-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 889-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 8th, 2005
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:205
http://www.mandriva.com/security/
[EMAIL PROTECTED] wrote:
...
>Had they done so, we would never have had to use readdir_r() and progammers
>would not have introduced bugs in the (mis)use of pathconf, over allocating,
>etc.
>
>I would be interested in seeing any real-world use of readdir_r() in
>a context where readdir_r() is requ
On Mon, 07 Nov 2005 18:05:11 PST, Alexander Sotirov said:
> On Linux you can just restart the patched service of course. Most package
> managers (i.e. dpkg and rpm) will do it for you after the update.
Note that rpm will only do that if the person who packaged the updated RPM
specified a 'postins
Carlos Silva aka |Danger_Man| wrote:
> Can someone explain how to apply security patches on the system without
> rebooting the machine?
If you are interested in Windows patches (I apologise for the market-speak):
http://www.determina.com/solutions/liveshield.html
On Linux you can just restart the
On Tue, 08 Nov 2005 09:03:32 +1000, Stuart Low said:
> Well, if you have a customised kernel you'll probably find that your
> need to reboot with a new kernel becomes fairly low (Kernel level
> exploits are fairly rare, especially remote ones).
>
> If you've upgraded services probably the easiest
Hey,
> Can someone explain how to apply security patches on the system without
> rebooting the machine?
> I guess that I cant patch the kernel without compiling and rebooting the
> machine, so the only way is with iptables and keeping the daemons "fresh"?
Well, if you have a customised kernel y
#
#
#
# Advisory #1 Title:
#
# "RANKBOX <= XSS vulnerability"
>On 11/6/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>> I don't see how that is relevant; the typical use of readdir() is as follows:
>>
>> DIR *dirp = opendir(name);
>>
>> while ((dent = readdir(dirp)) != NULL) {
>> ...
>> }
>>
>> closedir(dir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2005:205
http://www.mandriva.com/security/
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3501
___
Hello all,
Can someone explain how to apply security patches on the system without
rebooting the machine?
I guess that I cant patch the kernel without compiling and rebooting the
machine, so the only way is with iptables and keeping the daemons "fresh"?
Regards,
Carlos Silva,
http://osiri
===
Ubuntu Security Notice USN-215-1 November 07, 2005
fetchmail vulnerability
CVE-2005-3088
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Wart
I was interested in getting feedback from current mail group users.We have mirrored your mail list in a new application that provides a more aggregated and safe environment which utilizes the power of broadband.Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version adds broadcast vide
All well known security companies and CERTs not list Flash Player 5.x at
all, it seems they don't see that version as supported.
Many advisories said today "Macromedia Flash Player 7.0.19.0 and prior"
are affected.
From Macromedia itself:
Affected Software Versions
Flash Player 7.0.19.0 and e
SEC-CONSULT Security Advisory 20051107-1=== title:
Macromedia Flash Player ActionDefineFunction
Memory Corruptionprogram: Macromedia Flash Plugin vulnera
Suresec Security Advisory - #8
07/11/2005
Mac OS X (xnu) - Multiple information leaks.
Advisory: http://www.suresec.org/advisories/adv8.pdf
Description:
The Mac OS X kernel has several information leaks.
In certain cases this might be sensitive information, such as portions of
the file c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory:Multiple vulnerabilities in PHPlist
Name:TKADV2005-11-001
Revision:1.0
Release Date:2005/11/07
Last Modified: 2005/11/07
Author: Tobias Klein (tk at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 888-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
I'm going to allow a few domain names to expire that might be of
interest to somebody else on the list... If you want them, let me know
and I'll transfer them to you just before they expire and you can renew
them yourself.
They are:
UNFAIRDISCLOSURE.COM
UNFAIRDISCLOSURE.ORG
UNFAIRDISCLOSURE.N
Zone Labs Products Advance Program Control and OS Firewall (Behavioral
Based) Technology Bypass Vulnerability
I. PRODUCT BACKGROUND
ZoneAlarm Pro and Internet Security Suite with its a new level of protection
is what Zone Labs calls an "OS Firewall" based on "Behavior Based Analysis"
has gon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 887-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
===
Ubuntu Security Notice USN-214-1 November 07, 2005
libungif4 vulnerabilities
CVE-2005-2974, CVE-2005-3350
===
A security issue affects the following Ubuntu releases:
Ubuntu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 886-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
NetBSD 2.1 & below ptrace() local root exploit.
___
To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com
___
Vulnerability: Open Pizza Databases and Email
Severity: Burnt Cheese
Vuln. Researcher: Yo! Noid Attack Squad
Did you expect Papa John's pizza to really care about their own
privacy policy? I hope not. How about a database of about 10,000
Papa Johns customers who complained over the past three mo
On Sun, Nov 06, 2005 at 10:10:10PM -0600, Ron DuFresne wrote:
> On Sat, 5 Nov 2005, Brian Dessent wrote:
>
> > Robert Kim Wireless Internet Advisor wrote:
> > Don't "security professionals" know how to use email
> > for god's sake?
>
> What makes you think at this day in age, "security profession
SEC-CONSULT Security Advisory 20051107-1
===
title: Macromedia Flash Player ActionDefineFunction
Memory Corruption
program: Macromedia Flash Plugin
SEC-CONSULT Security Advisory 20051107-0
=
title: toendaCMS multiple vulnerabilites
program: toendaCMS
vulnerable version: <0.6.2
homepage: www.toenda.
On 06 Nov 05, at 01:00, [EMAIL PROTECTED] wrote:
Then you never really understood the implementation, seems. Of
course
all implementations keep the content of the directory as read with
getdents or so in the DIR descriptor. But it is usually not the case
that the whole content fits into the b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 884-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
Kira wrote:
> Dear All
>
> I wrote Snort Back Orifice Preprocessor Exploit for Win32 targets. It's
> for educational purpose only.
> This exploit was tested on
>
> - Snort 2.4.2 Binary + Windows XP Professional SP1
> - Snort 2.4.2 Binary + Windows XP Professional SP2
> - Snort 2.4.2 Binary + Wind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 885-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
Hey;
Do you guys know
On Sun, 30 Oct 2005, [EMAIL PROTECTED] wrote:
Send Full-Disclosure mailing list submissions to
full-disclosure@lists.grok.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or,
On Sat, 5 Nov 2005, Brian Dessent wrote:
> Robert Kim Wireless Internet Advisor wrote:
> >
> > Nick, hi... why would you want to filter out the digests? will this
> > eliminate digests from my subscriptioin?
>
> It would have nothing to do with *sending* the digests, and everything
> to do with st
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 809-3 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2005
36 matches
Mail list logo
