Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Debian

Debian Security Advisories

Here you'll find the latest security advisories from Debian. Our database currently contains 3782 Debian security advisories.
Page: 12... 145 146 147 148 149 150 151 152 out of 152

Multiple MySQL vulnerabilities | DSA-212-1 | December 17, 2002
While performing an audit of MySQL e-matters found several problems.

lynx CRLF injection | DSA-210-1 | December 13, 2002
lynx (a text-only web browser) did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a reques

Wget multiple vulnerabilities | DSA-209-1 | December 13, 2002
Two problems have been found in the wget package as distributed in Debian GNU/Linux: * Stefano Zacchiroli found a buffer overrun in the url_filename function, which would make wget segfault on v

New tetex-lib packages fix arbitrary command execution | DSA 207-1 | December 11, 2002
The SuSE security team discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips.

gtetrinet buffer overflows | DSA 205-1 | December 10, 2002
Steve Kemp and James Antill found several buffer overflows in the gtetrinet (a multiplayer tetris-like game) package as shipped in Debian GNU/Linux 3.0, which could be abused by a malicious server.

New sqwebmail packages fix local information exposure | DSA 197-1 | November 20, 2002
A problem in the Courier sqwebmail package, a CGI program to grant authenticated access to local mailboxes, has been discovered. The program did not drop permissions fast enough upon startup under

Window Maker buffer overflow | DSA 190-1 | November 07, 2002
Al Viro found a problem in the image handling code use in Window Maker, a popular NEXTSTEP like window manager. When creating an image it would allocate a buffer by multiplying the image width and h

DSA 173-1-bugzilla | DSA 173-1 | October 09, 2002
The developers of Bugzilla, a web-based bug tracking system, discovered a problem in the handling of more than 47 groups. When a new product is added to an installation with 47 groups or more and

DSA 141-1-mpack | DSA 141-1 | August 03, 2002
Eckehard Berns discovered a buffer overflow in the munpack program which is used for decoding (respectively) binary files in MIME (Multipurpose Internet Mail Extensions) format mail messages. If m

DSA 140-1-libpng2, libpng3 | DSA 140-1 | August 01, 2002
Developers of the PNG library have fixed a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed d

DSA-138-1-gallery | DSA-138-1 | August 01, 2002
A problem was found in gallery (a web-based photo album toolkit): it was possible to pass in the GALLERY_BASEDIR variable remotely. This made it possible to execute commands under the uid of web-ser

DSA-136-1:openssl | DSA-136-1 | July 30, 2002
The OpenSSL development team has announced that a security audit by A.L. Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed remotely exploitable buffer overflow conditions in th

DSA-135-1-libapache-mod-ssl | DSA-135-1 | July 02, 2002
The libapache-mod-ssl package provides SSL capability to the apache webserver. Recently, a problem has been found in the handling of .htaccess files, allowing arbitrary code execution as the web se

DSA-131-2-apache | DSA-131-2 | June 19, 2002
The DSA-131-1 advisory for the Apache chunk handling vulnerability contained an error and was missing some essential information: * The upstream fix was for the 1.3 series was made in version 1.3.

DSA-131-1-apache | DSA-131-1 | June 19, 2002
Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which

DSA-130-1-memory allocation error in ethereal | DSA-130-1 | June 03, 2002
Ethereal versions prior to 0.9.3 were vulnerable to an allocation error in the ASN.1 parser. This can be triggered when analyzing traffic using the SNMP, LDAP, COPS, or Kerberos protocols in etherea

DSA-129-1-uucp | DSA-129-1 | June 03, 2002
We have received reports that in.uucpd, an authentication agent in the uucp package, does not properly terminate certain long input strings. This has been corrected in uucp package version 1.06.1-11

DSA-128-1-sudo | DSA-128-1 | April 26, 2002
Fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access.

DSA-127-1:xpilot | DSA-127-1 | April 21, 2002
An internal audit by the xpilot (a multi-player tactical manoeuvring game for X) maintainers revealed a buffer overflow in xpilot server. This overflow can be abused by remote attackers to gain acce

DSA-126-1-cross-site scripting (CSS) | DSA-126-1 | April 16, 2002
A cross-site scripting (CSS) problem was discovered in Horde and IMP (a web based IMAP mail package). This was fixed upstream in Horde version 1.2.8 and IMP version 2.2.8. The relevant patches have

DSA-123-1-listar | DSA-123-1 | March 21, 2002
Package : listar Problem type : remote exploit Debian-specific: no Janusz Niewiadomski and Wojciech Purczynski reported a buffer overflow in the address_match of listar (a listserv style

DSA-119-1: openssh | DSA-119-1 | March 12, 2002
Joost Pol reports that OpenSSH versions 2.0 through 3.0.2 have an off-by-one bug in the channel allocation code. This vulnerability can be exploited by authenticated users to gain root privilege or

DSA-111-1: ucd-snmp | DSA-111-1 | February 14, 2002
The Secure Programming Group of the Oulu University did a study on SNMP implementations and uncovered multiple problems which can cause problems ranging from Denial of Service attacks to remote exp

DSA 110-1-Debian-cupsys buffer overflow | DSA 110-1 | February 14, 2002
The authors of CUPS, the Common UNIX Printing System, have found a potential buffer overflow bug in the code of the CUPS daemon where it reads the names of attributes. This affects all versions of

Debian Security Advisory DSA-106-2-rsync | DSA-106-2 | February 05, 2002
Unfortunately the patch used to fix that problem broke rsync. This has been fixed in version 2.3.2-1.5 and we recommend you upgrade to that version immediately.

Page: 12... 145 146 147 148 149 150 151 152 out of 152

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »