Find the information you need for your favorite open source distribution .
Proton reported on bugtraq that tcsh did not handle in-here documentscorrectly. The version of tcsh that is distributed with Debian GNU/Linux2.2r0 also suffered from this problem.
The version of gnupg that was distributed in Debian GNU/Linux 2.2 hada logic error in the code that checks for valid signatures which couldcause false positive results:
The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains an ypbind package with a security problem.
In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code.
In versions of the PHP 3 packages before version 3.0.17, several formatstring bugs could allow properly crafted requests to execute code as theuser running PHP scripts on the web server, particularly if error loggingwas enabled.
The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code.
In versions of boa before 0.94.8.3, it is possible to access files outside of the server's document root by the use of properly constructed URL requests.
Debian is phasing out support for Debian 2.1 (slink) and are looking for feedback.
libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege.
Several vulnerabilities exist with xpdf that could allow the creation of unsafe termporary files and the running of arbitrary shell commands.
A vulnerability exists that could allow a user to run arbitrary commands on the server.
Recently two problems have been found in the glibc suite, which could beused to trick setuid applications to run arbitrary code.
A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid.
Recently two problems have been found in the glibc suite, which could beused to trick setuid applications to run arbitrary code.
An updated netscape package now exists to fix several remote exploit vulnerabilities.
The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code.
Ntop was still exploitable using bufferoverflows. Using this technique it was possible to run arbitrary codeas the user who ran ntop in web mode.
On versions of Zope prior to 2.2.1 it was possible for a user with theability to edit DTML to gain unauthorized access to extra roles during arequest. A fix was previously announced in the Debian zope package2.1.6-5.1, but that package did not fully address the issue and has beensuperseded by this announcement.
There is a format string bug in all versions of xlockmore/xlockmore-gl.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
