Erik Sjölund discovered a buffer overflow in xatitv, one of the
programs in the gatos package, that is used to display video with
certain ATI video cards. xatitv is installed setuid root in order to
gain direct access to the video hardware.
ndrew V. Samoilov has noticed that several bugfixes which were
applied to the source by upstream developers of mc, the midnight
commander, a file browser and manager, were not backported to the
current version of mc that Debian ships in their stable release.
Philip Hazel announced a buffer overflow in the host_aton function in
exim-tls, the SSL-enabled version of the default mail-tranport-agent
in Debian, which can lead to the execution of arbitrary code via an
illegal IPv6 address.
Several insecure uses of temporary files have been discovered in support scripts in the libc6 package which provices the c library for a GNU/Linux system. Trustix developers found that the catchsegv script uses temporary files insecurely. Openwall developers discovered insecure temporary files in the glibcbug script. These scripts are vulnerable to a symlink attack.
Philip Hazel announced a buffer overflow in the host_aton function in exim, the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address.
Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system.
Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for SVGAlib, discovered that temporary files are created in an insecure fashion. A malicious local user could cause arbitrary files to be overwritten by a symlink attack.
Stephen Dranger discovered a buffer overflow in linpopup, an X11 port of winpopup, running over Samba, that could lead to the execution of arbitrary code when displaying a maliciously crafted message.
Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.
Jeroen van Wolffelaar discovered a problem in lintian, the Debian package checker. The program removes the working directory even if it wasn't created at program start, removing an unrelated file or directory a malicious user inserted via a symlink attack.
A buffer overflow has been discovered in the MIT Kerberos 5 administration library (libkadm5srv) that could lead to the execution of arbitrary code upon exploition by an authenticated user, not necessarily one with administrative privileges.
Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib and imlib2, imaging libraries for X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib or imlib2 to execute arbitrary code when the file was opened by a victim.
A cross-site scripting vulnerability has been discovered in namazu2, a full text search engine. An attacker could prepare specially crafted input that would not be sanitised by namazu2 and hence displayed verbatim for the victim.
Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image File Format library for processing TIFF graphics files. Upon reading a TIFF file it is possible to crash the application, and maybe also to execute arbitrary code.
Danny Lungstrom discovered two buffer overflows in pcal, a program to generate Postscript calendars, that could lead to the execution of arbitrary code when compiling a calendar.
A buffer overflow has been discovered in zip, the archiver for .zip files. When doing recursive folder compression the program did not check the resulting path length, which would lead to memory being overwritten. A malicious person could convince a user to create an archive containing a specially crafted path name, which could lead to
the execution of arbitrary code.
Jonathan Rockway discovered a buffer overflow in nasm, the general-purpose x86 assembler, which could lead to the execution of arbitrary code when compiling a maliciously crafted assembler source file.
Javier Fernández-Sanguino Peña has discovered multiple insecure uses of temporary files that could lead to overwriting arbitrary files via a symlink attack.
An iDEFENSE security researcher discovered a buffer overflow in xpdf, the Portable Document Format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, leading to the execution of arbitrary code.
