Debian Essential And Critical Security Patch Updates - Page 326

Warning: Undefined property: stdClass::$helix_ultimate_image in /var/www/www.linuxsecurity.com-443/html/templates/newsberg/html/com_content/category/blog_item.php on line 54

Warning: Undefined property: stdClass::$helix_ultimate_image in /var/www/www.linuxsecurity.com-443/html/templates/newsberg/html/com_content/category/blog_item.php on line 55

Debian 2.1: nmh Remote Exploit Advisory - February 28, 2000

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

nmh did not check incoming mail messages properly. This could be exploited byusing carefully designed MIME headers to trick mhshow into executing arbitrary shell code. [Found on LWN]

LinuxSecurity.com Team
Feb 28, 2000

Debian 2.1 Security Advisory: Make Package Symlink Attack Risk

The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to arace condition that can be exploited with a symlink attack. make usedmktemp while creating temporary files in /tmp. and that is a knownpotential security hole, as documented in the man page of mktemp.

LinuxSecurity.com Team
Feb 21, 2000

Debian GNU/Linux: 0.6a.nr-4slink1 Critical: apcd Symlink Attack

The apcd package as shipped in Debian GNU/Linux 2.1 is vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it will dump its status to /tmp/upsstat. However this file is not opened safely, which makes it a good target for a symlink attack. This has been fixed in version 0.6a.nr-4slink1. We recommend you upgrade your apcd package immediately.

LinuxSecurity.com Team
Feb 01, 2000

Debian Security Advisory: ftpwatch Root Compromise Affects All Versions

This vulnerability exists in all distributed versions of the ftpwatch package. We recommend that you remove ftpwatch package until a corrected version is released.