164 matches found
Debian DSA-350-1 : falconseye - buffer overflow
The falconseye package is vulnerable to a buffer overflow exploited via a long -s command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where falconseye is installed. Note that falconseye does not contain the file permission error CAN-2003-0359 which...
Debian DSA-147-1 : mailman - XSS
A cross-site scripting vulnerability was discovered in mailman, a software to manage electronic mailing lists. When a properly crafted URL is accessed with Internet Explorer other browsers don't seem to be affected, the resulting webpage is rendered similar to the real one, but the JavaScript...
Debian DSA-450-1 : linux-kernel-2.4.19-mips - several vulnerabilities
Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the mips kernel 2.4.19 for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update : - CAN-2003-0961 : An...
Debian DSA-102-2 : at - daemon exploit
zen-parse found a bug in the current implementation of at which leads into a heap corruption vulnerability which in turn could potentially lead into an exploit of the daemon user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian DSA-100-1 : gzip - Potential buffer overflow
GOBBLES found a buffer overflow in gzip that occurs when compressing files with really long filenames. Even though GOBBLES claims to have developed an exploit to take advantage of this bug, it has been said by others that this problem is not likely to be exploitable as other security incidents...
Debian DSA-414-1 : jabber - denial of service
A vulnerability was discovered in jabber, an instant messaging server, whereby a bug in the handling of SSL connections could cause the server process to crash, resulting in a denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian DSA-352-1 : fdclone - insecure temporary directory
fdclone creates a temporary directory in /tmp as a workspace. However, if this directory already exists, the existing directory is used instead, regardless of its ownership or permissions. This would allow an attacker to gain access to fdclone's temporary files and their contents, or replace them...
[SECURITY] [DSA 554-1] New sendmail packages fix potential open relay
-------------------------------------------------------------------------- Debian Security Advisory DSA 554-1 [email protected] http://www.debian.org/security/ Martin Schulze September 27th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 541-1] New icecast-server packages fix cross site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 541-1 [email protected] http://www.debian.org/security/ Martin Schulze August 24th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 536-1 [email protected] http://www.debian.org/security/ Matt Zimmerman August 4th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 531-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 20th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 529-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 17th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 526-1] New webmin packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 526-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 3rd, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 515-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 5th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 512-1] New gallery packages fix unauthenticated access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 512-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 2nd, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 512-1] New gallery packages fix unauthenticated access
-------------------------------------------------------------------------- Debian Security Advisory DSA 512-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 2nd, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 495-1] New Linux 2.4.16 packages fix local root exploit (arm)
-------------------------------------------------------------------------- Debian Security Advisory DSA 495-1 [email protected] http://www.debian.org/security/ Martin Schulze April 26th, 2004 http://www.debian.org/security/faq -...
[Full-Disclosure] [SECURITY] [DSA 494-1] New ident2 packages fix buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 494-1 [email protected] http://www.debian.org/security/ Matt Zimmerman April 21st, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 487-1] New neon packages fix format string vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 487-1 [email protected] http://www.debian.org/security/ Matt Zimmerman April 16th, 2004 http://www.debian.org/security/faq -...
[Full-Disclosure] [SECURITY] [DSA 485-1] New ssmtp packages fix format string vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 485-1 [email protected] http://www.debian.org/security/ Matt Zimmerman April 14th, 2004 http://www.debian.org/security/faq -...