Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisorysecurity issuesoftware updateFedora 10: 2009-8288 Critical: Fixes for Pcmanx-Gtk2 Firefox Bugs
Update to new upstream Firefox version 3.0.13, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note: Issues described in MFSA 2009-42 and MFSA 2009-43 were previously addressed via rebase of the NSS packages.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8288 2009-08-05 00:00:31 -------------------------------------------------------------------------------- Name : pcmanx-gtk2 Product : Fedora 10 Version : 0.3.8 Release : 12.fc10 URL : Summary : Telnet client designed for BBS browsing Description : An easy-to-use telnet client mainly targets BBS users. PCMan X is a newly developed GPL'd version of PCMan, a full-featured famous BBS client formerly designed for MS Windows only. It aimed to be an easy-to-use yet full-featured telnet client facilitating BBS browsing with the ability to process double-byte characters. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.13, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note: Issues described in MFSA 2009-42 and MFSA 2009-43 were previously addressed via rebase of the NSS packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 4 2009 Jan Horak - 0.3.8-12 - Rebuild against newer gecko * Tue Jul 21 2009 Jan Horak - 0.3.8-11 - Rebuild against newer gecko * Thu Jun 11 2009 Christopher Aillon - 0.3.8-10 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 0.3.8-9 -Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 0.3.8-8 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 0.3.8-7 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.3.8-6 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 0.3.8-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.3.8-4 - Rebuild against newer gecko -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pcmanx-gtk2' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 04, 2009
•Critical
Fedora
89
security advisorymoderateFedoraFedora 10 pcmanx-gtk2 Advisory: Moderate Telnet Client Security
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-3893 2009-04-22 19:42:31 -------------------------------------------------------------------------------- Name : pcmanx-gtk2 Product : Fedora 10 Version : 0.3.8 Release : 8.fc10 URL : Summary : Telnet client designed for BBS browsing Description : An easy-to-use telnet client mainly targets BBS users. PCMan X is a newly developed GPL'd version of PCMan, a full-featured famous BBS client formerly designed for MS Windows only. It aimed to be an easy-to-use yet full-featured telnet client facilitating BBS browsing with the ability to process double-byte characters. -------------------------------------------------------------------------------- Update Information: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 21 2009 Christopher Aillon - 0.3.8-8 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 0.3.8-7 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.3.8-6 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 0.3.8-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.3.8-4 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #496252 - CVE-2009-1302 Firefox 3 Layout engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496252 [ 2 ] Bug #496253 - CVE-2009-1303 Firefox 2 and 3 Layout engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496253 [ 3 ] Bug #496255 - CVE-2009-1304 Firefox 3 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496255 [ 4 ] Bug #496256 - CVE-2009-1305 Firefox 2 and 3 JavaScript engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496256 [ 5 ] Bug #486704 - CVE-2009-0652 firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks) https://bugzilla.redhat.com/show_bug.cgi?id=486704 [ 6 ] Bug #496262 - CVE-2009-1306 Firefox