Six Debian Security Advisories    Monday, December 04 2006 @ 04:03 PM EST Contributed by: sde 1. DSA-1223-1 - New tar packages fix arbitrary file overwrite 2. DSA 1224-1 - New Mozilla packages fix several vulnerabilities 3. DSA 1225-2 - New Mozilla Firefox packages fix several vulnerabilities 4. DSA 1226-1 - New links packages fix arbitrary shell command execution 5. DSA 1227-1 - New Mozilla Thunderbird packages fix several vulnerabilities 6. DSA 1205-2 - New thttpd packages fix insecure temporary file creation 1. Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link. 2. Several security related problems have been discovered in Mozilla and derived products. 3. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. 4. Teemu Salmela discovered that the links character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. 5. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. 6. Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. Read more   [ Views: 1590 ]

Six Debian Security Advisories | 0 comments | Create New Account

Newest First Oldest First Flat Nested No Comments Threaded

The following comments are owned by whoever posted them. This site is not responsible for what they say.

No user comments.