Debian Essential And Critical Security Patch Updates - Page 298
Find the information you need for your favorite open source distribution .
Debian: 'openssh' wrong libSSL
A former security upload of OpenSSH was linked against the wrongversion of libssl (providing an API to SSL), that version was notavailable on sparc.
Debian: 'openssh' missing PAM support
A former security upload of OpenSSH lacked support for PAM which leadinto people not being able to log in into their server. This was onlya problem on the sparc architecture.
Debian: 'cron' vulnerability
Local insecure crontab handling vulnerability exists in previous versions.
Debian: 'inn2' multiple vulnerabilities
Multiple local temp file vulnerabilities exist with previous versions of inn2.
Debian: 'exmh' temp file vulnerability
exmh creates temporary files in an insecure fasion, thus making it vulnerable to a symlink attack.
Debian: 'apache' vulnerabilities
WireX have found some occurrences of insecure opening of temporaryfiles in htdigest and htpasswd. The Apache group has also fixed a vulnerability in mod_rewrite.
Debian: 'squid' update
WireX discovered a potential temporary file race condition in the waythat squid sends out email messages notifying the administrator aboutupdating the program.
Debian: 'tinyproxy' vulnerability
PkC have found a heap overflow in tinyproxy that could be remotelyexploited. An attacker could gain a shell (user nobody) remotely.
Debian: Updated 'wu-ftpd' ia32 packages
This additional advisory only announces a recompile of the package forthe Intel ia32 architecture.
Debian: 'jazip' vulnerability
With older versions of jazip a user could gain root access for membersof the floppy group to the local machine.
Debian: 'wu-ftpd' vulnerabilities
Security people at WireX have noticed a temp file creation bug and theWU-FTPD development team has found a possible format string bug inwu-ftpd.
Debian: 'mysql' remote buffer overflow
A buffer overflow in the mysql server that leads to a remote exploit exists in previous versions.
Debian: 'sash' incorrection permissions
Versions of sash prior to 3.4-4 did not clone /etc/shadow properlywhich lead into readable files for anybody.
Debian: 'micq' remote buffer overflow
A remote attacker may be able to sniff packets to the ICQ server to execute arbitrary code on the victim system.
Debian: 'splitvt' multiple vulnerabilities
Numerous buffer overflow and a format string attacks exist in previous versions.
Debian: 'mgetty' temp file vulnerability
Immunix reports that mgetty does not create temporary files in a securemanner, which could lead to a symlink attack.
Debian: multiple 'stunnel' vulnerabilities
Insecure file handling and format string bugs are present in previous versions of stunnel
