Debian

  • user warning: Can't open file: 'sessions.MYI'. (errno: 145) query: SELECT COUNT(sid) AS count FROM sessions WHERE timestamp >= 1508390680 AND uid = 0 in /var/www/drupal-5.23/includes/database.mysql.inc on line 174.
  • user warning: Can't open file: 'sessions.MYI'. (errno: 145) query: SELECT DISTINCT u.uid, u.name, s.timestamp FROM users u INNER JOIN sessions s ON u.uid = s.uid WHERE s.timestamp >= 1508390680 AND s.uid > 0 ORDER BY s.timestamp DESC in /var/www/drupal-5.23/includes/database.mysql.inc on line 174.

DSA-603 openssl - insecure temporary file

Trustix developers discovered insecure temporary file creation in a
supplemental script (der_chop) of the openssl package which may allow
local users to overwrite files via a symlink attack.

DSA-601 libgd - integer overflow

More potential integer overflows have been found in the GD graphics
library which weren't covered by our security advisory
DSA 589. They
could be exploited by a specially crafted graphic and could lead to
the execution of arbitrary code on the victim's machine.

DSA-602 libgd2 - integer overflow

More potential integer overflows have been found in the GD graphics
library which weren't covered by our security advisory
DSA 591. They
could be exploited by a specially crafted graphic and could lead to
the execution of arbitrary code on the victim's machine.

DSA-599 tetex-bin - integer overflows

Chris Evans discovered several integer overflows in xpdf, that are
also present in tetex-bin, binary files for the teTeX distribution,
which can be exploited remotely by a specially crafted PDF document
and lead to the execution of arbitrary code.

DSA-598 yardradius - buffer overflow

Max Vozeler noticed that yardradius, the YARD radius authentication
and accounting server, contained a stack overflow similar to the one
from radiusd which is referenced as CAN-2001-0534. This could lead to
the execution of arbitrary code as root.

DSA-597 cyrus-imapd - buffer overflow

Stefan Esser discovered several security related problems in the Cyrus
IMAP daemon. Due to a bug in the command parser it is possible to
access memory beyond the allocated buffer in two places which could
lead to the execution of arbitrary code.

DSA-595 bnc - buffer overflow

Leon Juranic discovered that BNC, an IRC session bouncing proxy, does
not always protect buffers from being overwritten. This could
exploited by a malicious IRC server to overflow a buffer of limited
size and execute arbitrary code on the client host.

DSA-596 sudo - missing input sanitising

Liam Helmer noticed that sudo, a program that provides limited super
user privileges to specific users, does not clean the environment
sufficiently. Bash functions and the CDPATH variable are still passed
through to the program running as privileged user, leaving
possibilities to overload system routines. These vulnerabilities can
only be exploited by users who have been granted limited super user
privileges.

DWN - 2004 年 11 月 16 日

2004 年第 45 期的 Debian Weekly News 已經出版。本週的內容包括:

* Bruce Perens 指出軟件專利的害處。
* SpamAssassin 3 記憶體問題已被修正
* Sarge 發佈之最新情況
* Sarge 將附運 Gnome 2.8!?
* 關於 Debian-Installer
* 跑 Debian 的大型 Opteron 叢集
* 把 YaST2 帶入 Debian?
* 給 Upstream 軟件作者的提示
* 掛載可拔走的儲存裝置
* PHP 加速器不能被分發!?

全文請看 DWN Nov 16th 2004

DSA-594 apache - buffer overflows

Two vulnerabilities have been identified in the Apache 1.3 webserver:

Add to calendar