can result
== in a heap overflow
2006 Nov 28
1
GNU Tar vulnerability
Please, note: http://secunia.com/advisories/23115/
A port maintainer CC'ed.
--
Dixi.
Sem.
2007 Oct 08
5
3.1.1 RC4?
Keir,
I noticed that a Shadow patch went into the 3.1.1 staging tree today.
Does this mean that we should expect a 4th release candidate before the
3.1.1 release tag is official?
If so - how much testing time are you going to give that release
candidate before deciding whether a release tag, or another RC round is
appropriate?
Ben Guthro
_______________________________________________
2007 Dec 10
1
[SECURITY] Buffer overrun in send_mailslot()
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Boundary failure in GETDC mailslot
== processing can result in a buffer overrun
==
== CVE ID#: CVE-2007-6015
==
== Versions: Samba 3.0.0 - 3.0.27a (inclusive)
==
== Summary: Specifically crafted GETDC mailslot requests
== can trigger a
2005 Jul 06
0
FreeBSD Security Advisory FreeBSD-SA-05:16.zlib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:16.zlib Security Advisory
The FreeBSD Project
Topic: Buffer overflow in zlib
Category: core
Module: libz
Announced: 2005-07-06
Credits:
2005 Jul 06
1
FreeBSD Security Advisory FreeBSD-SA-05:16.zlib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:16.zlib Security Advisory
The FreeBSD Project
Topic: Buffer overflow in zlib
Category: core
Module: libz
Announced: 2005-07-06
Credits:
2005 Apr 05
1
Secunia / Firefox Javascript "Arbitrary Memory Exposure" test
I just confirmed the following bug on my firefox.
http://secunia.com/advisories/14820/
Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050219 Firefox/1.0
(I think my firefox is a month or two behind, from ports, but the
advisary indicates both 1.0.1 and 1.0.2 are effected.)
FreeBSD localhost 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004
2006 Oct 21
4
CentOS 3.8 Kernel Update with NVIDIA Video Card
I need some advice. I updated the kernel but when I restarted my
computer I got the following error message:
--
I cannot start the X server (your graphical interface). It is likely
that it is not set up correctly. ... Failed to load the NVIDIA kernel
module!
--
I've started my computer using the old kernel. I found out that there's
a new nvidia driver so I will also update it.
2006 Jul 28
2
Ruby vulnerability?
Hi,
FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
far it doesn't appear in the VuXML, but am I correct in presuming it will
soon?
https://rhn.redhat.com/errata/RHSA-2006-0604.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694
cheers,
-- Joel Hatton --
Infrastructure Manager | Hotline: +61 7 3365 4417
AusCERT - Australia's national
2005 Jul 07
1
rsync 2.6.6pre1 released (ALERT: info on zlib security flaw)
There has been some talk about a zlib security problem that could let
someone overflow the buffers in the zlib decompression code, potentially
allowing someone to craft an exploit to execute arbitrary code. Since
this is a decompression bug, this can only affect an rsync daemon if
it allows uploads with the --compress option enabled.
If you run a daemon that allows uploads, you may wish to add
2005 Jul 07
1
rsync 2.6.6pre1 released (ALERT: info on zlib security flaw)
There has been some talk about a zlib security problem that could let
someone overflow the buffers in the zlib decompression code, potentially
allowing someone to craft an exploit to execute arbitrary code. Since
this is a decompression bug, this can only affect an rsync daemon if
it allows uploads with the --compress option enabled.
If you run a daemon that allows uploads, you may wish to add
2013 Aug 14
1
SA54438
http://secunia.com/advisories/54438/
Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code):
This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a
2007 Sep 29
1
security bugs (?)
As a Cygwin rsync package maintainer, the following security fixes have
been brought to my attention:
http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-stats-fix.patch
http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-fname-obo.patch
And while they seem "trusted" enough to me (present in many packages
such as Gentoo, FreeBSD
2004 Jan 13
1
Request to upgrade cvs in FreeBSD [New stable cvs release fixing new vulnerability?]
Greetings, Peter and the Security Officers team,
There is a minor security vulnerability in cvs prior 1.11.10, as described
in CAN-2003-0977:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977
On December 10th, 2003, itojun has imported cvs 1.11.10 into NetBSD, as the
follows:
http://mail-index.netbsd.org/source-changes/2003/12/10/0025.html