Balsa/Leksbot Updates for Debian
Posted on: 05/07/2003 09:47 AM
Two new security updates for Debian GNU/Linux has been released
DSA-300-1 balsaByrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This code is imported in the Balsa package. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.
Read moreDSA-299-1 leksbotMaurice Massar discovered that, due to a packaging error, the program /usr/bin/KATAXWR was inadvertently installed setuid root. This program was not designed to run setuid, and contained multiple vulnerabilities which could be exploited to gain root privileges.
Read more