libmcrypt/imp Updates for Debian
Posted on: 01/16/2003 01:57 PM

Two new security updates for Debian GNU/Linux are available:

DSA-228-1 libmcrypt -- buffer overflows and memory leak

Ilia Alshanetsky discovered several buffer overflows in libmcrypt, a decryption and encryption library, that originates from improper or lacking input validation. By passing input which is longer than expected to a number of functions (multiple functions are affected) the user can successfully make libmcrypt crash and may be able to insert arbitrary, malicious code which will be executed under the user libmcrypt runs as, e.g. inside a web server.


Read more

DSA-229-1 imp -- SQL injection


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/libmcryptimp_updates_for_debian.html)