New Security Updates for Debian & SuSE
Posted on: 09/04/2002 04:54 AM

New security updates for Debian GNU/Linux and SuSE Linux are available

Debian GNU/Linux:
DSA-160-1 scrollkeeper -- insecure temporary file creation

Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation. The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user.

Read more

SuSE Linux:
glibc: local/remote privilege escalation

An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker.

Read more




Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/new_security_updates_for_debian_suse.html)