Debian Linux Distribution - Page 249
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that "magic_quotes_gpc" is disabled.
A buffer overflow has been discovered in the telnet server from Heimdal, a free implementation of Kerberos 5, that could lead to the execution of arbitrary code.
Daniel Wachdorf reported two problems in the MIT krb5 distribution used for network authentication.
A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware.
Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system.
Frank Warmerdam discovered a stack-based buffer overflow in libtiff, the Tag Image File Format library for processing TIFF graphics files that can lead to the executionof arbitrary code via malformed TIFF files.
Eric Romang discovered that centericq, a text-mode multi-protocol instant messenger client, creates some temporary files with predictable filenames and is hence vulnerable to symlink attacks by local attackers.
A format string vulnerability has been discovered in gedit, a light-weight text editor for GNOME, that may allow attackers to cause a denial of service (application crash) via a binary file with format string specifiers in the filename.
Two problems have been discovered in gzip, the GNU compression utility.
The upstream developers have discovered a bug in the DNS lookup code of Squid, the popular WWW proxy cache.
A vulnerability has been discovered in ruby1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server.
dhcpcd, a DHCP client for automatically configuring IPv4 networking, can be tricked into reading past the end of the supplied DHCP buffer which could lead to the daemon crashing.
A vulnerability was discovered in the ettercap package which could allow a remote attacker to execute arbitrary code on the system running ettercap.
A vulnerability has been identified in the xmlrpc library included in the egroupware package. This vulnerability could lead to the execution of arbitrary commands on the server running egroupware.
Two input validation errors were discovered in drupal and its bundled xmlrpc module. These errors can lead to the execution of arbitrary commands on the web server running drupal.
Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious local users to disclose potentially sensitive information.
Several problems have been discovered in ht, a viewer, editor and analyser for various executables, that may lead to the execution of arbitrary code.
Derek Price, the current maintainer of CVS, discovered a buffer overflow in the CVS server, that serves the popular Concurrent Versions System, which could lead to the execution of arbitrary code.
Chris Evans discovered that a specially crafted archive can trigger an infinete loop in bzip2, a high-quality block-sorting file compressor.
An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.