[SECURITY] Seyon is vulnerable to a root exploit

Description ----------- We have received a report from SGI that a vulnerability has been discovered in the seyon program. This can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability. Since SGI does not provide exploit information, we are unable to...

[SECURITY] New versions of bsdgames fixes sail /tmp race

The game sail as provided by the bsdgames package contained a /tmp race. This has been fixes. We recommend you upgrade your bsdgames package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm This version of Debian were release...

[SECURITY] New versions of apache fixes denial of services

We have received a report from Dag-Erling Coidan Smørgrav who says that the apache as distributed with Debian GNU/Linux 2.0 is vulnerable to a denial of services exploit, where repeated, identical headers can consume On^2 memory. We recommend you upgrade your apache package immediately. wget url...

[SECURITY] New versions of apache fixes denial of services

We have received a report from Dag-Erling Coidan Smørgrav who says that the apache as distributed with Debian GNU/Linux 2.0 is vulnerable to a denial of services exploit, where repeated, identical headers can consume On^2 memory. We recommend you upgrade your apache package immediately. wget url...

[SECURITY] Current versions of lpr fixes security problem

We have received reports that buffer overflows in lprm may allow users to gain root access to the local system. We recommend that you use the binaries from hamm or any newer release. dpkg -i file.deb will install the referred file. Debian GNU/Linux 2.0 alias hamm -------------------------------...

[SECURITY] New versions of bsdgames fixes sail /tmp race

The game sail as provided by the bsdgames package contained a /tmp race. This has been fixes. We recommend you upgrade your bsdgames package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- Thi...

[SECURITY] New versions of eperl fixes security drift

We have received a report from Tiago Luz Pinto that the eperl package included in 2.0 misinterprets ISINDEX queries. This can lead to arbitrary Perl code being executed on the server. We recommend you upgrade your eperl package immediately. dpkg -i file.deb will install the referenced file. Debia...

[SECURITY] New versions of ncurses fixes security problem

We have received a report that using ncurses in setuid programs will give the user a way to open arbitrary files. We recommend you upgrade your ncurses3.4-dev package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm This version of Debian were releas...

[SECURITY] New versions of Mutt fixes buffer overflow

We have received a report from Paul Boehm stating that Mutt has an overflowable buffer in parse.c. When sending malicious mail you can execute arbitary code on the mutt running users system. We recommend you upgrade your Mutt package immediately. dpkg -i file.deb will install the referenced file...

[SECURITY] New versions of cfingerd fixes root compromise

We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled. We recommend you upgrade your cfingerd package immediately. dpkg ...

[SECURITY] New versions of Mutt fixes buffer overflow

We have received a report from Paul Boehm stating that Mutt has an overflowable buffer in parse.c. When sending malicious mail you can execute arbitary code on the mutt running users system. We recommend you upgrade your Mutt package immediately. dpkg -i file.deb will install the referenced file...

[SECURITY] New versions of eperl fixes security drift

We have received a report from Tiago Luz Pinto that the eperl package included in 2.0 misinterprets ISINDEX queries. This can lead to arbitrary Perl code being executed on the server. We recommend you upgrade your eperl package immediately. dpkg -i file.deb will install the referenced file. Debia...

[SECURITY] New versions of cfingerd fixes root compromise

We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled. We recommend you upgrade your cfingerd package immediately. dpkg ...

[SECURITY] New versions of hylafax avoid security problem

We have received a report that the faxsurvey script that was included in former releases of hylafax would execute arbitrary commands. Please be warned that this package doesnt contain a fix, the offending script is just removed. We recommend you upgrade your hylafax-doc package immediately. dpkg ...

[SECURITY] New versions of file-runner fix security problem

We have received a report that the file-runner program opens files in /tmp in an unsecure manner. This can result in damaging other files when linked to them. We recommend you upgrade your file-runner package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1...

[SECURITY] New versions of file-runner fix security problem

We have received a report that the file-runner program opens files in /tmp in an unsecure manner. This can result in damaging other files when linked to them. We recommend you upgrade your file-runner package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1...

[SECURITY] Current versions of mailx fixes /tmp problem

Former versions of mailx used an unsecure means of opening files beneath /tmp for writing. This can be used to damage files in a users directory or even systemwide. We recommend you upgrade your mailx package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1...

[SECURITY] New version of premail fixes /tmp file problem

We have received a report that premail uses temporary files in /tmp using unsecure methods for opening them. This is fixed in the new 0.45-4 release. We recommend you upgrade your samba package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1 alias bo Source...

[SECURITY] New versions of kdebase fixes two security holes

We have received a report that the one can use a simple buffer overflow exploit to gain access to the group shadow on systems running klock. There was also a problem in kvt which saved its configuration as root and not as regular user. We recommend you upgrade your kdebase package immediately. dp...

[SECURITY] New versions of kdebase fixes two security holes

We have received a report that the one can use a simple buffer overflow exploit to gain access to the group shadow on systems running klock. There was also a problem in kvt which saved its configuration as root and not as regular user. We recommend you upgrade your kdebase package immediately. dp...