Debian Security Advisory DSA 636-1 security@
debian.org
http://www.debian.org/security/ Martin Schulze
January 12th, 2005
http://www.debian.org/security/faq
Package :
glibc
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0968
BugTraq ID : 11286
Debian Bug : 279680 278278 205600
Several insecure uses of temporary files have been discovered in
support scripts in the libc6 package which provices the c library for
a
GNU/Linux system. Trustix developers found that the catchsegv
script uses temporary files insecurely. Openwall developers
discovered insecure temporary files in the glibcbug script. These
scripts are vulnerable to a symlink attack.
For the stable distribution (woody) these problems have been fixed in
version 2.2.5-11.8.
For the unstable distribution (sid) these problems have been fixed in
version 2.3.2.ds1-20.
We recommend that you upgrade your libc6 package.
Debian Security Advisory DSA 637-1 security@
debian.org
http://www.debian.org/security/ Martin Schulze
January 13th, 2005
http://www.debian.org/security/faq
Package :
exim-
tls
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0021
Debian Bug : 289046
Philip Hazel announced a buffer overflow in the host_aton function in
exim-
tls, the
SSL-enabled version of the default mail-tranport-agent
in
Debian, which can lead to the execution of arbitrary code via an
illegal
IPv6 address.
For the stable distribution (woody) this problem has been fixed in
version 3.35-3woody3.
In the unstable distribution (sid) this package does not exist
anymore.
We recommend that you upgrade your
exim-
tls package.