Debian Security Advisory DSA 1020-1 - Chris Moore discovered that flex, a scanner generator, generates code, which allocates insufficient memory, if the grammar contains REJECT statements or trailing context rules. This may lead to a buffer overflow and the execution of arbitrary code.
557d74c08692a9e9d71ade15777215dfDebian Security Advisory DSA 1018-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
37e753b6ecf40ba0e936845a971ad588Debian Security Advisory DSA 1019-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite.
69e7226c576237551049f0fc32bf37edDebian Security Advisory DSA 1017-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
cdb76f5f9eff9a3337e81651d36d8915Debian Security Advisory DSA 1016-1 - Ulf H
7aaa4ec433e22eb804294433aee764aaDebian Security Advisory DSA 1015-1 - Mark Dowd discovered a flaw in the handling of asynchronous signals in sendmail, a powerful, efficient, and scalable mail transport agent. This allows a remote attacker may to exploit a race condition to execute arbitrary code as root.
445b8a7a92fe45f0b360bc2d124c701cDebian security advisory DSA 168-1 - Debian released new PHP packages that fix newline character injection in several PHP functions. Additionally, these packages correct a bug in PHP that allow a safe_mode restriction to be bypassed.
9c57f408ce3277629fe1cb49c1438647Debian Security Advisory 158-1 - Gaim uses URL's retrieved from message in command-line execution of the web browser without filtering these URL's first. This issue has been fixed by the Gaim developers in version 0.59.1.
00a491c02a913d2f8d050e08d75f4389Debian Security Advisory DSA-130-1 - Ethereal versions prior to v0.9.3 are vulnerable to an allocation error in the ASN.1 parser allowing remote root exploits. This affected GNU/Linux 2.2 and fixed packages have been released for the alpha, arm, i386, m68k, powerpc and sparc architectures.
ddd83b5b90f864cfc1ecf0c07c2e759aDebian Security Advisory DSA-055-1 - The gftp package has a problem in its logging code which allows malicious ftp servers to execute commands on the client machine. This has been fixed in version 2.0.6a-3.1.
ef6596b65ce3851a35fba5753e535351Debian Security Advisory DSA-028-1 - Man has a format string vulnerability which leads to a local exploit for the man user.
c04746bbc6de42a4ee83de73daf30797Debian Security Advisory DSA-055-1 - A new Zope hotfix has been released which fixes a problem in ZClasses. The problem is "any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance." This hotfix has been added in version 2.1.6-10.
e57f433fb0a00cdfcccd3e9d10af18eaDebian Security Advisory DSA-054-1 - A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user can easily gain root access. This has been fixed in version 3.0pl1-57.3.
ed96a529b8d78aecb08b62cb946238c3Debian Security Advisory DSA-050-1 - The saft daemon 'sendfiled' dropped privileges incorrectly allowing local users to execute arbitrary code under root privileges.
9e9bb2e39fe1af7fdc9076e1d579fd62Debian Security Advisory DSA 051-1 - The Netscape browser does not escape the GIF file comment in the image information page. This allows javascript execution in the "about:" protocol and can for example be used to upload the History (about:global) to a webserver, thus leaking private information. This problem has been fixed upstream in Netscape 4.77.
984c52b183d287162a14a8af92a5cc7dDebian Security Advisory DSA-048-1 - Cfingerd v1.4.1 and below contains a remote root vulnerability in the logging code. When combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could exploited by a remote user.
d0594c2c0c58fed4871dfee1cb2ae0b2Debian Security Advisory DSA-048-1 - Samba does not use temp files correctly, allowing local attackers to trick samba into overwriting arbitrary files. Both problems have been fixed in version 2.0.7-3.2.
0c27853b96d028c8492f08fb1cfea918Debian Security Advisory DSA-047-1 - The kernels used in Debian GNU/Linux 2.2 have been found to have a dozen security problems. Upgrade to 2.2.19!
def0b294fedf656925d71fa76f3aab2cDebian Security Advisory DSA-046-1 - The exuberant-ctags packages as distributed with Debian GNU/Linux 2.2 creates temporary files insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian package, and upstream version 3.5.
88b7c9443117c24cf4fbbacc15f24090Debian Security Advisory DSA-045-1 - A buffer overflow has been found in ntp which can lead to remote root compromise. Versions ntp-4.0.99k and prior are vulnerable.
a2e0f5d49258ef5d8fe7f5c317de6113Debian Security Advisory DSA-044-1 - The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to be secure fixing it properly would mean a large rewrite. Instead of doing this we decided to no longer install it setgid. This means that it can no longer lock your mailbox properly on systems for which you need group mail to write to the mailspool, but it will still work for sending email. Debian security homepage: http://www.debian.org
ea2e4113857feb74daccd04a13cfeaeaDebian Security Advisory - On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request.
c48c94aca5f08103caa9e3d767bf0739Debian Security Advisory DSA-042-1 - Gnuserv, a remote control facility for Emacsen which is available as standalone program as well as included in XEmacs21, has a buffer overflow which can be exploited to make the cookie comparison always succeed.
a895bc2064bcdf6c3fabf251ccf82017Debian Security Advisory DSA-041-1 - The text editor joe attempts to read .joerc from the current directory, allowing malicious local users to execute commands as other users if they use joe in writable directories.
e591023e7a4bedf8a6900673f94e6a0eDebian Security Advisory DSA-040-1 - The slrn newsreader has remotely exploitable buffer overflows if the wrapping/unwrapping functions are enabled.
585880baaeff9496b6bc666274f2034b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed