Section: .. / advisories / debian /
| /// File Name: |
dsa-1020-1.txt |
Description:
|
Debian Security Advisory DSA 1020-1 - Chris Moore discovered that flex, a scanner generator, generates code, which allocates insufficient memory, if the grammar contains REJECT statements or trailing context rules. This may lead to a buffer overflow and the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5295 | | Last Modified: | Apr 5 00:18:33 2006 |
| MD5 Checksum: | 557d74c08692a9e9d71ade15777215df |
|
| /// File Name: |
dsa-1018-1.txt |
Description:
|
Debian Security Advisory DSA 1018-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 49961 | | Last Modified: | Apr 5 00:17:51 2006 |
| MD5 Checksum: | 37e753b6ecf40ba0e936845a971ad588 |
|
| /// File Name: |
dsa-1019-1.txt |
Description:
|
Debian Security Advisory DSA 1019-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 24859 | | Last Modified: | Apr 5 00:16:12 2006 |
| MD5 Checksum: | 69e7226c576237551049f0fc32bf37ed |
|
| /// File Name: |
dsa-1017-1.txt |
Description:
|
Debian Security Advisory DSA 1017-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 69712 | | Last Modified: | Apr 5 00:15:43 2006 |
| MD5 Checksum: | cdb76f5f9eff9a3337e81651d36d8915 |
|
| /// File Name: |
dsa-1016-1.txt |
Description:
|
Debian Security Advisory DSA 1016-1 - Ulf Härnhammar discovered several format string vulnerabilities in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 11782 | | Last Modified: | Apr 5 00:15:13 2006 |
| MD5 Checksum: | 7aaa4ec433e22eb804294433aee764aa |
|
| /// File Name: |
dsa-1015-1.txt |
Description:
|
Debian Security Advisory DSA 1015-1 - Mark Dowd discovered a flaw in the handling of asynchronous signals in sendmail, a powerful, efficient, and scalable mail transport agent. This allows a remote attacker may to exploit a race condition to execute arbitrary code as root.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 18217 | | Last Modified: | Mar 31 12:13:30 2006 |
| MD5 Checksum: | 445b8a7a92fe45f0b360bc2d124c701c |
|
| /// File Name: |
DSA-168-1 |
Description:
|
Debian security advisory DSA 168-1 - Debian released new PHP packages that fix newline character injection in several PHP functions. Additionally, these packages correct a bug in PHP that allow a safe_mode restriction to be bypassed.
| | Homepage: | http://www.debian.org/security/ | | File Size: | 18239 | | Last Modified: | Sep 20 11:37:25 2002 |
| MD5 Checksum: | 9c57f408ce3277629fe1cb49c1438647 |
|
| /// File Name: |
debian.gaim.txt |
Description:
|
Debian Security Advisory 158-1 - Gaim uses URL's retrieved from message in command-line execution of the web browser without filtering these URL's first. This issue has been fixed by the Gaim developers in version 0.59.1.
| | Homepage: | http://www.debian.org/security/ | | File Size: | 8551 | | Last Modified: | Aug 28 06:10:44 2002 |
| MD5 Checksum: | 00a491c02a913d2f8d050e08d75f4389 |
|
| /// File Name: |
DSA-130-1 |
Description:
|
Debian Security Advisory DSA-130-1 - Ethereal versions prior to v0.9.3 are vulnerable to an allocation error in the ASN.1 parser allowing remote root exploits. This affected GNU/Linux 2.2 and fixed packages have been released for the alpha, arm, i386, m68k, powerpc and sparc architectures.
| | Homepage: | http://www.debian.org/security/ | | File Size: | 3999 | | Last Modified: | Jun 4 06:47:41 2002 |
| MD5 Checksum: | ddd83b5b90f864cfc1ecf0c07c2e759a |
|
| /// File Name: |
debian.gftp.txt |
Description:
|
Debian Security Advisory DSA-055-1 - The gftp package has a problem in its logging code which allows malicious ftp servers to execute commands on the client machine. This has been fixed in version 2.0.6a-3.1.
| | Homepage: | http://www.debian.org/security | | File Size: | 3463 | | Last Modified: | May 9 01:05:40 2001 |
| MD5 Checksum: | ef6596b65ce3851a35fba5753e535351 |
|
| /// File Name: |
debian.man-db.txt |
Description:
|
Debian Security Advisory DSA-056-1 - A bug in man-db has been discovered. It fails to drop privileges with the -c or the -u option, allowing local users to overwrite any file owned by user man, including the man and mandb binaries. This has been fixed in version 2.3.16-3.
| | Homepage: | http://www.debian.org/security | | File Size: | 3973 | | Last Modified: | May 9 01:04:27 2001 |
| MD5 Checksum: | c04746bbc6de42a4ee83de73daf30797 |
|
| /// File Name: |
debian.zope2.txt |
Description:
|
Debian Security Advisory DSA-055-1 - A new Zope hotfix has been released which fixes a problem in ZClasses. The problem is "any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance." This hotfix has been added in version 2.1.6-10.
| | Homepage: | http://www.debian.org/security | | File Size: | 3534 | | Last Modified: | May 9 00:51:30 2001 |
| MD5 Checksum: | e57f433fb0a00cdfcccd3e9d10af18ea |
|
| /// File Name: |
debian.cron3.txt |
Description:
|
Debian Security Advisory DSA-054-1 - A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user can easily gain root access. This has been fixed in version 3.0pl1-57.3.
| | Homepage: | http://www.debian.org/security | | File Size: | 3422 | | Last Modified: | May 9 00:26:56 2001 |
| MD5 Checksum: | ed96a529b8d78aecb08b62cb946238c3 |
|
| /// File Name: |
debian.sendfile.txt |
Description:
|
Debian Security Advisory DSA-052-1 - A problem in sendfiled which caused the daemon not to drop privileges as expected when sending notification mails has been fixed. Exploiting this a local user can easily make it execute arbitrary code under root privileges.
