![[LWN Logo]](/images/lwn.banner.gif)
Date: Wed, 15 Sep 1999 00:51:58 +0200 (CEST)
From: joey@finlandia.Infodrom.North.DE (Martin Schulze)
To: debian-security-announce@lists.debian.org (Debian Security Announcements)
Subject: Debian GNU/Linux 2.1r3 fixes reported security problems
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------
Debian Security Report security@debian.org
http://www.debian.org/security/ Martin Schulze
September 14, 1999
- ----------------------------------------------------------------------------
A new stable subrelease of Debian GNU/Linux has been created. Mirrors
are already in sync. This subrelease of Debian GNU/Linux 2.1 contains
fixed packages for security problems reported before.
In Detail the release contain the following security fixes.
. cfingerd 1.3.2-18.1
Local root exploit
. cron 3.0pl1-50.2
Local root exploit
. epic4 pre2.003-0slink2
Denial of Service
. imap 4.5-0slink3
Remove "nobody" exploit
. isdnutils 3.0-12slink13
Local root exploit
. lprng 3.5.2-2
Don't allow control connections from unprivileged ports
. lsof 4.37-4
Local root exploit
. mailman 1.0rc2-5
Remote exploit
. man-db 2.3.10-69FIX.1
/tmp-symlink race
. man2html 1.5-18.1
/tmp-symlink race
. procmail 3.13.1-1
Buffer overflows
. rsync 2.3.1-0.slink.1
Mangling of remote permissions
. samba 2.0.5a-1
Denial of Service, Remote exploit
. smtp-refuser 1.0.1
/tmp-symlink race
. termcap-compat 1.1.1.1.0slink1
Local root exploit
. trn 3.6-9.3.1
/tmp-symlink race
These packages will be kept on security.debian.org for convenience.
For non-security updates of 2.1 please refer to the the announcement
released to debian-announce@lists.debian.org.
- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBN97RjhRNm5Suj3z1AQGQRwP7B/3laQQquibRJdmROKG9+iz0Dl+TOdu2
r7AV50AMSyN+xT1iO0ybUAWbfxFWiCAEaKzi9y2FMyY3Oggi6yMtwxwqKnANzyR1
B8rpyAwdoGcJXRJuXGIcrhBNqG4D8zAlpF/Jt5UzFqCi4loL79n/IyEUOtocqYvY
mJhK+RYAJP0=
=1bTI
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org