Debian Linux Distribution
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Recently two problems have been found in the glibc suite, which could beused to trick setuid applications to run arbitrary code.
A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid.
Recently two problems have been found in the glibc suite, which could beused to trick setuid applications to run arbitrary code.
An updated netscape package now exists to fix several remote exploit vulnerabilities.
The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code.
Ntop was still exploitable using bufferoverflows. Using this technique it was possible to run arbitrary codeas the user who ran ntop in web mode.
On versions of Zope prior to 2.2.1 it was possible for a user with theability to edit DTML to gain unauthorized access to extra roles during arequest. A fix was previously announced in the Debian zope package2.1.6-5.1, but that package did not fully address the issue and has beensuperseded by this announcement.
There is a format string bug in all versions of xlockmore/xlockmore-gl.
On versions of Zope prior to 2.2beta1 it was possible for a user with theability to edit DTML can gain unauthorized access to extra roles during arequest.
Using ntop to distribute network traffic through the network, it is possible to access arbitrary files on the local filesystem. Since ntop runs as root uid, guess what that means, even /etc/shadow got unsecured.
Exploit exists that could result in a malicious user obtaining group mailman permission.
It might be possible for local usersto abuse this to carry out unauthorised actions or be able to takecontrol for service user accounts.
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2 (potato) are vulnerable to a root exploit.
The version of wu-ftpd distributed in Debian GNU/Linux 2.1 (a.k.a. slink), as well as in the frozen (potato) and unstable (woody) distributions, is vulnerable to a remote root compromise.
The version of splitvt distributed in Debian GNU/Linux 2.1, the frozen (potato) and unstable (woody) distributions, is vulnerable to a local buffer overflow.
The version of mailx distributed in Debian GNU/Linux 2.1, the frozen (potato) and unstable (woody) distributions is vulnerable to a local buffer overflow.