[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 876-1 [email protected] http://www.debian.org/security/ Martin Schulze October 27th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 876-1 [email protected] http://www.debian.org/security/ Martin Schulze October 27th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 548-2 [email protected] http://www.debian.org/security/ Martin Schulze October 26th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 871-2 [email protected] http://www.debian.org/security/ Martin Schulze October 25th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 871-2 [email protected] http://www.debian.org/security/ Martin Schulze October 25th, 2005 http://www.debian.org/security/faq -...

CVE-2005-3268

yiff server yiff-server 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files...

CVE-2005-3268

yiff server yiff-server 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files...

CVE-2005-3268

CVE-2005-3268 concerns yiff server (yiff-server) 2.14.2 on Debian GNU/Linux. The vulnerability arises because the process runs as root and does not properly verify ownership of files it opens, enabling local users to read arbitrary files. The connected documents confirm the affected product/versi...

CVE-2005-3268

yiff server yiff-server 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files...

[Full-disclosure] [SECURITY] [DSA 867-1] New module-assistant package fixes insecure temporary file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 867-1 [email protected] http://www.debian.org/security/ Martin Schulze October 20th, 2005 http://www.debian.org/security/faq -...

CVE-2005-3254

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian...

CVE-2005-3255

The 1 cgiwrap and 2 php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs...

CVE-2005-3254

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian...

CVE-2005-3254

The CVE-2005-3254 issue affects CGIwrap prior to 3.9 on Debian GNU/Linux, where the minimum UID checked for seteuid operations is incorrectly set to 100 instead of 1000. This mismatch can allow an attacker to execute code as other system UIDs greater than the minimum value, as described in multip...

CVE-2005-3255

The CVE-2005-3255 issue affects the Debian GNU/Linux packages cgiwrap and php-cgiwrap (before version 3.9), where debugging CGI scripts under the web document root are exposed and can be directly requested by remote attackers to obtain sensitive information. This description is supported by multi...

[SECURITY] [DSA 860-1] New Ruby packages fix safety bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 860-1 [email protected] http://www.debian.org/security/ Martin Schulze October 11th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 859-1] New xli packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 859-1 [email protected] http://www.debian.org/security/ Martin Schulze October 10th, 2005 http://www.debian.org/security/faq -...

[Full-disclosure] [SECURITY] [DSA 857-1] New graphviz packages fix insecure temporary file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 857-1 [email protected] http://www.debian.org/security/ Martin Schulze October 10th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 854-1] New tcpdump packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 854-1 [email protected] http://www.debian.org/security/ Martin Schulze October 9th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 848-1] New masqmail packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 848-1 [email protected] http://www.debian.org/security/ Martin Schulze October 8th, 2005 http://www.debian.org/security/faq -...