Debian Linux Distribution - Page 25.3
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access controls or confusing accounting.
For the stable distribution (woody) this problem has been fixed in version 2.2.1-4.7. No other version of Python in woody is affected.
Several buffer overflows have been discovered in prozilla, a multi-threaded download accelerator which could be exploited by a remote attacker to execute arbitrary code on the victim's machine. An exploit for prozilla is already in the wild.
Upstream developers noticed that an unsanitised variable could lead to cross site scripting.
Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that f2c and fc, which are both part of the f2c package, a fortran 77 to C/C++ translator, open temporary files insecurely and are hence vulnerable to a symlink attack.
Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances. This can be exploited by an attacker with physical access to the workstation to take over the desktop session.
Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module. The Common Vulnerabilities and Exposures Project identifies the following problems...
Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a tmporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library.
A heap overflow has been discovered in the DVD subpicture decoder of xine-lib. An attacker could cause arbitrary code to be executed on the victims host by supplying a malicious MPEG. By tricking users to view a malicious network stream, this is remotely exploitable.
Javier Fernández-Sanguino Peña from the Debian Security Audit Team has discovered that the vdr daemon which is used for video disk recorders for DVB cards can overwrite arbitrary files.
Erik Sjölund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files.
Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats.
A buffer overflow has been detected in the X11 dissector of ethereal, a commonly used network traffic analyser. A remote attacker may be able to overflow a buffer using a specially crafted IP packet.
Several vulnerabilities have been discovered in unarj, a non-free ARJ unarchive utility.
Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache.
Ulf Härnhammar discovered that due to missing input sanitising in diatheke, a CGI script for making and browsing a bible website, it is possible to execute arbitrary commands via a specially crafted URL.