Security 10748 Published by

Two new security updates for Debian GNU/Linux are now available:

DSA-282-1 glibc -- integer overflow

eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function which is also present in GNU libc. This function is part of the XDR (external data representation) encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitrary code.

Read more

DSA-281-1 moxftp -- buffer overflow

Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp respectively), an Athena X interface to FTP. Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server. Erik Tews fixed this.

Read more