Debian Linux Distribution - Page 236.75
Find the information you need for your favorite open source distribution .
Debian: New kpdf packages fix arbitrary code execution
Marcelo Ricardo Leitner noticed that the current patch in DSA 932 (CVE-2005-3627) for kpdf, the PDF viewer for KDE, does not fix all buffer overflows, still allowing an attacker to execute arbitrary code.
Debian: New drupal packages fix several vulnerabilities
The Drupal Security Team discovered several vulnerabilities in Drupal, a fully-featured content management and discussion engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-1225,CVE-2006-1226,CVE-2006-1227,CVE-2006-1228
Debian: vlc fix arbitrary code execution DSA-1004-1
Simon Kilvington discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code. The vlc media player links statically against libavcodec.
Debian: New xpvm packages fix insecure temporary file
Eric Romang discoverd that xpvm, a graphical console and monitor for PVM, creates a temporary file that allows local attackers to create or overwrite arbitrary files with the privileges of the user running xpvm.
Debian: New webcalendar packages fix several vulnerabilities
Several security related problems have been discovered in webcalendar, a PHP based multi-user calendar. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-3949 Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands. CVE-2005-3961 Missing input sanitising allowas an attacker to overwrite local files. CVE-2005-3982 A CRLF injection vulnerability allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks.
