816 matches found
[SECURITY] [DSA-088-1] improper character escaping in fml
Package : fml Problem type : improper character escaping Debian-specific: no The fml a mailing list package as distributed in Debian GNU/Linux 2.2 suffers from a cross-site scripting problem. When generating index pages for list archives the and characters were not properly escaped for subjects...
[SECURITY] [DSA 086-1] New versions of ssh-nonfree & ssh-socks fix buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------------- Debian Security Advisory DSA 086-1 [email protected] http://www.debian.org/security/ Michael Stone November 13, 2001 -...
[SECURITY] [DSA 085-1] New nvi packages fix format string vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 085-1 [email protected] http://www.debian.org/security/ Martin Schulze October 20th, 2001 -...
[SECURITY] [DSA 085-1] New nvi packages fix format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 085-1 [email protected] http://www.debian.org/security/ Martin Schulze October 20th, 2001 - -------------------------------------------------------------------------- Package : nvi, nvi-m17n...
[SECURITY] [DSA 082-1] News Xvt packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 082-1 [email protected] http://www.debian.org/security/ Martin Schulze October 18th, 2001 - -------------------------------------------------------------------------- Package : xvt...
CVE-2001-0755
Buffer overflow in ftp daemon ftpd 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command...
[SECURITY] [DSA-077-1] squid FTP PUT problem
Package : squid Problem type : remote DoS Debian-specific: no Vladimir Ivaschenko found a problem in squid a popular proxy cache. He discovered that there was a flaw in the code to handle FTP PUT commands: when a mkdir-only request was done squid would detect an internal error and exit. Since squ...
[SECURITY] [DSA 076-1] New most packages available
---------------------------------------------------------------------------- Debian Security Advisory DSA 076-1 [email protected] http://www.debian.org/security/ Martin Schulze September 18, 2001 - ---------------------------------------------------------------------------- Package : most...
[SECURITY] [DSA-069-1] xloadimage buffer overflow
Package : xloadimage Problem type : buffer overflow Debian-specific: no The version of xloadimage a graphics files viewer for X that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone...
[SECURITY] [DSA-068-1] OpenLDAP DoS
Package : openldap Problem type : remote DoS Debian-specific: no CERT released their advisory CA-2001-18 which lists a number of vulnerabilities in various LDAP implementations. based on the results of the PROTOS LDAPv3 test suite. These tests found one problem in OpenLDAP, a free LDAP...
[SECURITY] [DSA-058-1] exim printf format attack
Package : exim Problem type : remote printf format attack Debian-specific: no Megyer Laszlo found a printf format bug in the exim mail transfer agent. The code that checks the header syntax of an email logs an error without protecting itself against printf format attacks. This problem has been...
[SECURITY] [DSA-054-1] cron local root exploit
Package : cron Problem type : local root exploit Debian-specific: no A recent fall 2000 security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user could easily gain root access. This has been fixed in version 3.0pl1-57.3 or 3.0pl1-67 for unstable...
CVE-2001-0069
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0195
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking...
CVE-2001-0069
CVE-2001-0069 affects the Debian GNU/Linux package dialog prior to version 0.9a-20000118-3bis. The vulnerability is a symlink attack that allows a local user to overwrite arbitrary files. The issue arises from a race condition involving symlinks, enabling manipulation of file targets by a non-pri...
[SECURITY] [DSA-047-1] multiple kernel problems
Package : various kernel packages Problem type : multiple Debian-specific: no The kernels used in Debian GNU/Linux 2.2 have been found to have multiple security problems. This is a list of problems based on the 2.2.19 release notes as found on http://www.linux.org.uk/ : binfmtmisc used user pages...
[SECURITY] [DSA-047-1] multiple kernel problems
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-047-1 [email protected] http://www.debian.org/security/ Wichert Akkerman April 16, 2001 -...
[SECURITY] [DSA 035-1] New version of man2html available
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------------- Debian Security Advisory DSA-035-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 -...
[SECURITY] [DSA 037-1] New versions of Athena Widget replacement libraries available
---------------------------------------------------------------------------- Debian Security Advisory DSA-037-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 - ---------------------------------------------------------------------------- Package : nextaw, xaw3d,...
[SECURITY] [DSA 035-1] New version of man2html available
---------------------------------------------------------------------------- Debian Security Advisory DSA-035-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 - ---------------------------------------------------------------------------- Package : man2html...