Página 1 de 12 123456 ... ÚltimoÚltimo
+ Responder ao Tópico



  1. #1
    Hacker
    1. Slackware: bitchx multiple vulnerabilities

    [slackware-security] BitchX security fixes (SSA:2003-141-02)

    New BitchX packages are available to fix security problems found
    by Timo Sirainen. BitchX is an IRC (Internet Relay Chat) client.
    Under certain circumstances, a malicious IRC server could cause
    BitchX to crash, or possibly to run arbitrary code as the user
    running BitchX.

    All sites running BitchX are advised to upgrade.

    More information on the problem can be found here:

    Here are the details from the Slackware 9.0 ChangeLog:
    +--------------------------+
    Tue May 20 20:13:09 PDT 2003
    patches/packages/bitchx-1.0c19-i386-3.tgz: Patched several potential "evil
    server" security problems noted by Timo Sirainen.
    (* Security fix *)
    +--------------------------+


    Details at: http://www.linuxsecurity.com/advisories/slackware_advisory-3284.html


    2. Slackware: epic4 multiple vulnerabilities

    [slackware-security] EPIC4 security fixes (SSA:2003-141-01)

    New EPIC4 packages are available to fix security problems found
    by Timo Sirainen. EPIC4 is an IRC (Internet Relay Chat) client.
    Under certain circumstances, a malicious IRC server could cause
    EPIC4 to crash, or possibly to run arbitrary code as the user
    running EPIC4.

    All sites running EPIC4 are advised to upgrade.

    More information on the problem can be found here:

    Here are the details from the Slackware 9.0 ChangeLog:
    +--------------------------+
    Tue May 20 20:13:09 PDT 2003
    patches/packages/epic4-1.0.1-i386-3.tgz: Patched a buffer overflow in ctcp.c.
    (* Security fix *)
    +--------------------------+


    Details at: http://www.linuxsecurity.com/advisories/slackware_advisory-3283.html


    3. Slackware: glibc buffer overflow vulnerability

    [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)

    An integer overflow in the xdrmem_getbytes() function found in the glibc
    library has been fixed. This could allow a remote attacker to execute
    arbitrary code by exploiting RPC service that use xdrmem_getbytes(). None of
    the default RPC services provided by Slackware appear to use this function,
    but third-party applications may make use of it.

    We recommend upgrading to these new glibc packages.


    Here are the details from the Slackware 9.0 ChangeLog:
    +--------------------------+
    Tue May 20 20:13:09 PDT 2003
    patches/packages/glibc-2.3.1-i386-4.tgz: Patched, recompiled.
    (* Security fix *)
    patches/packages/glibc-debug-2.3.1-i386-4.tgz: Patched, recompiled.
    (* Security fix *)
    patches/packages/glibc-i18n-2.3.1-noarch-4.tgz: Rebuilt.
    patches/packages/glibc-profile-2.3.1-i386-4.tgz: Patched, recompiled.
    (* Security fix *)
    patches/packages/glibc-solibs-2.3.1-i386-4.tgz: Patched a buffer overflow in
    some dead code (xdrmem_getbytes(), which we couldnt find used by anything,
    but it doesnt hurt to patch it anyway)
    (* Security fix *)
    patches/packages/glibc-zoneinfo-2.3.1-noarch-4.tgz: Rebuilt.
    +--------------------------+

    Details at: http://www.linuxsecurity.com/advisories/slackware_advisory-3285.html


    4. Slackware: mod_ssl timing based attack vulnerability

    [slackware-security] mod_ssl RSA blinding fixes (SSA:2003-141-05)

    An upgrade for mod_ssl to version 2.8.14_1.3.27 is now available.
    This version provides RSA blinding by default which prevents an
    extended timing analysis from revealing details of the secret key
    to an attacker. Note that this problem was already fixed within
    OpenSSL, so this is a "double fix". With this package, mod_ssl
    is secured even if OpenSSL is not.

