Debian Essential And Critical Security Patch Updates - Page 300
Find the information you need for your favorite open source distribution .
Debian: 'bind' DoS
The version of BIND shipped with Debian GNU/Linux 2.2 is vulnerable toa remote denial of service attack
Debian: 'tcsh' update
Proton reported on bugtraq that tcsh did not handle in-here documentscorrectly. The version of tcsh that is distributed with Debian GNU/Linux2.2r0 also suffered from this problem.
Debian: 'gnupg' update
The version of gnupg that was distributed in Debian GNU/Linux 2.2 hada logic error in the code that checks for valid signatures which couldcause false positive results:
Debian: 'nis' vulnerability
The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains an ypbind package with a security problem.
Debian: Updated 'php4' packages
In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code.
Debian: 'php3' Format string vulnerability
In versions of the PHP 3 packages before version 3.0.17, several formatstring bugs could allow properly crafted requests to execute code as theuser running PHP scripts on the web server, particularly if error loggingwas enabled.
Debian: 'curl' and 'curl-ssl' updates
The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code.
Debian: updated 'Boa' packages
In versions of boa before 0.94.8.3, it is possible to access files outside of the server's document root by the use of properly constructed URL requests.
Debian: Info: Phasing out support for 2.1
Debian is phasing out support for Debian 2.1 (slink) and are looking for feedback.
Debian: 'libpam-smb' vulnerability
libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege.
Debian: xpdf vulnerabilities
Several vulnerabilities exist with xpdf that could allow the creation of unsafe termporary files and the running of arbitrary shell commands.
Debian: horde and imp vulnerabilities
A vulnerability exists that could allow a user to run arbitrary commands on the server.
Debian 2.1: glibc vulnerabilities
Recently two problems have been found in the glibc suite, which could beused to trick setuid applications to run arbitrary code.
Debian: 'screen' vulnerability
A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid.
Debian: glibc vulnerabilities
Recently two problems have been found in the glibc suite, which could beused to trick setuid applications to run arbitrary code.
Debian: netscape vulnerability
An updated netscape package now exists to fix several remote exploit vulnerabilities.
Debian: Updated 'xchat' packages available.
The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code.
Debian: UPDATE: ntop remote exploit vulnerability
Ntop was still exploitable using bufferoverflows. Using this technique it was possible to run arbitrary codeas the user who ran ntop in web mode.
