[SECURITY] New version of ssh may fix buffer overflows

There has been a lot of confusion over ssh lately: some people think their systems have been hacked through ssh, although nobody has been able to produce an exploit. To avoid any possible problems we have patched ssh to fix any possible buffer overruns. We think this will stop any attack that mig...

[SECURITY] New version of ssh may fix buffer overflows

There has been a lot of confusion over ssh lately: some people think their systems have been hacked through ssh, although nobody has been able to produce an exploit. To avoid any possible problems we have patched ssh to fix any possible buffer overruns. We think this will stop any attack that mig...

[SECURITY] New version of fte fixes access problems

We have found that the fte package as supplied in our slink frozen and potato unstable archives does not drop its root priviliges after initializing the virtual console device. This allows all users to read and write files with root priviliges, and execute all programs as root. A new package...

[SECURITY] New version of fte fixes access problems

We have found that the fte package as supplied in our slink frozen and potato unstable archives does not drop its root priviliges after initializing the virtual console device. This allows all users to read and write files with root priviliges, and execute all programs as root. A new package...

CVE-1999-1411

The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp...

[SECURITY] new version of fsp fixes security flaw

We have found that the fsp package introduces a possible security flaw. When the fsp package is installed it adds the ftp user without prompting the admin. This can enable anonymous FTP if you use the standard ftp or wu-ftpd as your FTP daemon. If you have have installed fsp and a FTP daemon and ...

[SECURITY] new version of fsp fixes security flaw

We have found that the fsp package introduces a possible security flaw. When the fsp package is installed it adds the ftp user without prompting the admin. This can enable anonymous FTP if you use the standard ftp or wu-ftpd as your FTP daemon. If you have have installed fsp and a FTP daemon and ...

[SECURITY] New version of zgv fixes buffer overflows

We have received reports that the zgv package is vulnerable to buffer overflows. We recommend you upgrade your zgv package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm This version of Debian was released only...

[SECURITY] New version of zgv fixes buffer overflows

We have received reports that the zgv package is vulnerable to buffer overflows. We recommend you upgrade your zgv package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- This...

[SECURITY] New versions of junkbuster fixes buffer overflows

We have received reports that junkbuster had a couple buffer overflow vulnerabilities. We fixed those in version 2.0-3.2. All later version are also not vulnerable. The patches were backported from 2.0.2 . We recommend you upgrade your junkbuster package immediately. wget url will fetch the file...

[SECURITY] New versions of junkbuster fixes buffer overflows

We have received reports that junkbuster had a couple buffer overflow vulnerabilities. We fixed those in version 2.0-3.2. All later version are also not vulnerable. The patches were backported from 2.0.2 . We recommend you upgrade your junkbuster package immediately. wget url will fetch the file...

[SECURITY] New versions of tcsh fixes buffer overflows

We have found that the tcsh shell had a problem with very long pathnames. When a very long path was encountered tcsh failed to check the result of getcwd in all places, which could be exploited. We recommend you upgrade your tcsh package immediately. wget url will fetch the file for you dpkg -i...

[SECURITY] New versions of tcsh fixes buffer overflows

We have found that the tcsh shell had a problem with very long pathnames. When a very long path was encountered tcsh failed to check the result of getcwd in all places, which could be exploited. We recommend you upgrade your tcsh package immediately. wget url will fetch the file for you dpkg -i...

[SECURITY] New versions of bash fixes buffer overflows

We have received reports that the bash shell had a problem with very long pathnames. When a very long path was encountered bash failed to check the result of getcwd in all places, which could be exploited. We recommend you upgrade your bash package immediately. wget url will fetch the file for yo...

[SECURITY] New versions of bash fixes buffer overflows

We have received reports that the bash shell had a problem with very long pathnames. When a very long path was encountered bash failed to check the result of getcwd in all places, which could be exploited. We recommend you upgrade your bash package immediately. wget url will fetch the file for yo...

[SECURITY] New version of bind fixes buffer overflows

We have received reports that the nslookup and dig utilities as shipped with current distribution of Linux contain possible buffer overflows. We recommend you upgrade your bind package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian...

[SECURITY] New version of bind fixes buffer overflows

We have received reports that the nslookup and dig utilities as shipped with current distribution of Linux contain possible buffer overflows. We recommend you upgrade your bind package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian...

[SECURITY] New versions of netstd fixes root exploit in rpc.mountd

Description The Program rpc.mountd is a mount daemon that handles NFS mounts. The version as shipped with current distributions of Linux contains a buffer overflow. Impact The overflow can be used as part of an attack to gain root access on the machine acting NFS server. We recommend you upgrade...

Subject: [SECURITY] Debian not vulnerable to recent minicom exploit

Description Recent messages on a computer security forum have again reported that there are buffer overflows in minicom. These can lead into root exploits if the program is installed setuid root. Vulnerability Debian GNU/Linux 2.0 is not vulnerable to this exploit. The program minicom as shipped...

Subject: [SECURITY] Debian not vulnerable to recent minicom exploit

Description ----------- Recent messages on a computer security forum have again reported that there are buffer overflows in minicom. These can lead into root exploits if the program is installed setuid root. Vulnerability ------------- Debian GNU/Linux 2.0 is not vulnerable to this exploit. The...