similar to: About the vulnerabilities in tcpdump and gzip.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:11.gzip Security Advisory The FreeBSD Project Topic: gzip directory traversal and permission race vulnerabilities Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:11.gzip Security Advisory The FreeBSD Project Topic: gzip directory traversal and permission race vulnerabilities Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:10.tcpdump Security Advisory The FreeBSD Project Topic: Infinite loops in tcpdump protocol decoding Category: contrib Module: tcpdump

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:10.tcpdump Security Advisory The FreeBSD Project Topic: Infinite loops in tcpdump protocol decoding Category: contrib Module: tcpdump

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:21.gzip Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in gzip Category: contrib Module: gzip Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:21.gzip Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in gzip Category: contrib Module: gzip Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:21.gzip Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in gzip Category: contrib Module: gzip Announced:

Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the

Dear Xen Maintainers The following CVEs(0,1) have been filled against xen. Could you please check, whether they affect any debian versions and how important they are? They are rather left over on our TODO list and I'd like to forward them to you for checking. CVE-2008-1944: Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through

Hi, First of all, I know that not dropping SYN/FIN isn't really a big deal, it just makes no sense. But since it doesn't make any sense, I don't see the reason why not to discard them. I'm running pf on FreeBSD 5.4-RELEASE-p3 and I scrub any traffic. I've read some other posts on google and as far as I can tell, clearly invalid packets (like packets with SYN/RST set) is

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dovecot:

Heya.. Yesterday someone "attacked" by box by connection to several ports.. In other words, a simple portscan.. yet, since my box has "log_in_vain" enabled, so it tries to log everything to /var/log/messages, since the logfile got full and the size went over 100K, it tried to rotate the log to save diskspace. (Apr 16 21:00:00 omikron newsyslog[32137]: logfile turned over due

Heya.. By reading my /usr/local/etc/apache2/httpd.conf, I can find out that my Apache is running as the user "www" and the group "www" .. Yet, when I run sockstat, it tells me one of the forks are runned as root and listening on port 80 as well as the other forks are runned by www:www.. If I got a lot of users connecting to my server on port 80, will thier requests ever be

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

Hello List! We're having trouble making call deflection on ISDN PRI. We would like to transfer a call to an external extension but keeping the callerid of the caller so it can be presented to the receiver of the transferred call. At the time we're using Zaptel 1.4.5.1, Asterisk 1.4.11 and Digium hardware TE420B. We've ordered the service (CD) from the phone company. The

This release of Puppet Dashboard addresses CVE-2013-0277 and CVE-2013-0269. These are vulnerabilities that affect Ruby on Rails, specifically around YAML serialization and JSON handling. They expose vulnerable systems to SQL Injection, Denial of Service Attacks, and arbitrary YAML deserialization. Additionally, CVE-2013-0276 and CVE-2013-0263 affect vendored components of Puppet Dashboard, but by

Hello.. I've asked this question before without getting any further help really.. When a new user is added using "adduser" on 5.x (havn't really checked if it's the same under 4.x or not), the default homedir permission is 755 (drwxr-xr-x) which to me, looks a bit insecure? It's of course pretty easy to solve it by a simple chmod, but yet, isn't there anyway to

Hi, FYI - don't sue me for posting this here - I know, everyone who needs this info *should* have it already, but maybe not ;-) Kind regards, B. Courtin -- OpenSSL Security Advisory [30 July 2002] This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory. Advisory 1 ========== A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are

has this package been rebuilt? I didn't see an announcement for it. --Ajay, who's not bitchin', just wondering... -------- Original Message -------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated gaim package fixes security issues Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SN-03:01 Security Notice The FreeBSD Project Topic: security issue in samba ports Announced: 2003-04-07 I. Introduction Several ports in the