    We recommend sites using mod_ssl upgrade to this new package.


    Here are the details from the Slackware 9.0 ChangeLog:
    +--------------------------+
    Tue May 20 20:13:09 PDT 2003
    patches/packages/mod_ssl-2.8.14_1.3.27-i386-1.tgz: Upgraded to
    mod_ssl-2.8.14_1.3.27. Includes RSA blinding fixes.
    (* Security fix *)
    +--------------------------+

    Details at: http://www.linuxsecurity.com/advisories/slackware_advisory-3287.html


    5. Slackware: quotacheck vulnerability

    Advisories: Slackware 5/22/2003 9:49





    [slackware-security] quotacheck security fix in rc.M (SSA:2003-141-06)

    An upgraded sysvinit package is available which fixes a problem with
    the use of quotacheck in /etc/rc.d/rc.M. The original version of
    rc.M calls quotacheck like this:

    echo "Checking filesystem quotas: /sbin/quotacheck -avugM"
    /sbin/quotacheck -avugM

    The M option is wrong. This causes the filesystem to be remounted,
    and in the process any mount flags such as nosuid, nodev, noexec,
    and the like, will be reset. The correct option to use here is m,
    which does not attempt to remount the partition:

    echo "Checking filesystem quotas: /sbin/quotacheck -avugm"
    /sbin/quotacheck -avugm

    We recommend sites using file system quotas upgrade to this new package,
    or edit /etc/rc.d/rc.M accordingly.


    Here are the details from the Slackware 9.0 ChangeLog:
    +--------------------------+
    Tue May 20 20:13:09 PDT 2003
    patches/packages/sysvinit-2.84-i386-26.tgz: Use option M, not m, for
    quotacheck.
    Otherwise, the partition might be remounted losing flags like nosuid,nodev,
    noexec. Thanks to Jem Berkes for pointing this out.
    (* Security fix *)
    +--------------------------+




    Details at: http://www.linuxsecurity.com/advisories/slackware_advisory-3288.html



  2. KI Beleza..... <IMG SRC="images/forum/icons/icon_biggrin.gif">



  3. #3
    Hacker

    Cade o Slackware agora ???? <IMG SRC="images/forum/icons/icon27.gif">

  4. #4
    rafaelpazcolles
    Eu sinceramente nao entendi o que este "hacker" quis dizer com "- Cade o Slackware Agora . . . "pois é uma distribuição linux, como qualquer outra,
    pessoas como ele que de nada acrescentam ficam com este tipo de comentário! TODAS distribuições não estão 100%, POIS SÃO CRIADAS POR SERES HUMANDOS, passíveis de falhas. Se citarmos todos os bugs encontrados em todas as ditros . . o que iríamos acrescentar a comunidade? nada, ao invés disso devemos aprender e ajudar a resolver problemas, mas enquanto pessoas com COMENTÁRIOS INFELIZES usarem de um espaço público destinado ao aprendizado e a trocas de idéias para PROVOCAÇÕES BESTAS E INFANTIS nao chegaremos a lugar algum.

    Aos amigos que procuram conhecimento, desculpe pelo desabafo!
    Aos IDIOTAS de plantão ACHEM OUTRO LUGAR PARA ENCHER!!!!

    Até Mais

    Rafael Paz Colles



  5. #5
    lrezende
    100% rafaelpazcolles...

    só tenho isso a dizer!






Tópicos Similares

  1. Respostas: 13
    Último Post: 10-02-2008, 01:41
  2. Respostas: 9
    Último Post: 22-05-2007, 02:06
  3. Respostas: 0
    Último Post: 18-01-2006, 19:59
  4. Estacão Linux com DOSEMU/CLIPPER de uma vez por todas!!!
    Por glaucosc no fórum Servidores de Rede
    Respostas: 0
    Último Post: 18-08-2004, 19:59
  5. Respostas: 20
    Último Post: 29-01-2003, 12:44

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L