Debian Essential And Critical Security Patch Updates - Page 283
Find the information you need for your favorite open source distribution .
Debian: UPDATED: mime-support insecure tmp file vulnerability
This update fixes the second problem from the original advisory.
Debian: kdebase pdf/ps vulnerability
The KDE team discoverd a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files.
Debian: pptpd buffer overflow vulnerability
By specifying a small packet length an attacker is able to overflow a buffer and execute code under the user id that runs pptpd, probably root.
Debian: kdelibs insecure execution vulnerability
The KDE team discoverd a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files.
Debian: UPDATED: mime-support insecure tmp file creation vulnerability
Unfortunately yesterday's update for mime-support did not exactly work as expected, which requires an update.
Debian: mime-support insecure tmp file creation vulnerability
When a temporary file is to be used it is created insecurely, allowing an attacker to overwrite arbitrary under the user id of the person executing run-mailcap, most probably root.
Debian: sendmail-wide buffer overflow vulnerability
There is a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail.
Debian: rinetd denial of service vulnerability
When the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of service and potentially execution of arbitrary code.
Debian: openssl multiple vulnerabilities
Applications that are linked against the openssl library are generally vulnerable to attacks that could leak the server's private key or make the encrypted sessiondecryptable otherwise.
Debian: lpr buffer overflow vulnerability
The correction for CAN-2003-0144 for the old stable distribution (potato) was a little bit too strict apparently and this update corrects this.
Debian: epic buffer overflow vulnerability
A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries.
Debian: gs-common insecure temporary file vulnerability
A file is created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi.
Debian: lprng insecure temporary file vulnerability
psbanner, a printer filter, insecurely creates a temporary file for debugging purpose when it is configured as filter.
Debian: kdegraphics insecure execution vulnerability
The KDE team discoverd a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files.
Debian: xfsdump insecure file creation vulnerability
The manner in which the quota information file is created is unsafe.
Debian: heimdal Cryptographic weakness
Due to overzealous applied patches, the security update DSA 269-1introduced problems in some installations, causing the hprop serviceto fail.
Debian: glibc buffer overflow vulnerability
There is an integer overflow in the xdrmem_getbytes() function which is also present in GNU libc.