jar: scheme ignores the content-disposition: header on the inner URI https://bugzilla.redhat.com/show_bug.cgi?id=496262 [ 7 ] Bug #496263 - CVE-2009-1307 Firefox Same-origin violations when Adobe Flash loaded via view-source: protocol https://bugzilla.redhat.com/show_bug.cgi?id=496263 [ 8 ] Bug #496266 - CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings https://bugzilla.redhat.com/show_bug.cgi?id=496266 [ 9 ] Bug #496267 - CVE-2009-1309 Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString https://bugzilla.redhat.com/show_bug.cgi?id=496267 [ 10 ] Bug #496270 - CVE-2009-1310 Firefox Malicious search plugins can inject code into arbitrary sites https://bugzilla.redhat.com/show_bug.cgi?id=496270 [ 11 ] Bug #496271 - CVE-2009-1311 Firefox POST data sent to wrong site when saving web page with embedded frame https://bugzilla.redhat.com/show_bug.cgi?id=496271 [ 12 ] Bug #496274 - CVE-2009-1312 Firefox allows Refresh header to redirect to javascript: URIs https://bugzilla.redhat.com/show_bug.cgi?id=496274 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pcmanx-gtk2' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Apr 24, 2009
Fedora
91
security advisorygentoobuffer overflowGentoo: GLSA-200504-28 Normal: Heimdal Telnet Exploit Risk
Buffer overflow vulnerabilities have been found in the telnet client in Heimdal which could lead to execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200504-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Heimdal: Buffer overflow vulnerabilities Date: April 28, 2005 Bugs: #89861 ID: 200504-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Buffer overflow vulnerabilities have been found in the telnet client in Heimdal which could lead to execution of arbitrary code. Background ========= Heimdal is a free implementation of Kerberos 5 that includes a telnet client program. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/heimdal < 0.6.4 > = 0.6.4 Description ========== Buffer overflow vulnerabilities in the slc_add_reply() and env_opt_add() functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Impact ===== Successful exploitation would require a vulnerable user to connect to an attacker-controlled host using the telnet client, potentially executing arbitrary code with the permissions of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All Heimdal users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-crypt/heimdal-0.6.4" References ========= [ 1 ] CAN-2005-0468 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0468 [ 2 ]CAN-2005-0469 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0469 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200504-28 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Apr 28, 2005
Gentoo
98
security advisorybuffer overflowRed Hat Enterprise LinuxRed Hat Enterprise Linux 2.1-4 RHSA-2005:330-01 Important Buffer Overflow
Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: krb5 security update Advisory ID: RHSA-2005:330-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:330.html Issue date: 2005-03-30 Updated on: 2005-03-30 Product: Red Hat Enterprise Linux Keywords: telnet CVE Names: CAN-2005-0468 CAN-2005-0469 - ---------------------------------------------------------------------1. Summary: Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflowflaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues. Users of krb5 should update to these erratum packages which contain a backported patch to correct this issue. Red Hat would like to thank iDEFENSE for their responsible disclosure of this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 151267 - 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: d76d469166a335ebdbd60c201280114e krb5-1.2.2-34.src.rpm i386: 5a864d57b0e04534006b809215e5b2a1 krb5-devel-1.2.2-34.i386.rpm 2353b8f37263fbe2b3a36659517760fc krb5-libs-1.2.2-34.i386.rpm 605b4b5ffd2a3ee6c05350aaf9d16004 krb5-server-1.2.2-34.i386.rpm d5a304cd4a4f0769630255072ee9c763 krb5-workstation-1.2.2-34.i386.rpm ia64: 8befb0ccf160d23932a924acfb6b3072 krb5-devel-1.2.2-34.ia64.rpm 95b7c9b2048548fbfe1750c4d72a23b7 krb5-libs-1.2.2-34.ia64.rpm 26f1bdaccc93e24e833a2d5f20bbfa09 krb5-server-1.2.2-34.ia64.rpm d98001ff0bb393830e5269e203f3ca48 krb5-workstation-1.2.2-34.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: d76d469166a335ebdbd60c201280114e krb5-1.2.2-34.src.rpm ia64: 8befb0ccf160d23932a924acfb6b3072 krb5-devel-1.2.2-34.ia64.rpm 95b7c9b2048548fbfe1750c4d72a23b7 krb5-libs-1.2.2-34.ia64.rpm 26f1bdaccc93e24e833a2d5f20bbfa09 krb5-server-1.2.2-34.ia64.rpm d98001ff0bb393830e5269e203f3ca48 krb5-workstation-1.2.2-34.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: d76d469166a335ebdbd60c201280114e krb5-1.2.2-34.src.rpm i386: 5a864d57b0e04534006b809215e5b2a1 krb5-devel-1.2.2-34.i386.rpm 2353b8f37263fbe2b3a36659517760fc krb5-libs-1.2.2-34.i386.rpm 605b4b5ffd2a3ee6c05350aaf9d16004 krb5-server-1.2.2-34.i386.rpm d5a304cd4a4f0769630255072ee9c763 krb5-workstation-1.2.2-34.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: d76d469166a335ebdbd60c201280114e krb5-1.2.2-34.src.rpm i386: 5a864d57b0e04534006b809215e5b2a1 krb5-devel-1.2.2-34.i386.rpm 2353b8f37263fbe2b3a36659517760fc krb5-libs-1.2.2-34.i386.rpm 605b4b5ffd2a3ee6c05350aaf9d16004 krb5-server-1.2.2-34.i386.rpm d5a304cd4a4f0769630255072ee9c763 krb5-workstation-1.2.2-34.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: 15e292d791e6cd5a788764374c32769e krb5-1.2.7-42.src.rpm i386: 8d2d653de75e0e90d9718043bb9ec2ea krb5-devel-1.2.7-42.i386.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm 76a8c1d4048606e96b763b1cfd9e2862 krb5-server-1.2.7-42.i386.rpm 02d15698839a4dca13a692567fdc3701 krb5-workstation-1.2.7-42.i386.rpm ia64: d9486bd1ba6bf58fff0c33b8b54e10d1 krb5-devel-1.2.7-42.ia64.rpm b8f7a412868eb4331b2ac371f2935bed krb5-libs-1.2.7-42.ia64.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm e4f4267d02ac27da8963c4770c2d6ab7 krb5-server-1.2.7-42.ia64.rpm a0eb9ccceccb1d777331ab1098ce24b8 krb5-workstation-1.2.7-42.ia64.rpm ppc: 2bfc18ea2b64f042e96f6a7aa3ec769b krb5-devel-1.2.7-42.ppc.rpm 62e0c55d9ee03b661c90689f4c663fa9 krb5-libs-1.2.7-42.ppc.rpm 0001f467b217ae55c103a9f8d8bbe0c4 krb5-libs-1.2.7-42.ppc64.rpm 4ae29ca81df4a7323f4a04dfe7bf422e krb5-server-1.2.7-42.ppc.rpm c28434eb04aa8ba62ae98f384ae96d66 krb5-workstation-1.2.7-42.ppc.rpm s390: 018b6ff9a07097653d1fb0083a8654eb krb5-devel-1.2.7-42.s390.rpm 9c2251b0c061abcec03805bf668654fa krb5-libs-1.2.7-42.s390.rpm e35388af17b751685a02b35be76c83eb krb5-server-1.2.7-42.s390.rpm f8336a07b5429d1c48592dbe9e8b638a krb5-workstation-1.2.7-42.s390.rpm s390x: fc291f78e9ae09ab0500eb772e364b57 krb5-devel-1.2.7-42.s390x.rpm ace1cd33911c12d87ee4616eea5f97d6 krb5-libs-1.2.7-42.s390x.rpm 9c2251b0c061abcec03805bf668654fa krb5-libs-1.2.7-42.s390.rpm b344cc43c163bb08a5b691dcbee69d10 krb5-server-1.2.7-42.s390x.rpm 947cfc0608f6bed2c325d5113188391e krb5-workstation-1.2.7-42.s390x.rpm x86_64: c8f33f385c8b59f8088ba3938820f466 krb5-devel-1.2.7-42.x86_64.rpm 2d13ed5aad4c7910373cfd7399780e18 krb5-libs-1.2.7-42.x86_64.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm 55efe49040a64af9f4368e1e6c02c758 krb5-server-1.2.7-42.x86_64.rpm a00c82982864a159076c9f7548675ad9 krb5-workstation-1.2.7-42.x86_64.rpm Red Hat Desktop version 3: SRPMS: 15e292d791e6cd5a788764374c32769e krb5-1.2.7-42.src.rpm i386: 8d2d653de75e0e90d9718043bb9ec2ea krb5-devel-1.2.7-42.i386.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm 02d15698839a4dca13a692567fdc3701 krb5-workstation-1.2.7-42.i386.rpm x86_64: c8f33f385c8b59f8088ba3938820f466 krb5-devel-1.2.7-42.x86_64.rpm 2d13ed5aad4c7910373cfd7399780e18 krb5-libs-1.2.7-42.x86_64.