[SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 279-1 [email protected] http://www.debian.org/security/ Martin Schulze April 7th, 2003 http://www.debian.org/security/faq -...

[SECURITY] [DSA 274-2] New mutt packages fix arbitrary code execution in potato

-------------------------------------------------------------------------- Debian Security Advisory DSA 274-2 [email protected] http://www.debian.org/security/ Martin Schulze April 7th, 2003 http://www.debian.org/security/faq -...

[SECURITY] [DSA 274-2] New mutt packages fix arbitrary code execution in potato

-------------------------------------------------------------------------- Debian Security Advisory DSA 274-2 [email protected] http://www.debian.org/security/ Martin Schulze April 7th, 2003 http://www.debian.org/security/faq -...

[SECURITY] [DSA-031-1] New version of sudo released

Package: sudo Vulnerability: buffer overflow Debian-specific: no Todd Miller announced a new version of sudo which corrects a buffer overflow that could potentially be used to gain root privilages on the local system. The fix from sudo 1.6.3p6 is available in sudo 1.6.2p2-1potato1 for Debian 2.2...

[SECURITY] New version of ethereal released

Package : ethereal Problem type : remote exploit Debian-specific: no hacksware reported a buffer overflow in the AFS packet parsing code in ethereal. Gerald Combs then found more overflows in the netbios and ntp decoding logic as well. An attacker can exploit those overflows by sending carefully...

[SECURITY] New version of gnupg installed

Package: gnupg Debian-specific: no The version of gnupg that was distributed in Debian GNU/Linux 2.2 had a logic error in the code that checks for valid signatures which could cause false positive results: Jim Small discovered that if the input contained multiple signed sections the exit-code gnu...

[SECURITY] New versions of Boa packages available

Package: boa Vulnerability: exposes contents of local files Debian-specific: no Vulnerable: yes In versions of boa before 0.94.8.3, it is possible to access files outside of the servers document root by the use of properly constructed URL requests. This problem is fixed in version 0.94.8.3-1,...

[SECURITY] New versions of sysklogd released

Package: sysklogd Vulnerability: root exploit Debian-specific: no Multiple vulnerabilities have been reported in syslogd and klogd. A local root exploit is possible, and remote exploits may be possible in some cases though we are not currently aware of a remote exploit. Fixed packages are availab...

[SECURITY] New version of libpam-smb released

Package: libpam-smb Vulnerability: remote root exploit Debian-specific: no libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege. libpam-smb was not shipped with Debian 2.1 slink, but was included in Debian 2.2 potato. A fixed version of libpam-s...

[SECURITY] new version of screen released

Package: screen Vulnerability: local exploit Debian-specific: no A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid. Debian 2.1 slink did ship screen setuid and the exploit can be used to gain root privilages. In Debian 2.2 pota...

[SECURITY] New version of Netscape Communicator/Navigator released

Package: netscape communicator, navigator Vulnerability: remote exploit Debian-specific: no Existing Netscape Communicator/Navigator packages contain the following vulnerabilities: 1. Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability - executes arbitrary code in the comment field of...

[SECURITY] New version of xchat released (update)

Package : xchat Problem type : remote exploit Debian-specific: no The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shel...

[SECURITY] new version of zope released (updated)

Package: zope Vulnerability type: remote unprivileged access Debian-specific: no On versions of Zope prior to 2.2.1 it was possible for a user with the ability to edit DTML to gain unauthorized access to extra roles during a request. A fix was previously announced in the Debian zope package...

[SECURITY] New version of userv released

Package : userv Problem type : local exploit Debian-specific: no The version of userv that was distributed with Debian GNU/Linux 2.1 / slink had a problem in the fd swapping algorithm: it could sometimes make an out-of-bounds array reference. It might be possible for local users to abuse this to...

[SECURITY] New verion of dhcp released

Package: dhcp-client-beta dhcp-client Vulnerability type: remote root exploit Debian-specific: no The versions of the ISC DHCP client in debian 2.1 slink and debian 2.2 potato are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in...

[SECURITY] New Debian wu-ftpd packages released

Package: wu-ftpd wu-ftpd-academ Vulnerability: remote root exploit Debian-specific: no The version of wu-ftpd distributed in Debian GNU/Linux 2.1 a.k.a. slink, as well as in the frozen potato and unstable woody distributions, is vulnerable to a remote root compromise. The default configuration in...

Linux news 25.05.00

Ядро 2.3.99-pre9 Вышел новый пререлиз нестабильного ядра 2.3.99. Изменения в основном затронули MIPS платформу. Подробнее: http://www.kernel.org/ DoS в XFree 3.3.5 и больше Ошибка, благодаря которой возможно проведение DoS атаки, обнаружена в XFree 3.3.5, 3.3.6 и 4.0. Атака приводит к использован...