CVE-2004-2569

CVE-2004-2569 affects ipmenu prior to 0.0.3-5 for Debian GNU/Linux; it allows a local user to overwrite arbitrary files by creating a symlink to ipmenu.log. Debian’s DSA-907-1 fixes this by upgrading ipmenu to a safe version (0.0.3-5). Impact is local, with no remote vector described; no exploita...

[SECURITY] [DSA 811-2] New common-lisp-controller packages fix arbitrary code injection

-------------------------------------------------------------------------- Debian Security Advisory DSA 811-2 [email protected] http://www.debian.org/security/ Martin Schulze November 21st, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 898-1] New phpgroupware packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 898-1 [email protected] http://www.debian.org/security/ Martin Schulze November 17th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 897-1] New phpsysinfo packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 897-1 [email protected] http://www.debian.org/security/ Martin Schulze November 15th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 896-1] New ftpd-ssl packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 896-1 [email protected] http://www.debian.org/security/ Martin Schulze November 15th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 894-1] New AbiWord packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 894-1 [email protected] http://www.debian.org/security/ Martin Schulze November 14th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 892-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 892-1 [email protected] http://www.debian.org/security/ Martin Schulze November 10th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 890-1] New libungif4 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 890-1 [email protected] http://www.debian.org/security/ Martin Schulze November 9th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 888-1] New OpenSSL packages fix cryptographic weakness

-------------------------------------------------------------------------- Debian Security Advisory DSA 888-1 [email protected] http://www.debian.org/security/ Martin Schulze November 7th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 876-1 [email protected] http://www.debian.org/security/ Martin Schulze October 27th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 876-1 [email protected] http://www.debian.org/security/ Martin Schulze October 27th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 548-2 [email protected] http://www.debian.org/security/ Martin Schulze October 26th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 871-2 [email protected] http://www.debian.org/security/ Martin Schulze October 25th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 871-2 [email protected] http://www.debian.org/security/ Martin Schulze October 25th, 2005 http://www.debian.org/security/faq -...

CVE-2005-3268

yiff server yiff-server 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files...

CVE-2005-3268

yiff server yiff-server 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files...

CVE-2005-3268

yiff server yiff-server 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files...

CVE-2005-3268

CVE-2005-3268 concerns yiff server (yiff-server) 2.14.2 on Debian GNU/Linux. The vulnerability arises because the process runs as root and does not properly verify ownership of files it opens, enabling local users to read arbitrary files. The connected documents confirm the affected product/versi...

[Full-disclosure] [SECURITY] [DSA 867-1] New module-assistant package fixes insecure temporary file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 867-1 [email protected] http://www.debian.org/security/ Martin Schulze October 20th, 2005 http://www.debian.org/security/faq -...

CVE-2005-3254

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian...