Debian Linux Distribution - Page 10.45
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Patrice Fournier found that hylafax passes unsanitized user data in the notify script, allowing users with the ability to submit jobs to run arbitrary commands with the privileges of the hylafax server.
Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems:
Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitary code with root privileges.
iDEFENSE reports that a format string vulnerability in mod_auth_pgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user.
"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.