Debian Linux Distribution - Page 292
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A buffer overflow in ncurses, linked to the "cda" binary, allowed a rootexploit. The problem is fixed in xmcd 2.5pl1-7.1.
The version of the ncurses display library shipped with Debian GNU/Linux 2.2is vulnerable to several buffer overflows in the parsing of terminfodatabase files.
hacksware reported a buffer overflow in the AFS packet parsing code inethereal.
When joe dies to a signal instead of a normal exit it is vulnerable to a symlink attack.
Several buffer overflows were found which allow an attacker to make tcpdump crash.
Sebastian Krahmer found a problem in the modprobe utility that could beexploited by local users to run arbitrary commands as root if themachine is running a kernel with kmod enabled.
Mandrake has recently released a security advisory against CUPSraising two issues
The version of Vixie Cron shipped with Debian GNU/Linux 2.2 is vulnerable toa local attack, discovered by Michal Zalewski.
The version of BIND shipped with Debian GNU/Linux 2.2 is vulnerable toa remote denial of service attack
Proton reported on bugtraq that tcsh did not handle in-here documentscorrectly. The version of tcsh that is distributed with Debian GNU/Linux2.2r0 also suffered from this problem.
The version of gnupg that was distributed in Debian GNU/Linux 2.2 hada logic error in the code that checks for valid signatures which couldcause false positive results:
The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains an ypbind package with a security problem.
In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code.
In versions of the PHP 3 packages before version 3.0.17, several formatstring bugs could allow properly crafted requests to execute code as theuser running PHP scripts on the web server, particularly if error loggingwas enabled.
The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code.
In versions of boa before 0.94.8.3, it is possible to access files outside of the server's document root by the use of properly constructed URL requests.
Debian is phasing out support for Debian 2.1 (slink) and are looking for feedback.
libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege.