[SECURITY] New versions of cfingerd fixes root compromise

We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled. We recommend you upgrade your cfingerd package immediately. dpkg ...

[SECURITY] New versions of eperl fixes security drift

We have received a report from Tiago Luz Pinto that the eperl package included in 2.0 misinterprets ISINDEX queries. This can lead to arbitrary Perl code being executed on the server. We recommend you upgrade your eperl package immediately. dpkg -i file.deb will install the referenced file. Debia...

[SECURITY] New versions of hylafax avoid security problem

We have received a report that the faxsurvey script that was included in former releases of hylafax would execute arbitrary commands. Please be warned that this package doesnt contain a fix, the offending script is just removed. We recommend you upgrade your hylafax-doc package immediately. dpkg ...

[SECURITY] New versions of file-runner fix security problem

We have received a report that the file-runner program opens files in /tmp in an unsecure manner. This can result in damaging other files when linked to them. We recommend you upgrade your file-runner package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1...

[SECURITY] New versions of file-runner fix security problem

We have received a report that the file-runner program opens files in /tmp in an unsecure manner. This can result in damaging other files when linked to them. We recommend you upgrade your file-runner package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1...

[SECURITY] Current versions of mailx fixes /tmp problem

Former versions of mailx used an unsecure means of opening files beneath /tmp for writing. This can be used to damage files in a users directory or even systemwide. We recommend you upgrade your mailx package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1...

[SECURITY] New version of premail fixes /tmp file problem

We have received a report that premail uses temporary files in /tmp using unsecure methods for opening them. This is fixed in the new 0.45-4 release. We recommend you upgrade your samba package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1 alias bo Source...

[SECURITY] New versions of kdebase fixes two security holes

We have received a report that the one can use a simple buffer overflow exploit to gain access to the group shadow on systems running klock. There was also a problem in kvt which saved its configuration as root and not as regular user. We recommend you upgrade your kdebase package immediately. dp...

[SECURITY] New versions of kdebase fixes two security holes

We have received a report that the one can use a simple buffer overflow exploit to gain access to the group shadow on systems running klock. There was also a problem in kvt which saved its configuration as root and not as regular user. We recommend you upgrade your kdebase package immediately. dp...

Re: [SECURITY] New version of premail fixes /tmp file problem

On Sat, May 30, 1998 at 06:53:48PM +0200, Martin Schulze wrote: We have received a report that premail uses temporary files in /tmp using unsecure methods for opening them. This is fixed in the new 0.45-4 release. We recommend you upgrade your samba package immediately. ^^^^^ This should read...

[SECURITY] New version of premail fixes /tmp file problem

We have received a report that premail uses temporary files in /tmp using unsecure methods for opening them. This is fixed in the new 0.45-4 release. We recommend you upgrade your samba package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1 alias bo...

[SECURITY] New versions of samba fixes buffer overrun

We have received reports that the samba package as shipped with Debian is vulnerable to several buffer overrun problems aka exploits. The samba group has released a patch release 1.9.18p6 that fixes these. We recommend you upgrade your samba package immediately. dpkg -i file.deb will install the...

[SECURITY] New versions of gzip available

We were told by Michal Zalewski that gzexe as shipped with gzip uses an unsecure method decompressing executables on the fly opening a way of calling arbitrary programs. Newer versions for bo and hamm are fixing this. We recommend you upgrade your gzip package if youre using the gzexe method. dpk...

[SECURITY] New versions of gzip available

We were told by Michal Zalewski that gzexe as shipped with gzip uses an unsecure method decompressing executables on the fly opening a way of calling arbitrary programs. Newer versions for bo and hamm are fixing this. We recommend you upgrade your gzip package if youre using the gzexe method. dpk...

[SECURITY] New versions of su fixes security problem

==================================================================== Debian GNU/Linux Security May 13, 1998 We have received reports telling us that there was a problem with the program su from the shadow package. This has been fixed in recent uploads. We recommend you update shadow-su immediatel...

[SECURITY] New versions of su fixes security problem

==================================================================== Debian GNU/Linux Security May 13, 1998 We have received reports telling us that there was a problem with the program su from the shadow package. This has been fixed in recent uploads. We recommend you update shadow-su immediatel...

[SECURITY] New versions of procps fixes security problem

We have received a report about procps 1.2.6 containing a file creation and corruption bug in XConsole. If you have procps installed on your machines we suggest that you upgrade immetiately. The problem is fixed in any 1.2.7 version of procps. dpkg -i file.deb will install the referred file. Debi...

[SECURITY] New versions of procps fixes security problem

We have received a report about procps 1.2.6 containing a file creation and corruption bug in XConsole. If you have procps installed on your machines we suggest that you upgrade immetiately. The problem is fixed in any 1.2.7 version of procps. dpkg -i file.deb will install the referred file. Debi...

[SECURITY] New versions of ircII fixes security problem

David Holland has reported that a remote user may send arbitrary characters - ansi codes - to a users terminal. This is considered harmful. The following versions fix this problem. dpkg -i file.deb will install the referred file. Debian GNU/Linux 1.3.1 alias bo Source archives:...

[SECURITY] New versions of super fixes security problem

==================================================================== Debian GNU/Linux Security May 08, 1998 We have received a report that versions super were displaying files even if the particular user should not be able to read them. This has been forwarded to the upstream author, William Deic...