Luki R. reported a bug in man-db: it did handle nested calls ofdrop_effective_privs() and regain_effective_privs() correctly whichwould cause it to regain privileges to early. This could be abusedto make man create files as user man.
Megyer Laszlo found a printf format bug in the exim mail transferagent. The code that checks the header syntax of an email logsan error without protecting itself against printf format attacks.
Marc Jacobsen from HP discovered that the security fixes from samba 2.0.8 did not fully fix the /tmp symlink attack problem. The samba team released version 2.0.9 to fix that, and those fixes have been added to version 2.0.7-3.3 of the Debian samba packages.
This is an addition to DSA 043-1 which fixes several vulnerabilitiesin Zope. Something went wrong so it has to be corrected. Theprevious security release 2.1.6-7 has two severe problems.
Colin Phipps and Daniel Kobras discovered and fixed several seriousbugs in the saft daemon `sendfiled' which caused it to drop privilegesincorrectly. Exploiting this a local user can easily make it executearbitrary code under root privileges.
Colin Phipps discovered that the exuberant-ctags packages as distributed with Debian GNU/Linux 2.2 creates temporary files insecurely. The updated exuberant-ctags that was mentioned in DSA-046-1 was unfortunately compiled incorrectly.
The kernels used in Debian GNU/Linux 2.2 have been found to havemultiple security problems. This is a list of problems basedon the 2.2.19 release notes as found on https://www.linux.com/
Przemyslaw Frasunek reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit.
