Debian Linux Distribution
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Colin Phipps discovered that the exuberant-ctags packages as distributedwith Debian GNU/Linux 2.2 creates temporary files insecurely.
Previous advisory introduced apotential denial of service attack.
Przemyslaw Frasunek reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit.
The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code.
This advisory covers several vulnerabilities in Zope that have been addressed.
Klaus Frank has found a vulnerability in the way gnuserv handled remote connections.
Christer Öberg of Wkit Security AB found a problem in joe (Joe's Own Editor).
slrn might overflow a buffer which could result into executingarbitraty code encoded in the message.
This is an update to the DSA-032-1 advisory. The powerpc packagethat was listed in that advisory was unfortunately compiled onthe wrong system which caused it to not work on a Debian GNU/Linux 2.2system.
The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems.
Former versions of sgml-tools created temporary files directly in /tmp in an insecure fashion.
It has been reported that the AsciiSrc and MultiSrc widget in the Athena widget library handle temporary files insecurely.
It has been reported that a local user could tweak Midnight Commander of another user into executing a random program under the user id of the person running Midnight Commander.
It has been reported that one can tweak man2html remotely into consuming all available memory. This has been fixed by Nicolás Lichtmaier with help of Stephan Kulow.
Fumitoshi Ukai and Denis Barbier have found several potential buffer overflow bugs in our version of ePerl as distributed in all of our distributions.
The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16.
There are two problems with the version of proftpd that is in Debian 2.2 (potato).
The most recent advisory covering sudo missed one architecture that was released with 2.2. Therefore this advisory is only an addition to DSA 031-1 and only adds the relevant package for the powerpc architecture.
In Debian Security Advisory DSA 011-1 we have reported insecure creation of temporary files in the mgetty package that have been fixed. For details please read the main advisory.
In Debian Security Advisory DSA 029-1 we have reported several vulnerabilities in proftpd that have been fixed. For details please read the main advisory.