Debian Linux Distribution - Page 239
Find the information you need for your favorite open source distribution .
Debian: elog fix arbitrary code execution DSA-967-1
Several security problems have been found in elog, an electonic logbook to manage notes. The Common Vulnerabilities and Exposures Project identifies the following problems...
Debian: New gnocatan packages fix denial of service
A problem has been discovered in gnocatan, the computer version of the settlers of Catan boardgame, that can lead the server an other clients to exit via an assert, and hence does not permit the execution of arbitrary code.
Debian: libmail-audit-perl fix insecure temporary file use DSA-960-1
Niko Tyni discovered that the Mail::Audit module, a Perl library for creating simple mail filters, logs to a temporary file with a predictable filename in an insecure fashion when logging is turned on, which is not the case by default.
Debian: New ImageMagick packages fix arbitrary command execution
Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird. This update filters out the '$' character as well, which was forgotton in the former update.
Debian: New unalz packages fix arbitrary code execution
Ulf H�rnhammer from the Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive.
Debian: New trac packages fix SQL injection and cross-site scripting
This update corrects the search feature in trac, an enhanced wiki and issue tracking system for software development projects, which broke with the last security update.
Debian: New tetex-bin packages fix arbitrary code execution
"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
Debian: New koffice packages fix arbitrary code execution
"infamous41md" and chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
Debian: New Perl packages fix arbitrary code execution
Jack Louis discovered an integer overflow in Perl, Larry Wall's Practical Extraction and Report Language, that allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via specially crafted content that is passed to vulnerable format strings of third party software.
Debian: ClamAV fix heap overflow DSA-947-1
A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected.
Debian: New CUPS packages fix arbitrary code execution
"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
Debian: New xpdf packages fix arbitrary code execution
"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
Debian: ImageMagick fix arbitrary command execution DSA-957-1
Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird.
