Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Debian

Debian Security Advisories

Here you'll find the latest security advisories from Debian. Our database currently contains 3782 Debian security advisories.
Page: 12...143 144 145 146 147 out of 152

New sup packages fix insecure temporary file creation | DSA 353-1 | July 29, 2003
sup, a package used to maintain collections of files in identical versions across machines, fails to take appropriate security precautions when creating temporary files. A local attacker could exploit

New xconq packages fix buffer overflows | DSA 354-1 | July 29, 2003
Steve Kemp discovered a buffer overflow in xconq, in processing the USER environment variable. In the process of fixing this bug, a similar problem was discovered with the DISPLAY environment variable

New fdclone packages fix insecure temporary directory usage | DSA 352-1 | July 22, 2003
fdclone creates a temporary directory in /tmp as a workspace. However, if this directory already exists, the existing directory is used instead, regardless of its ownership or permissions. This would

New php4 packages fix cross-site scripting vulnerability | DSA 351-1 | July 16, 2003
The transparent session ID feature in the php4 package does not properly escape user-supplied input before inserting it into the generated HTML page. An attacker could use this vulnerability to execu

New falconseye packages fix buffer overflow | DSA 350-1 | July 15, 2003
The falconseye package is vulnerable to a buffer overflow exploited via a long '-s' command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where falconsey

New nfs-utils package fixes buffer overflow | DSA 349-1 | July 14, 2003
The logging code in nfs-utils contains an off-by-one buffer overrun when adding a newline to the string being logged. This vulnerability may allow an attacker to execute arbitrary code or cause a deni

New traceroute-nanog packages fix integer overflow | DSA 348-1 | July 11, 2003
Traceroute-nanog, an enhanced version of the common traceroute program, contains an integer overflow bug which could be exploited to execute arbitrary code. Traceroute-nanog is setuid root, but drops

New skk, ddskk packages fix insecure temporary file creation | DSA 343-1 | July 08, 2003
skk (Simple Kana to Kanji conversion program), does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with

New unzip packages fix directory traversal | DSA 344-1 | July 08, 2003
A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters.

New xbl packages fix buffer overflow | DSA 345-1 | July 08, 2003
Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. This vulnerability could be exploited by a local

New phpsysinfo packages fix directory traversal | DSA 346-1 | July 08, 2003
Albert Puigsech Galicia reported that phpsysinfo, a web-based program to display status information about the system, contains two vulnerabilities which could allow local files to be read, or arbitra

New teapop packages fix SQL injection | DSA 347-1 | July 08, 2003
teapop, a POP-3 server, includes modules for authenticating users against a PostgreSQL or MySQL database. These modules do not properly escape user-supplied strings before using them in SQL queries. T

New mozart packages fix unsafe mailcap configuration | DSA 342-1 | July 07, 2003
mozart, a development platform based on the Oz language, includes MIME configuration data which specifies that Oz applications should be passed to the Oz interpreter for execution. This means that fil

New semi, wemi packages fix insecure temporary file creation | DSA 337-1 | July 06, 2003
semi, a MIME library for GNU Emacs, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileg

New x-face-el packages fix insecure temporary file creation | DSA 338-1 | July 06, 2003
x-face-el, a decoder for images included inline in X-Face email headers, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwr

New semi, wemi packages fix insecure temporary file creation | DSA 339-1 | July 06, 2003
semi, a MIME library for GNU Emacs, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileg

New x-face-el packages fix insecure temporary file creation | DSA 340-1 | July 06, 2003
x-face-el, a decoder for images included inline in X-Face email headers, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwr

New liece packages fix insecure temporary file creation | DSA 341-1 | July 06, 2003
liece, an IRC client for Emacs, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges o

New Linux 2.2.20 packages and i386 kernel images fix several vulnerabilities | DSA 336-1 | June 29, 2003
A number of vulnerabilities have been discovered in the Linux kernel.
» CVE-2002-0429 Low: The iBCS routines in arch/i386/kernel/ (0.00)

New gtksee packages fix buffer overflow | DSA 337-1 | June 29, 2003
Viliam Holub discovered a bug in gtksee whereby, when loading PNG images of certain color depths, gtksee would overflow a heap-allocated buffer. This vulnerability could be exploited by an attacker us

New proftpd packages fix SQL injection | DSA 338-1 | June 29, 2003
runlevel [[email protected]] reported that ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack. This vulnerability could be exploited by a remote, unauthenticated at

Factual correction for DSA-336-1 | DSA 336-2 | June 29, 2003
This advisory is being released as a factual correction to DSA-336-1. In an administrative error, DSA-336-1 listed several CVE names which did not, in fact, apply to Linux 2.2.20, and omitted one vul
» CVE-2002-0429 Low: The iBCS routines in arch/i386/kernel/ (0.00)

New xgalaga packages fix buffer overflow | DSA 334-1 | June 28, 2003
Steve Kemp discovered several buffer overflows in xgalaga, a game, which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain gid 'ga

New mantis packages fix insecure file permissions | DSA 335-1 | June 28, 2003
mantis, a PHP/MySQL web based bug tracking system, stores the password used to access its database in a configuration file which is world-readable. This could allow a local attacker to read the passwo

New imagemagick packages fix insecure temporary file creation | DSA 331-1 | June 27, 2003
Imagemagick's libmagick library, under certain circumstances, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create o

Page: 12...143 144 145 146 147 out of 152

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »