Debian Essential And Critical Security Patch Updates - Page 277

Debian: Kernel vulnerability in brk()

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Recently multiple servers of the Debian project were compromised using aDebian developers account and an unknown root exploit. Forensicsrevealed a burneye encrypted exploit. Robert van der Meulen managed todecrypt the binary which revealed a kernel exploit. Usingthis bug it is possible for a userland program to trick the kernel intogiving access to the full kernel address space.

LinuxSecurity.com Team
Dec 01, 2003

Debian: hylafax Multiple format string vulnerabilities

The SuSE Security Team discovered several exploitable formats stringvulnerabilities in hylafax, a flexible client/server fax system, whichcould lead to executing arbitrary code as root on the fax server.

LinuxSecurity.com Team
Nov 17, 2003

Debian: minimalist Unsanitized input vulnerability

A security-related problem has been discovered in minimalist, amailing list manager, which allows a remote attacker to executearbitrary commands.

LinuxSecurity.com Team
Nov 17, 2003

Debian: omega-rpg buffer overflow vulnerability

Steve Kemp discovered a buffer overflow in the commandline andenvironment variable handling of omega-rpg.

LinuxSecurity.com Team
Nov 11, 2003

Debian: epic4 Buffer overflow vulnerability

A maliciousserver could craft a reply which triggers the client to allocate anegative amount of memory. This could lead to a denial of service ifthe client only crashes, but may also lead to executing of arbitrarycode under the user id of the chatting user.

LinuxSecurity.com Team
Nov 10, 2003

Debian: conquest Buffer overflow vulnerability

Steve Kemp discovered a buffer overflow in the environment variablehandling of conquest, a curses based, real-time, multi-player spacewarfare game, which could lead a local attacker to gain unauthorisedaccess to the group conquest.

LinuxSecurity.com Team
Nov 10, 2003

Debian: postgresql Remote buffer overflow vulnerability

Tom Lane discovered a buffer overflow in the to_ascii function inPostgreSQL. This allows remote attackers to execute arbitrary code onthe host running the database.

LinuxSecurity.com Team
Nov 07, 2003

Debian: thttpd Multiple vulnerabilities

An information leak and an arbitrary code execution vulnerability have been fixed.

LinuxSecurity.com Team
Oct 29, 2003

Debian: tomcat4 denial of service vulnerability

Aldrin Martoq has discovered a denial of service (DoS) vulnerability inApache Tomcat 4.0.x.

LinuxSecurity.com Team
Oct 15, 2003

Debian: openssl095 ASN.1 Remote vulnerability

teve Henson of the OpenSSL core team identified and prepared fixesfor a number of vulnerabilities in the OpenSSL ASN1 code that werediscovered after running a test suite by British NationalInfrastructure Security Coordination Centre (NISCC).

LinuxSecurity.com Team
Oct 13, 2003

Debian: openssl denial of service

There are a number of errors in the ASN1 code.

LinuxSecurity.com Team
Oct 01, 2003

Debian: webfs Multiple vulnerabilities

Multiple vulnerabilities including unauthorized access and buffer overflow have been fixed.

LinuxSecurity.com Team
Sep 29, 2003

Debian: freesweep Buffer overflow vulnerability

Steve Kemp discovered a buffer overflow in freesweep, when processingseveral environment variables. This vulnerability could be exploitedby a local user to gain gid 'games'.

LinuxSecurity.com Team
Sep 28, 2003

Debian: marbles Buffer overflow vulnerability

Steve Kemp discovered a buffer overflow in marbles, when processingthe HOME environment variable. This vulnerability could be exploitedby a local user to gain gid 'games'.

LinuxSecurity.com Team
Sep 26, 2003

Debian: ssh-krb5 Multiple vulnerabilities

This advisory is an addition to the earlier DSA-383-1 advisory: SolarDesigner found four more bugs in OpenSSH that may be exploitable.

LinuxSecurity.com Team
Sep 21, 2003

Debian: ssh Multiple additional vulnerabilities

This advisory is an addition to the earlier DSA-382-1 and DSA-382-3advisories: Solar Designer found four more bugs in OpenSSH that may beexploitable.

LinuxSecurity.com Team
Sep 21, 2003

Debian: ipmasq Insecure packet filtering rules

Due to use ofcertain improper filtering rules, traffic arriving on the externalinterface addressed for an internal host would be forwarded,regardless of whether it was associated with an establishedconnection.

LinuxSecurity.com Team
Sep 20, 2003

Debian: libmailtools-perl Local input validation vulnerability

Mail::Mailer module, a Perl module used for sending email, wherebypotentially untrusted input is passed to a program such as mailx,which may interpret certain escape sequences as commands to beexecuted.

LinuxSecurity.com Team
Sep 19, 2003

Debian: hztty Local buffer overflow

hztty, a program to translate Chinese character encodings in aterminal session. These vulnerabilities could be exploited by a localattacker to gain root privileges on a system where hztty is installed.

LinuxSecurity.com Team
Sep 19, 2003

Debian: gopher Remote buffer overflow vulnerability

gopherd, a gopher server from the University of Minnesota, contains anumber of buffer overflows which could be exploited by a remoteattacker to execute arbitrary code with the privileges of the gopherdprocess.

LinuxSecurity.com Team
Sep 19, 2003