Debian Essential And Critical Security Patch Updates - Page 292
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It has been reported that one can tweak man2html remotely into consuming all available memory. This has been fixed by Nicolás Lichtmaier with help of Stephan Kulow.
Fumitoshi Ukai and Denis Barbier have found several potential buffer overflow bugs in our version of ePerl as distributed in all of our distributions.
The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16.
There are two problems with the version of proftpd that is in Debian 2.2 (potato).
The most recent advisory covering sudo missed one architecture that was released with 2.2. Therefore this advisory is only an addition to DSA 031-1 and only adds the relevant package for the powerpc architecture.
In Debian Security Advisory DSA 011-1 we have reported insecure creation of temporary files in the mgetty package that have been fixed. For details please read the main advisory.
In Debian Security Advisory DSA 029-1 we have reported several vulnerabilities in proftpd that have been fixed. For details please read the main advisory.
Todd Miller announced a new version of sudo which corrects a buffer overflow that could potentially be used to gain root privilages on the local system.
Several people have noted a number of problems in several components of the X Window System sample implementation.
Chris Evans, Joseph S. Myers, Michal Zalewski, Alan Cox, and others have noted a number of problems in several components of the X Window System sample implementation.
Remote DOS & potential buffer overflow exist with previous versions of proftpd
Styx has reported that the program `man' mistakenly passes maliciousstrings through routines that were not meant to use them as format strings.
A former security upload of OpenSSH was linked against the wrongversion of libssl (providing an API to SSL), that version was notavailable on sparc.
A former security upload of OpenSSH lacked support for PAM which leadinto people not being able to log in into their server. This was onlya problem on the sparc architecture.
Local insecure crontab handling vulnerability exists in previous versions.
Multiple local temp file vulnerabilities exist with previous versions of inn2.
exmh creates temporary files in an insecure fasion, thus making it vulnerable to a symlink attack.
WireX have found some occurrences of insecure opening of temporaryfiles in htdigest and htpasswd. The Apache group has also fixed a vulnerability in mod_rewrite.