Debian Essential And Critical Security Patch Updates - Page 263
Find the information you need for your favorite open source distribution .
Debian: New evolution packages fix arbitrary code execution as root
Max Vozeler discovered an integer overflow in a helper application inside of Evolution, a free grouware suite. A local attacker could cause the setuid root helper to execute arbitrary code with elevated privileges.
Debian: squid fix several vulnerabilities DSA-667-1
LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access controls or confusing accounting.
Debian: New Python2.2 packages fix unauthorised XML-RPC internals access
For the stable distribution (woody) this problem has been fixed in version 2.2.1-4.7. No other version of Python in woody is affected.
Debian: prozilla fix arbitrary code execution DSA-663-1
Several buffer overflows have been discovered in prozilla, a multi-threaded download accelerator which could be exploited by a remote attacker to execute arbitrary code on the victim's machine. An exploit for prozilla is already in the wild.
Debian: New squirrelmail package fixes several vulnerabilities
Upstream developers noticed that an unsanitised variable could lead to cross site scripting.
Debian: f2c fix insecure temporary files DSA-661-1
Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that f2c and fc, which are both part of the f2c package, a fortran 77 to C/C++ translator, open temporary files insecurely and are hence vulnerable to a symlink attack.