| | Homepage: | http://www.debian.org/security | | File Size: | 3866 | | Last Modified: | Apr 25 02:45:02 2001 |
| MD5 Checksum: | 9e9bb2e39fe1af7fdc9076e1d579fd62 |
|
| /// File Name: |
debian.netscape.txt |
Description:
|
Debian Security Advisory DSA 051-1 - The Netscape browser does not escape the GIF file comment in the image information page. This allows javascript execution in the "about:" protocol and can for example be used to upload the History (about:global) to a webserver, thus leaking private information. This problem has been fixed upstream in Netscape 4.77.
| | Homepage: | http://www.debian.org/security | | File Size: | 6564 | | Last Modified: | Apr 25 02:42:35 2001 |
| MD5 Checksum: | 984c52b183d287162a14a8af92a5cc7d |
|
| /// File Name: |
debian.cfingerd.txt |
Description:
|
Debian Security Advisory DSA-048-1 - Cfingerd v1.4.1 and below contains a remote root vulnerability in the logging code. When combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could exploited by a remote user.
| | Homepage: | http://www.debian.org/security | | File Size: | 3652 | | Last Modified: | Apr 22 22:25:42 2001 |
| MD5 Checksum: | d0594c2c0c58fed4871dfee1cb2ae0b2 |
|
| /// File Name: |
debian.samba.txt |
Description:
|
Debian Security Advisory DSA-048-1 - Samba does not use temp files correctly, allowing local attackers to trick samba into overwriting arbitrary files. Both problems have been fixed in version 2.0.7-3.2.
| | Homepage: | http://www.debian.org/security | | File Size: | 7465 | | Last Modified: | Apr 19 23:45:08 2001 |
| MD5 Checksum: | 0c27853b96d028c8492f08fb1cfea918 |
|
| /// File Name: |
debian.kernel.txt |
Description:
|
Debian Security Advisory DSA-047-1 - The kernels used in Debian GNU/Linux 2.2 have been found to have a dozen security problems. Upgrade to 2.2.19!
| | Homepage: | http://www.debian.org/security | | File Size: | 12068 | | Last Modified: | Apr 17 03:03:17 2001 |
| MD5 Checksum: | def0b294fedf656925d71fa76f3aab2c |
|
| /// File Name: |
debian.exuberant-ctags.txt |
Description:
|
Debian Security Advisory DSA-046-1 - The exuberant-ctags packages as distributed with Debian GNU/Linux 2.2 creates temporary files insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian package, and upstream version 3.5.
| | Homepage: | http://www.debian.org/security | | File Size: | 3428 | | Last Modified: | Apr 15 20:11:04 2001 |
| MD5 Checksum: | 88b7c9443117c24cf4fbbacc15f24090 |
|
| /// File Name: |
debian.ntp.txt |
Description:
|
Debian Security Advisory DSA-045-1 - A buffer overflow has been found in ntp which can lead to remote root compromise. Versions ntp-4.0.99k and prior are vulnerable.
| | Homepage: | http://www.debian.org/security | | File Size: | 5426 | | Last Modified: | Apr 10 04:17:15 2001 |
| MD5 Checksum: | a2e0f5d49258ef5d8fe7f5c317de6113 |
|
| /// File Name: |
debian.mailx.txt |
Description:
|
Debian Security Advisory DSA-044-1 - The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to be secure fixing it properly would mean a large rewrite. Instead of doing this we decided to no longer install it setgid. This means that it can no longer lock your mailbox properly on systems for which you need group mail to write to the mailspool, but it will still work for sending email. Debian security homepage: http://www.debian.org
| | File Size: | 3904 | | Last Modified: | Mar 16 03:05:13 2001 |
| MD5 Checksum: | ea2e4113857feb74daccd04a13cfeaea |
|
| /// File Name: |
debian.zope.txt |
Description:
|
Debian Security Advisory - On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request.
| | Homepage: | http://www.debian.org/security | | File Size: | 5259 | | Last Modified: | Mar 15 23:58:25 2001 |
| MD5 Checksum: | c48c94aca5f08103caa9e3d767bf0739 |
|
| /// File Name: |
debian.xemacs.txt |
Description:
|
Debian Security Advisory DSA-042-1 - Gnuserv, a remote control facility for Emacsen which is available as standalone program as well as included in XEmacs21, has a buffer overflow which can be exploited to make the cookie comparison always succeed.
| | Homepage: | http://www.debian.org/security | | File Size: | 8652 | | Last Modified: | Mar 15 23:57:39 2001 |
| MD5 Checksum: | a895bc2064bcdf6c3fabf251ccf82017 |
|
| /// File Name: |
debian.joerc.txt |
Description:
|
Debian Security Advisory DSA-041-1 - The text editor joe attempts to read .joerc from the current directory, allowing malicious local users to execute commands as other users if they use joe in writable directories.
| | Homepage: | http://www.debian.org/security | | File Size: | 3661 | | Last Modified: | Mar 15 21:35:28 2001 |
| MD5 Checksum: | e591023e7a4bedf8a6900673f94e6a0e |
|
| /// File Name: |
debian.slrn.txt |
Description:
|
Debian Security Advisory DSA-040-1 - The slrn newsreader has remotely exploitable buffer overflows if the wrapping/unwrapping functions are enabled.
| | Homepage: | http://www.debian.org/security | | File Size: | 4592 | | Last Modified: | Mar 15 21:19:48 2001 |
| MD5 Checksum: | 585880baaeff9496b6bc666274f2034b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