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm a00c82982864a159076c9f7548675ad9 krb5-workstation-1.2.7-42.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 15e292d791e6cd5a788764374c32769e krb5-1.2.7-42.src.rpm i386: 8d2d653de75e0e90d9718043bb9ec2ea krb5-devel-1.2.7-42.i386.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm 76a8c1d4048606e96b763b1cfd9e2862 krb5-server-1.2.7-42.i386.rpm 02d15698839a4dca13a692567fdc3701 krb5-workstation-1.2.7-42.i386.rpm ia64: d9486bd1ba6bf58fff0c33b8b54e10d1 krb5-devel-1.2.7-42.ia64.rpm b8f7a412868eb4331b2ac371f2935bed krb5-libs-1.2.7-42.ia64.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm e4f4267d02ac27da8963c4770c2d6ab7 krb5-server-1.2.7-42.ia64.rpm a0eb9ccceccb1d777331ab1098ce24b8 krb5-workstation-1.2.7-42.ia64.rpm x86_64: c8f33f385c8b59f8088ba3938820f466 krb5-devel-1.2.7-42.x86_64.rpm 2d13ed5aad4c7910373cfd7399780e18 krb5-libs-1.2.7-42.x86_64.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm 55efe49040a64af9f4368e1e6c02c758 krb5-server-1.2.7-42.x86_64.rpm a00c82982864a159076c9f7548675ad9 krb5-workstation-1.2.7-42.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 15e292d791e6cd5a788764374c32769e krb5-1.2.7-42.src.rpm i386: 8d2d653de75e0e90d9718043bb9ec2ea krb5-devel-1.2.7-42.i386.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm 02d15698839a4dca13a692567fdc3701 krb5-workstation-1.2.7-42.i386.rpm ia64: d9486bd1ba6bf58fff0c33b8b54e10d1 krb5-devel-1.2.7-42.ia64.rpm b8f7a412868eb4331b2ac371f2935bed krb5-libs-1.2.7-42.ia64.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm a0eb9ccceccb1d777331ab1098ce24b8 krb5-workstation-1.2.7-42.ia64.rpm x86_64: c8f33f385c8b59f8088ba3938820f466 krb5-devel-1.2.7-42.x86_64.rpm 2d13ed5aad4c7910373cfd7399780e18 krb5-libs-1.2.7-42.x86_64.rpm 3f7f0d23cc9447241d17bf92aac52376 krb5-libs-1.2.7-42.i386.rpm a00c82982864a159076c9f7548675ad9 krb5-workstation-1.2.7-42.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: 8d598c4fa4404470d6e45978aa47ba6b krb5-1.3.4-12.src.rpm i386: 68457cc2117214ab9b11405b964275db krb5-devel-1.3.4-12.i386.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm dab0e8a818d3df2b028b3c39ba4daa52 krb5-server-1.3.4-12.i386.rpm a12db77933dc920943d6316f7e470ccc krb5-workstation-1.3.4-12.i386.rpm ia64: 1e9eef4e781b54fe954442a427e4fdbe krb5-devel-1.3.4-12.ia64.rpm 56686098f08e0b62bd1445977f7eba6d krb5-libs-1.3.4-12.ia64.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm ebce3644ac1704157552d51b6a244565 krb5-server-1.3.4-12.ia64.rpm 67c5b06a01aa25b361926bca1c055c03 krb5-workstation-1.3.4-12.ia64.rpm ppc: 261644c24300998a25c57d513fe08c6e krb5-devel-1.3.4-12.ppc.rpm b9663d67bb9b97657d41d870f63b276e krb5-libs-1.3.4-12.ppc.rpm 7248e6793d04613a952422f828fe2cb7 krb5-libs-1.3.4-12.ppc64.rpm 2ea50dcbeb0124a71c1e3489fec583fa krb5-server-1.3.4-12.ppc.rpm 40e4b837e731816630f653bc98e22530 krb5-workstation-1.3.4-12.ppc.rpm s390: 9f759fb193a998a4f88a21ca77f0b1ab krb5-devel-1.3.4-12.s390.rpm cd50ea2c90966a8527e06d77b6c47913 krb5-libs-1.3.4-12.s390.rpm 99668163d062fb8f5bfad4654f444313 krb5-server-1.3.4-12.s390.rpm d94e6fabfc7fd33c9208ce7d374c89e8 krb5-workstation-1.3.4-12.s390.rpm s390x: 5aa3854179039c6cb73145084123a197 krb5-devel-1.3.4-12.s390x.rpm 968f3babf2058bc88b44c5907f029017 krb5-libs-1.3.4-12.s390x.rpm cd50ea2c90966a8527e06d77b6c47913 krb5-libs-1.3.4-12.s390.rpm 7d191831a79c60f99b03c441ca771428 krb5-server-1.3.4-12.s390x.rpm 130b64761b996f24a57ffeb85e637002 krb5-workstation-1.3.4-12.s390x.rpm x86_64: bcf94a851223872e8fcd272a297dc3c2 krb5-devel-1.3.4-12.x86_64.rpm ef7f66e2a911b6c9787ab2e0b87534fc krb5-libs-1.3.4-12.x86_64.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm ee69869e21701b21cb73092d43e49009 krb5-server-1.3.4-12.x86_64.rpm 2edb7a1bfd9e102ace52fe8e90f84e6c krb5-workstation-1.3.4-12.