Debian DSA-1053-1 : mozilla - programming error

Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...

Debian DSA-895-1 : uim - programming error

Masanari Yamamoto discovered incorrect use of environment variables in uim, a flexible input method collection and library, that could lead to escalated privileges in setuid/setgid applications linked to libuim. Affected in Debian is at least mlterm. %NASLMINLEVEL 70300 C Tenable Network Security...

Debian DSA-1156-1 : kdebase - programming error

Ludwig Nussel discovered that kdm, the X display manager for KDE, handles access to the session type configuration file insecurely, which may lead to the disclosure of arbitrary files through a symlink attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-873-1 : net-snmp - programming error

A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agents that have opened a stream based protocol e.g. TCP but not UDP. By default, Net-SNMP does not open a TCP port. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1038-1 : xzgv - programming error

Andrea Barisani discovered that xzgv, a picture viewer for X with a thumbnail-based selector, attempts to decode JPEG images within the CMYK/YCCK colour space incorrectly, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

Debian DSA-1179-1 : alsaplayer - programming error

Luigi Auriemma discovered several buffer overflows in alsaplayer, a PCM player designed for ALSA, that can lead to a crash of the application and maybe worse outcome. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Debian DSA-1143-1 : dhcp - programming error

Justin Winschief and Andrew Steets discovered a bug in dhcp, the DHCP server for automatic IP address assignment, which causes the server to unexpectedly exit. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Debian DSA-1040-1 : gdm - programming error

A vulnerability has been identified in gdm, a display manager for X, that could allow a local attacker to gain elevated privileges by exploiting a race condition in the handling of the .ICEauthority file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

Debian DSA-939-1 : fetchmail - programming error

Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, that can cause a crash when the program is running in multidrop mode and receives messages without headers. The old stable distribution woody does not seem to be affected by this problem...

Debian DSA-1172-1 : bind9 - programming error

Two vulnerabilities have been discovered in BIND9, the Berkeley Internet Name Domain server. The first relates to SIG query processing and the second relates to a condition that can trigger an INSIST failure, both lead to a denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...

Debian DSA-1109-1 : rssh - programming error

Russ Allbery discovered that rssh, a restricted shell, performs insufficient checking of incoming commands, which might lead to a bypass of access restrictions. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Debian DSA-901-1 : gnump3d - programming error

Several vulnerabilities have been discovered in gnump3d, a streaming server for MP3 and OGG files. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3349 Ludwig Nussel discovered several temporary files that are created with predictable filenames in a...

Debian DSA-1164-1 : sendmail - programming error

A programming error has been discovered in sendmail, an alternative mail transport agent for Debian, that could allow a remote attacker to crash the sendmail process by sending a specially crafted email message. Please note that in order to install this update you also need libsasl2 library from...

Debian DSA-1037-1 : zgv - programming error

Andrea Barisani discovered that zgv, an svgalib graphics viewer, attempts to decode JPEG images within the CMYK/YCCK colour space incorrectly, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian DSA-1177-1 : usermin - programming error

Hendrik Weimer discovered that it is possible for a normal user to disable the login shell of the root account via usermin, a web-based administration tool. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Debian DSA-1101-1 : courier - programming error

A bug has been discovered in the Courier Mail Server that can result in a number of processes to consume arbitrary amounts of CPU power. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-110...

Debian DSA-1077-1 : lynx-ssl - programming error

Michal Zalewski discovered that lynx, the popular text-mode WWW Browser, is not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in an element that is not terminated, and loops forever trying to render the broken HTML. The same code is present in...

Debian DSA-1027-1 : mailman - programming error

A potential denial of service problem has been discovered in mailman, the web-based GNU mailing list manager. The failing parsing of messages with malformed mime multiparts sometimes caused the whole mailing list to become inoperative. The old stable distribution woody is not vulnerable to this...

Debian DSA-1176-1 : zope2.7 - programming error

It was discovered that the Zope web application server does not disable the csvtable directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

Debian DSA-1032-1 : zope-cmfplone - programming error

It was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...