[SECURITY] New versions of tcsh fixes buffer overflows

We have found that the tcsh shell had a problem with very long pathnames. When a very long path was encountered tcsh failed to check the result of getcwd in all places, which could be exploited. We recommend you upgrade your tcsh package immediately. wget url will fetch the file for you dpkg -i...

[SECURITY] New versions of tcsh fixes buffer overflows

We have found that the tcsh shell had a problem with very long pathnames. When a very long path was encountered tcsh failed to check the result of getcwd in all places, which could be exploited. We recommend you upgrade your tcsh package immediately. wget url will fetch the file for you dpkg -i...

[SECURITY] New versions of bash fixes buffer overflows

We have received reports that the bash shell had a problem with very long pathnames. When a very long path was encountered bash failed to check the result of getcwd in all places, which could be exploited. We recommend you upgrade your bash package immediately. wget url will fetch the file for yo...

[SECURITY] New versions of bash fixes buffer overflows

We have received reports that the bash shell had a problem with very long pathnames. When a very long path was encountered bash failed to check the result of getcwd in all places, which could be exploited. We recommend you upgrade your bash package immediately. wget url will fetch the file for yo...

[SECURITY] New version of bind fixes buffer overflows

We have received reports that the nslookup and dig utilities as shipped with current distribution of Linux contain possible buffer overflows. We recommend you upgrade your bind package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian...

[SECURITY] New version of bind fixes buffer overflows

We have received reports that the nslookup and dig utilities as shipped with current distribution of Linux contain possible buffer overflows. We recommend you upgrade your bind package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian...

[SECURITY] New versions of netstd fixes root exploit in rpc.mountd

Description The Program rpc.mountd is a mount daemon that handles NFS mounts. The version as shipped with current distributions of Linux contains a buffer overflow. Impact The overflow can be used as part of an attack to gain root access on the machine acting NFS server. We recommend you upgrade...

Subject: [SECURITY] Debian not vulnerable to recent minicom exploit

Description Recent messages on a computer security forum have again reported that there are buffer overflows in minicom. These can lead into root exploits if the program is installed setuid root. Vulnerability Debian GNU/Linux 2.0 is not vulnerable to this exploit. The program minicom as shipped...

Subject: [SECURITY] Debian not vulnerable to recent minicom exploit

Description ----------- Recent messages on a computer security forum have again reported that there are buffer overflows in minicom. These can lead into root exploits if the program is installed setuid root. Vulnerability ------------- Debian GNU/Linux 2.0 is not vulnerable to this exploit. The...

[SECURITY] Seyon is vulnerable to a root exploit

Description ----------- We have received a report from SGI that a vulnerability has been discovered in the seyon program. This can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability. Since SGI does not provide exploit information, we are unable to...

[SECURITY] New versions of bsdgames fixes sail /tmp race

The game sail as provided by the bsdgames package contained a /tmp race. This has been fixes. We recommend you upgrade your bsdgames package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm This version of Debian were release...

[SECURITY] New versions of apache fixes denial of services

We have received a report from Dag-Erling Coidan Smørgrav who says that the apache as distributed with Debian GNU/Linux 2.0 is vulnerable to a denial of services exploit, where repeated, identical headers can consume On^2 memory. We recommend you upgrade your apache package immediately. wget url...

[SECURITY] New versions of apache fixes denial of services

We have received a report from Dag-Erling Coidan Smørgrav who says that the apache as distributed with Debian GNU/Linux 2.0 is vulnerable to a denial of services exploit, where repeated, identical headers can consume On^2 memory. We recommend you upgrade your apache package immediately. wget url...

[SECURITY] Current versions of lpr fixes security problem

We have received reports that buffer overflows in lprm may allow users to gain root access to the local system. We recommend that you use the binaries from hamm or any newer release. dpkg -i file.deb will install the referred file. Debian GNU/Linux 2.0 alias hamm -------------------------------...

[SECURITY] New versions of bsdgames fixes sail /tmp race

The game sail as provided by the bsdgames package contained a /tmp race. This has been fixes. We recommend you upgrade your bsdgames package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- Thi...

[SECURITY] New versions of eperl fixes security drift

We have received a report from Tiago Luz Pinto that the eperl package included in 2.0 misinterprets ISINDEX queries. This can lead to arbitrary Perl code being executed on the server. We recommend you upgrade your eperl package immediately. dpkg -i file.deb will install the referenced file. Debia...

[SECURITY] New versions of ncurses fixes security problem

We have received a report that using ncurses in setuid programs will give the user a way to open arbitrary files. We recommend you upgrade your ncurses3.4-dev package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm This version of Debian were releas...

[SECURITY] New versions of Mutt fixes buffer overflow

We have received a report from Paul Boehm stating that Mutt has an overflowable buffer in parse.c. When sending malicious mail you can execute arbitary code on the mutt running users system. We recommend you upgrade your Mutt package immediately. dpkg -i file.deb will install the referenced file...

[SECURITY] New versions of cfingerd fixes root compromise

We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled. We recommend you upgrade your cfingerd package immediately. dpkg ...

[SECURITY] New versions of Mutt fixes buffer overflow

We have received a report from Paul Boehm stating that Mutt has an overflowable buffer in parse.c. When sending malicious mail you can execute arbitary code on the mutt running users system. We recommend you upgrade your Mutt package immediately. dpkg -i file.deb will install the referenced file...