Date: Wed, 15 Sep 1999 00:51:58 +0200 (CEST) From: joey@finlandia.Infodrom.North.DE (Martin Schulze) To: debian-security-announce@lists.debian.org (Debian Security Announcements) Subject: Debian GNU/Linux 2.1r3 fixes reported security problems -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------------- Debian Security Report security@debian.org http://www.debian.org/security/ Martin Schulze September 14, 1999 - ---------------------------------------------------------------------------- A new stable subrelease of Debian GNU/Linux has been created. Mirrors are already in sync. This subrelease of Debian GNU/Linux 2.1 contains fixed packages for security problems reported before. In Detail the release contain the following security fixes. . cfingerd 1.3.2-18.1 Local root exploit . cron 3.0pl1-50.2 Local root exploit . epic4 pre2.003-0slink2 Denial of Service . imap 4.5-0slink3 Remove "nobody" exploit . isdnutils 3.0-12slink13 Local root exploit . lprng 3.5.2-2 Don't allow control connections from unprivileged ports . lsof 4.37-4 Local root exploit . mailman 1.0rc2-5 Remote exploit . man-db 2.3.10-69FIX.1 /tmp-symlink race . man2html 1.5-18.1 /tmp-symlink race . procmail 3.13.1-1 Buffer overflows . rsync 2.3.1-0.slink.1 Mangling of remote permissions . samba 2.0.5a-1 Denial of Service, Remote exploit . smtp-refuser 1.0.1 /tmp-symlink race . termcap-compat 1.1.1.1.0slink1 Local root exploit . trn 3.6-9.3.1 /tmp-symlink race These packages will be kept on security.debian.org for convenience. For non-security updates of 2.1 please refer to the the announcement released to debian-announce@lists.debian.org. - ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable updates For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBN97RjhRNm5Suj3z1AQGQRwP7B/3laQQquibRJdmROKG9+iz0Dl+TOdu2 r7AV50AMSyN+xT1iO0ybUAWbfxFWiCAEaKzi9y2FMyY3Oggi6yMtwxwqKnANzyR1 B8rpyAwdoGcJXRJuXGIcrhBNqG4D8zAlpF/Jt5UzFqCi4loL79n/IyEUOtocqYvY mJhK+RYAJP0= =1bTI -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org