Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jun 16, 2001

  • Debian Security Advisory: multiple gnupg problems (2001-06-16 20:00:17)
    "fish stiqz reported on bugtraq that there was a printf format problem in the do_get() function: it printed a prompt which included the filename that was being decrypted without checking for possible printf format attacks. This could be exploited by tricking someone into decrypting a file with a specially crafted filename. The second bug is related to importing secret keys: when gnupg imported a secret key it would immediately make the associated public key fully trusted which changes your web of trust without asking for a confirmation."

  • Debian Security Advisory: rxvt buffer overflow (2001-06-16 19:53:01)
    "Samuel Dralet reported on bugtraq that version 2.6.2 of rxvt (a VT102 terminal emulator for X) have a buffer overflow in the tt_printf() function. A local user could abuse this making rxvt print a special string using that function, for example by using the -T or -name command-line options. That string would cause a stack overflow and contain code which rxvt will execute."

  • Debian Security Advisory: fetchmail buffer overflow (2001-06-16 16:53:14)
    "Wolfram Kleff found a problem in fetchmail: it would crash when processing emails with extremely long headers. The problem was a buffer overflow in the header parser which could be exploited."