similar to: GNU Tar vulnerability

Hi, FYI, Red Hat released an advisory today about a vulnerability in Ruby. So far it doesn't appear in the VuXML, but am I correct in presuming it will soon? https://rhn.redhat.com/errata/RHSA-2006-0604.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694 cheers, -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365 4417 AusCERT - Australia's national

hi , anybody knows more about this ? http://secunia.com/advisories/36698/ http://secunia.com/advisories/36629/ http://secunia.com/advisories/36713/ -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria

Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the

+stable@ Yoshihiro Ota wrote: > Why are so many people are bitten by this? Is that the jobs of port-upgrading > tool to safe copy these libraries to compat so that all programs using > the old libraries works? Portupgrade preserves the libraries in /usr/local/lib/compat/pkg: % ls /usr/local/lib/compat/pkg/ libicudata.so.36.0 libicule.so.36.0 libicuuc.so.36.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun == == CVE ID#: CVE-2008-1105 == == Versions: Samba 3.0.0 - 3.0.29 (inclusive) == == Summary: Specifically crafted SMB responses can result == in a heap overflow

I just confirmed the following bug on my firefox. http://secunia.com/advisories/14820/ Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050219 Firefox/1.0 (I think my firefox is a month or two behind, from ports, but the advisary indicates both 1.0.1 and 1.0.2 are effected.) FreeBSD localhost 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure in GETDC mailslot == processing can result in a buffer overrun == == CVE ID#: CVE-2007-6015 == == Versions: Samba 3.0.0 - 3.0.27a (inclusive) == == Summary: Specifically crafted GETDC mailslot requests == can trigger a

http://secunia.com/advisories/54438/ Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code): This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a

As a Cygwin rsync package maintainer, the following security fixes have been brought to my attention: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-stats-fix.patch http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-fname-obo.patch And while they seem "trusted" enough to me (present in many packages such as Gentoo, FreeBSD

Seems our current libarchive? That support FreeBSD's tar implementation has a bug where it can create archives it cant read back. This can be seen by simply creating an empty tar.gz file and then trying to expand or list it. In doing the above you get the following error: tar: Unrecognized archive format: Inappropriate file type or format N.B. gtar can list and expand the created file

I reported the following vulnerability to AUSCERT, but they weren''t interested. People on this list might be, though! GNU tar is lazy about file creation modes and file owners when unpacking a tar file. Because GNU tar defaults to creating files owned by the userid running tar when the username is not found on your system, it can be possible to inadvertantly create setuid root

For those who haven't yet received this warning yet. Anybody from the core can tell about the background and possible fixes? <p>Regards, Stefan ------- Forwarded message follows ------- Date sent: Wed, 12 May 2004 13:50:17 +0200 To: secunia_security_advisories@stefan-neufeind.de Subject: [SA11578] Icecast Basic Authorization Denial of Service Vulnerability

Keir, I noticed that a Shadow patch went into the 3.1.1 staging tree today. Does this mean that we should expect a 4th release candidate before the 3.1.1 release tag is official? If so - how much testing time are you going to give that release candidate before deciding whether a release tag, or another RC round is appropriate? Ben Guthro _______________________________________________

I think, there is a neat exploit in the phpbb2.0.8 because I found my home page defaced one dark morning. The patch for phpBB is here. http://www.phpbb.com/downloads.php The excerpt of the log is attached. I believe the link to the described exploit is here. http://secunia.com/advisories/13239 The defacement braggen page is here filter to show the exploited FreeBSD machines that aneurysm.inc

Hey folks, I'm reading up on gtar for tape archiving and it sounds kind of nasty and not something I really want to rely on. It looks like star from the schily tools is preferred. I'm using Centos (and RHEL) 5.7 which seems to have star but not sdd. Which leads me to believe that the Schily tools are maybe a bit "rogue" My basic requirement with what I'm doing is to use

I need some advice. I updated the kernel but when I restarted my computer I got the following error message: -- I cannot start the X server (your graphical interface). It is likely that it is not set up correctly. ... Failed to load the NVIDIA kernel module! -- I've started my computer using the old kernel. I found out that there's a new nvidia driver so I will also update it.

Hello people, me again ... Just an FYI this time, I think: 0[209]1 sunray1:/contrib > gtar zxf R-1.4.1.tgz tar: R-1.4.1/date-stamp: Could not create file: Permission denied gtar: Error exit delayed from previous errors 2[210]1 sunray1:/contrib > gtar zxvf R-1.4.1.tgz "R-1.4.1/date-stamp" R-1.4.1/date-stamp gtar: R-1.4.1/date-stamp: Could not create file: Permission denied gtar:

Has Centos been tested for this yet? -------- Original Message -------- Subject: [Full-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow Date: Wed, 06 Jul 2005 16:23:20 +0200 From: Thierry Carrez <koon at gentoo.org> Organization: Gentoo Linux To: gentoo-announce at lists.gentoo.org CC: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com, security-alerts at

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:24.libarchive Security Advisory The FreeBSD Project Topic: Infinite loop in corrupt archives handling in libarchive(3) Category: core Module:

My manifest includes this snippet class app_client_openbsd { $app_client_pkgs_obsd = [ ''glib2-2.24.1p2'', ''gtar-1.23p1'' ] package { "${app_client_pkgs_obsd}": ensure => ''installed'', source => "http://${installserver}/openbsd/${operatingsystemrelease}/packages/${hardwaremodel}/${name}.tgz", } This