glibc/moxftp Update for Debian
Posted on: 04/11/2003 01:27 PM

Two new security updates for Debian GNU/Linux are now available:

DSA-282-1 glibc -- integer overflow

eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function which is also present in GNU libc. This function is part of the XDR (external data representation) encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitrary code.

Read more

DSA-281-1 moxftp -- buffer overflow

Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp respectively), an Athena X interface to FTP. Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server. Erik Tews fixed this.

Read more




Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/glibcmoxftp_update_for_debian.html)