[NEWS] November Changelog Madness

From: support@securiteam.com
Date: 12/08/01


From: support@securiteam.com
To: list@securiteam.com
Date: Sat,  8 Dec 2001 18:48:20 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  November Changelog Madness
------------------------------------------------------------------------

SUMMARY

 <http://www.vulnwatch.org> Vulnwatch has reported that over 20
security-related issues have been found in November in different products.
The following is a highlighted summary of these security vulnerabilities,
and their corresponding versions.

DETAILS

- vBulletin 2.2.0
"source code audit by an independent 3rd party for security issues"

- Redirected Execution Tree 2.3
"A security hole was fixed"

- SLRN 0.9.7.3
"It also fixes some bugs and one security hole."

- panFora 1.4.0
"Login security was enhanced by making it much harder to hijack user
cookies" (does that mean it was possible to hijack user sessions in older
versions?)

- DrvZ42 0.3.2 (Linux Lexmark printer driver)
"Support for photo cartridges and a small security fix to the z42 tool
were added"

- GrendelProject 0.4.2
"a few (possible) security bug fixes in the online building system"

- Xsu 0.2.1 (Gnome su interface)
"This version contains documentation fixes, manpage fixes, an option to
set the DISPLAY environment variable in Gnome Xsu, and some minor security
fixes"

- D-Forum 1.11
"Better security checks were implemented" (does that mean there was a
problem with the old checks?)

- CryptNET-Keyserver 0.0.6
"A security bugfix for an SQL injection vulnerability"

- SILC server 0.6.3
"security fixes to the SKE"

- SILC client 0.6.5
"security fixes to the SKE"

- SILC tookit 0.6.2
"This version adds better debugging functionality, security fixes,..."

- mterm 0.4.1
"Buffer overflow problems were fixed and cursor positioning was adjusted."
(do the buffer overflow problems have security implications?)

- mailman 2.0.7
"Fixes for two obscured denial-of-service attacks"

- ripMIME 1.2.7
"This release corrects a buffer overflow situation with massive filenames"

- NinjaIRC 1.5.6
"Many bugfixes (including some security problems and segfaults)"

- Wireless tools 22
"a fix for possible buffer overflows"

- DansGuardian 2.2.1
"A large security hole that allowed users to simply type the IP of a
banned Web site to bypass the URL filtering was fixed"

- The Gallery 1.2.3
"A major security bugfix and many minor bugfixes were added"

- gbiff 3.0
"buffer overflows in the IMAP4 protocol have been fixed"

- HTML2WML 0.4.8b2
"A security issue has been corrected"

- NOCC 0.9.5
"A security fix"

ADDITIONAL INFORMATION

The information has been provided by <mailto:rfp@vulnwatch.org> Rain
Forest Puppy.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.