|
 |
|
Mandrakelinux Security Update Advisory
Package name: cvs Problem Description: Another vulnerability was discovered related to "Entry" lines in cvs, by the development team (CAN-2004-0414). As well, Stefan Esser and Sebastian Krahmer performed an audit on the cvs source code and discovered a number of other problems, including: A double-free condition in the server code is exploitable (CAN-2004-0416). By sending a large number of arguments to the CVS server, it is possible to cause it to allocate a huge amount of memory which does not fit into the address space, causing an error (CAN-2004-0417). It was found that the serve_notify() function would write data out of bounds (CAN-2004-0418). The provided packages update cvs to 1.11.16 and include patches to correct all of these problems. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414 Updated Packages:
Mandrakelinux 10.0:
Mandrakelinux 10.0/AMD64:
Corporate Server 2.1:
Corporate Server 2.1/x86_64:
Mandrakelinux 9.1:
Mandrakelinux 9.1/PPC:
Mandrakelinux 9.2:
Mandrakelinux 9.2/AMD64: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com
Type Bits/KeyID Date User ID Mandrakelinux Security Update Advisory
Package name: squid Problem Description: A vulnerability exists in squid's NTLM authentication helper. This buffer overflow can be exploited by a remote attacker by sending an overly long password, thus overflowing the buffer and granting the ability to execute arbitrary code. This can only be exploited, however, if NTLM authentication is used. NTLM authentication is built by default in Mandrakelinux packages, but is not enabled in the default configuration. The vulnerability exists in 2.5.*-STABLE and 3.*-PRE. The provided packages are patched to fix this problem. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0541 Updated Packages:
Mandrakelinux 10.0:
Mandrakelinux 10.0/AMD64:
Mandrakelinux 9.1:
Mandrakelinux 9.1/PPC:
Mandrakelinux 9.2:
Mandrakelinux 9.2/AMD64: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com
Type Bits/KeyID Date User ID  
| |||||||||||||||||||||||||||||||||||||||||||
 |
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP 
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Whitepapers and eBooks
Webcasts
Downloads and eKits
|
