Debian Security Advisory - バケツでごはん２０１１




















































































































































-









































































Debian Security Advisory DSA 632-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 10th, 2005                      http://www.debian.org/security/faq



















































































































































-









































































Package        : linpopup
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1282
Debian Bug     : 287044

Stephen Dranger discovered a buffer overflow in linpopup, an X11 port
of winpopup, running over Samba, that could lead to the execution of
arbitrary code when displaying a maliciously crafted message.

For the stable distribution (woody) this problem has been fixed in
version 1.2.0-2woody1.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.0-7.

We recommend that you upgrade your linpopup package.




















































































































































-









































































Debian Security Advisory DSA 631-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 10th, 2005                      http://www.debian.org/security/faq



















































































































































-









































































Package        : kdelibs
Vulnerability  : unsanitised input
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1165
BugTraq ID     : 11827
Debian Bug     : 287201

Thiago Macieira discovered a vulnerability in the kioslave library,
which is part of kdelibs, which allows a remote attacker to execute
arbitrary FTP commands via an ftp:// URL that contains an URL-encoded
newline before the FTP command.

For the stable distribution (woody) this problem has been fixed in
version 2.2.2-13.woody.13.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your kdelibs3 package.




















































































































































-









































































Debian Security Advisory DSA 630-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 10th, 2005                      http://www.debian.org/security/faq



















































































































































-









































































Package        : lintian
Vulnerability  : insecure temporary directory
Problem-Type   : local
Debian-specific: yes
CVE ID         : CAN-2004-1000
Debian Bug     : 286681

Jeroen van Wolffelaar discovered a problem in lintian, the Debian
package checker.  The program removes the working directory even if it
wasn't created at program start, removing an unrelated file or
directory a malicious user inserted via a symlink attack.

For the stable distribution (woody) this problem has been fixed in
version 1.20.17.1.

For the unstable distribution (sid) this problem has been fixed in
version 1.23.6.

We recommend that you upgrade your lintian package.