Debian Security Advisory DSA 632-1 security@
debian.org
http://www.debian.org/security/ Martin Schulze
January 10th, 2005
http://www.debian.org/security/faq
Package : linpopup
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1282
Debian Bug : 287044
Stephen Dranger discovered a buffer overflow in linpopup, an
X11 port
of winpopup, running over Samba, that could lead to the execution of
arbitrary code when displaying a maliciously crafted message.
For the stable distribution (woody) this problem has been fixed in
version 1.2.0-2woody1.
For the unstable distribution (sid) this problem has been fixed in
version 1.2.0-7.
We recommend that you upgrade your linpopup package.
Debian Security Advisory DSA 631-1 security@
debian.org
http://www.debian.org/security/ Martin Schulze
January 10th, 2005
http://www.debian.org/security/faq
Package : kdelibs
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1165
BugTraq ID : 11827
Debian Bug : 287201
Thiago Macieira discovered a
vulnerability in the kioslave library,
which is part of kdelibs, which allows a remote attacker to execute
arbitrary
FTP commands via an
ftp:// URL that contains an URL-encoded
newline before the
FTP command.
For the stable distribution (woody) this problem has been fixed in
version 2.2.2-13.woody.13.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your kdelibs3 package.
Debian Security Advisory DSA 630-1 security@
debian.org
http://www.debian.org/security/ Martin Schulze
January 10th, 2005
http://www.debian.org/security/faq
Package : lintian
Vulnerability : insecure temporary directory
Problem-Type : local
Debian-specific: yes
CVE ID : CAN-2004-1000
Debian Bug : 286681
Jeroen van Wolffelaar discovered a problem in lintian, the
Debian
package checker. The program removes the working directory even if it
wasn't created at program start, removing an unrelated file or
directory a malicious user inserted via a symlink attack.
For the stable distribution (woody) this problem has been fixed in
version 1.20.17.1.
For the unstable distribution (sid) this problem has been fixed in
version 1.23.6.
We recommend that you upgrade your lintian package.