Debian Security Advisory DSA 1020-1 - Chris Moore discovered that flex, a scanner generator, generates code, which allocates insufficient memory, if the grammar contains REJECT statements or trailing context rules. This may lead to a buffer overflow and the execution of arbitrary code.
a8280e87ef0f7f1f0cc74271515b56d06737597802838c34e93e02af39e8c55e
Debian Security Advisory DSA 1018-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
514d0e52b64a14ef4fb5172fb027efb610892a274d5fccddcd078c5d5071540d
Debian Security Advisory DSA 1019-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite.
280d878409707808626833e101e9628ee1a7a26197e19fd93be8f1d42196ac97
Debian Security Advisory DSA 1017-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
847aa8bc9855007fb988c559b0f83edd2e02fa2e071255baf120623e3366e301
Debian Security Advisory DSA 1016-1 - Ulf H
10db39848577ee6fd688cbd7865c31bf462fcb0ca9556b03009d2f5ef4f178e0
Debian Security Advisory DSA 1015-1 - Mark Dowd discovered a flaw in the handling of asynchronous signals in sendmail, a powerful, efficient, and scalable mail transport agent. This allows a remote attacker may to exploit a race condition to execute arbitrary code as root.
b2ff4bcd2586685dfd236341f6edae8a95f349a6bdf89a2fa812a980100f3368
Debian security advisory DSA 168-1 - Debian released new PHP packages that fix newline character injection in several PHP functions. Additionally, these packages correct a bug in PHP that allow a safe_mode restriction to be bypassed.
d11df9bb3f7995a61aa5db1b828fa32e561204530e69128bcd82699694604d0b
Debian Security Advisory 158-1 - Gaim uses URL's retrieved from message in command-line execution of the web browser without filtering these URL's first. This issue has been fixed by the Gaim developers in version 0.59.1.
66b12a671c25396e8466f1c03363e0e7c5f9a9c557b48eaf6752ba720e384559
Debian Security Advisory DSA-130-1 - Ethereal versions prior to v0.9.3 are vulnerable to an allocation error in the ASN.1 parser allowing remote root exploits. This affected GNU/Linux 2.2 and fixed packages have been released for the alpha, arm, i386, m68k, powerpc and sparc architectures.
6047e9c58a21975a17a86279a3933dce99d34759cf75423e74a5af261768ac6b
Debian Security Advisory DSA-055-1 - The gftp package has a problem in its logging code which allows malicious ftp servers to execute commands on the client machine. This has been fixed in version 2.0.6a-3.1.
298107ba14642c6d63372744b8b8563c74b01a97174ddea28e973a233b9425d8
Debian Security Advisory DSA-028-1 - Man has a format string vulnerability which leads to a local exploit for the man user.
7f1b284492e7f4466c1805b48d1553b0a408b290f99d672010d6fbe1e88e5746
Debian Security Advisory DSA-055-1 - A new Zope hotfix has been released which fixes a problem in ZClasses. The problem is "any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance." This hotfix has been added in version 2.1.6-10.
43e19e4a032a56c2461d42748f3de86336800b35fc5bacf830e6b6bf021f9c86
Debian Security Advisory DSA-054-1 - A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user can easily gain root access. This has been fixed in version 3.0pl1-57.3.
eea63bc6e40eb0f860cdf6f571bf398bc563b0d3726796f358485a9e1bb57c60
Debian Security Advisory DSA-050-1 - The saft daemon 'sendfiled' dropped privileges incorrectly allowing local users to execute arbitrary code under root privileges.
d9bd5948da66d174226338dfd12fad63a17fc8ac455f311a4a83013e7f02c069
Debian Security Advisory DSA 051-1 - The Netscape browser does not escape the GIF file comment in the image information page. This allows javascript execution in the "about:" protocol and can for example be used to upload the History (about:global) to a webserver, thus leaking private information. This problem has been fixed upstream in Netscape 4.77.
d245c1b069c66fda15f817b49e426623e5b1c185f8661043593be04be789060d
Debian Security Advisory DSA-048-1 - Cfingerd v1.4.1 and below contains a remote root vulnerability in the logging code. When combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could exploited by a remote user.
4f2c12f6d99ee40361976febf66e64d47d18e894ffe3b2fab72ba9d1c6cef850
Debian Security Advisory DSA-048-1 - Samba does not use temp files correctly, allowing local attackers to trick samba into overwriting arbitrary files. Both problems have been fixed in version 2.0.7-3.2.
c64ca9f497ad002e62c183ca44b7e3a1180a6da09f6d05e942a74c5b380db8a7
Debian Security Advisory DSA-047-1 - The kernels used in Debian GNU/Linux 2.2 have been found to have a dozen security problems. Upgrade to 2.2.19!
4cb8dd320857282d9391d0b8d746664e7731e2e0d7cf46e248a7589d153f459a
Debian Security Advisory DSA-046-1 - The exuberant-ctags packages as distributed with Debian GNU/Linux 2.2 creates temporary files insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian package, and upstream version 3.5.
17eceaea16a06fde0506424fbb9498b4a83a85ee0de527bb888efd0268e139e3
Debian Security Advisory DSA-045-1 - A buffer overflow has been found in ntp which can lead to remote root compromise. Versions ntp-4.0.99k and prior are vulnerable.
9c449bd96d0df6fbfc6293c1226d57c290433de8bfa9c3db1d4f1413b2a9c727
Debian Security Advisory DSA-044-1 - The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to be secure fixing it properly would mean a large rewrite. Instead of doing this we decided to no longer install it setgid. This means that it can no longer lock your mailbox properly on systems for which you need group mail to write to the mailspool, but it will still work for sending email. Debian security homepage: http://www.debian.org
65225d45fe97f937fa6791a4d502df39372d4b4b6ff6ce1d5471044798905136
Debian Security Advisory - On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request.
e59e84ea5add01b5cbf3c7251d060ddd800507723217e66b84e417e02472ca4b
Debian Security Advisory DSA-042-1 - Gnuserv, a remote control facility for Emacsen which is available as standalone program as well as included in XEmacs21, has a buffer overflow which can be exploited to make the cookie comparison always succeed.
9ed783e0c6abaf46763de9ff4df5c7e63418c4cad78d6fe51f25bf934992f3cc
Debian Security Advisory DSA-041-1 - The text editor joe attempts to read .joerc from the current directory, allowing malicious local users to execute commands as other users if they use joe in writable directories.
4ef5818fa6e26bbf695f6491af29bc7ea87e73bc75e7017b3f7c54fb5ddf63e4
Debian Security Advisory DSA-040-1 - The slrn newsreader has remotely exploitable buffer overflows if the wrapping/unwrapping functions are enabled.
d550a54801dcd1426379ea887a12f79fc2fb115ab5b9502b594ec7acd26d94d9