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 8d598c4fa4404470d6e45978aa47ba6b krb5-1.3.4-12.src.rpm i386: 68457cc2117214ab9b11405b964275db krb5-devel-1.3.4-12.i386.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm dab0e8a818d3df2b028b3c39ba4daa52 krb5-server-1.3.4-12.i386.rpm a12db77933dc920943d6316f7e470ccc krb5-workstation-1.3.4-12.i386.rpm x86_64: bcf94a851223872e8fcd272a297dc3c2 krb5-devel-1.3.4-12.x86_64.rpm ef7f66e2a911b6c9787ab2e0b87534fc krb5-libs-1.3.4-12.x86_64.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm ee69869e21701b21cb73092d43e49009 krb5-server-1.3.4-12.x86_64.rpm 2edb7a1bfd9e102ace52fe8e90f84e6c krb5-workstation-1.3.4-12.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 8d598c4fa4404470d6e45978aa47ba6b krb5-1.3.4-12.src.rpm i386: 68457cc2117214ab9b11405b964275db krb5-devel-1.3.4-12.i386.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm dab0e8a818d3df2b028b3c39ba4daa52 krb5-server-1.3.4-12.i386.rpm a12db77933dc920943d6316f7e470ccc krb5-workstation-1.3.4-12.i386.rpm ia64: 1e9eef4e781b54fe954442a427e4fdbe krb5-devel-1.3.4-12.ia64.rpm 56686098f08e0b62bd1445977f7eba6d krb5-libs-1.3.4-12.ia64.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm ebce3644ac1704157552d51b6a244565 krb5-server-1.3.4-12.ia64.rpm 67c5b06a01aa25b361926bca1c055c03 krb5-workstation-1.3.4-12.ia64.rpm x86_64: bcf94a851223872e8fcd272a297dc3c2 krb5-devel-1.3.4-12.x86_64.rpm ef7f66e2a911b6c9787ab2e0b87534fc krb5-libs-1.3.4-12.x86_64.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm ee69869e21701b21cb73092d43e49009 krb5-server-1.3.4-12.x86_64.rpm 2edb7a1bfd9e102ace52fe8e90f84e6c krb5-workstation-1.3.4-12.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 8d598c4fa4404470d6e45978aa47ba6b krb5-1.3.4-12.src.rpm i386: 68457cc2117214ab9b11405b964275db krb5-devel-1.3.4-12.i386.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm dab0e8a818d3df2b028b3c39ba4daa52 krb5-server-1.3.4-12.i386.rpm a12db77933dc920943d6316f7e470ccc krb5-workstation-1.3.4-12.i386.rpm ia64: 1e9eef4e781b54fe954442a427e4fdbe krb5-devel-1.3.4-12.ia64.rpm 56686098f08e0b62bd1445977f7eba6d krb5-libs-1.3.4-12.ia64.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm ebce3644ac1704157552d51b6a244565 krb5-server-1.3.4-12.ia64.rpm 67c5b06a01aa25b361926bca1c055c03 krb5-workstation-1.3.4-12.ia64.rpm x86_64: bcf94a851223872e8fcd272a297dc3c2 krb5-devel-1.3.4-12.x86_64.rpm ef7f66e2a911b6c9787ab2e0b87534fc krb5-libs-1.3.4-12.x86_64.rpm 5ee63ae61d91fab567dedb7880fa648e krb5-libs-1.3.4-12.i386.rpm ee69869e21701b21cb73092d43e49009 krb5-server-1.3.4-12.x86_64.rpm 2edb7a1bfd9e102ace52fe8e90f84e6c krb5-workstation-1.3.4-12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: ;type=vulnerabilities ;type=vulnerabilities https://www.cve.org/CVERecord?id=CVE-CAN-2005-0468 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0469 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Enhanced krb5 versions address vulnerabilities in telnet client, classified as significant by Red Hat.. Red Hat Advisory, Telnet Vulnerability Fix, krb5 Buffer Overflow. . Severity: Important. LinuxSecurity.com Team
Mar 30, 2005
•Important
Red Hat
89
security advisorybuffer overflowFedora CoreFedora Core 3: 2005-270 Moderate: Kerberos Telnet Client Buffer Overflow
Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-270 2005-03-29 ---------------------------------------------------------------------Product : Fedora Core 3 Name : krb5 Version : 1.3.6 =20 Release : 5 =20 Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ---------------------------------------------------------------------Update Information: Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues. ---------------------------------------------------------------------* Mon Mar 28 2005 Nalin Dahyabhai 1.3.6-5 - rebuild * Wed Mar 23 2005 Nalin Dahyabhai 1.3.6-4 - drop krshd patch * Thu Mar 17 2005 Nalin Dahyabhai - add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469) - add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468) ---------------------------------------------------------------------This update can be downloadedfrom: 15bad9c44ba4da14de7d5527a02c1a90 SRPMS/krb5-1.3.6-5.src.rpm 41314d054ab13a935cd57466a99bb03e x86_64/krb5-devel-1.3.6-5.x86_64.rpm c99ffb83d090d156e59a0348e8162b6e x86_64/krb5-libs-1.3.6-5.x86_64.rpm 9ed53c214ae3b20aa8cb3a3f339b46ad x86_64/krb5-server-1.3.6-5.x86_64.rpm 1f03b24107cb22cfca368d59fb9c40ee x86_64/krb5-workstation-1.3.6-5.x86_64.rpm 0c354d4e12fcfe83c2cd6fbfb96abc16 x86_64/debug/krb5-debuginfo-1.3.6-5.x86_64.rpm f07344531de5e52ff9b5a0d20bdc91be x86_64/krb5-libs-1.3.6-5.i386.rpm 0af73edbe1464ecceaf3a30789c5d400 i386/krb5-devel-1.3.6-5.i386.rpm f07344531de5e52ff9b5a0d20bdc91be i386/krb5-libs-1.3.6-5.i386.rpm d737538d9eb42347efc297930f17241c i386/krb5-server-1.3.6-5.i386.rpm 92a3d0a3000bd0a78abcf11da80009ba i386/krb5-workstation-1.3.6-5.i386.rpm d8b1635e05c1b0bb6d76cb9f7a810d78 i386/debug/krb5-debuginfo-1.3.6-5.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. =20 -----------------------------------------------------------------------hHWLQfXTYDoKhP50 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCSavTN5vOV3hoi/URAkoCAJ44iybctytWmBWfgQoQrtxqz3ANbgCdEu9s PInaD8lPxRUcZmfk0+zMiMU=Qej8 -----END PGP SIGNATURE-------hHWLQfXTYDoKhP50-- --===============1155866446=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --fedora-announce-list mailing list
Mar 29, 2005
•Important
Fedora
89
security advisorybuffer overflowcriticalFedora Core 2: 2005-270 Critical Issue: Krb5 Buffer Overflow Alert
Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-269 2005-03-29 ---------------------------------------------------------------------Product : Fedora Core 2 Name : krb5 Version : 1.3.6 =20 Release : 4 =20 Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ---------------------------------------------------------------------Update Information: Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues. ---------------------------------------------------------------------* Wed Mar 23 2005 Nalin Dahyabhai 1.3.6-4 - drop krshd patch * Thu Mar 17 2005 Nalin Dahyabhai - add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469) - add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468) ---------------------------------------------------------------------This update can be downloaded from: 3c210dbdcfb5f01a35f52632abbd3e58 SRPMS/krb5-1.3.6-4.src.rpm 2b4e4f7ffe208989572b173efa18c4b4 x86_64/krb5-devel-1.3.6-4.x86_64.rpm 67a3ffb77c8f92b235d503380ff54b32 x86_64/krb5-libs-1.3.6-4.x86_64.rpm 5d8e752002f27ca2ea7c8f40a6247b37 x86_64/krb5-server-1.3.6-4.x86_64.rpm b01504865b91a46e9f6dab345a939bf6 x86_64/krb5-workstation-1.3.6-4.x86_64.rpm 72def6a5e69a30e63ab071f581ad1729 x86_64/debug/krb5-debuginfo-1.3.6-4.x86_64.rpm 891e77b16aa127543976583a0b134464 x86_64/krb5-libs-1.3.6-4.i386.rpm e26b5c97144daa666babf9e01bc90b25 i386/krb5-devel-1.3.6-4.i386.rpm 891e77b16aa127543976583a0b134464 i386/krb5-libs-1.3.6-4.i386.rpm 16a523103910c903de48a8c2e33c6524 i386/krb5-server-1.3.6-4.i386.rpm f36537a81b6330e72c01de759196fb35 i386/krb5-workstation-1.3.6-4.i386.rpm 123d9371167ecbe81399b256ece22399 i386/debug/krb5-debuginfo-1.3.6-4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. =20 -----------------------------------------------------------------------MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCSavBN5vOV3hoi/URAhHFAJ40VLeGnwyNAscU2T7PJjHafnRfPwCfdP3U mQiNn+duV2S7fVUV23LMZmQ=45YW -----END PGP SIGNATURE-------MGYHOYXEY6WxJCY8-- --===============1330397643=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --fedora-announce-list mailing list
Mar 29, 2005
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!