[security] Security Advisories

[Lorenzo Iannuzzi]

http://www.debian.org/security/

A vulnerability was discovered in slocate, a program to index and
search for files, whereby a specially crafted database could overflow
a heap-based buffer.

http://distro.conectiva.com.br/atualizacoes/?idioma=en

 CVS is a version control system largely used in software
 projects.
 
 By requesting malformed modules a remote attacker can attempt to
 create files and directories on the server's root file system. This
 is usually prevented by file system permissions, however.

 Screen is a program which allows the use of several sessions
 inside a single terminal.
 
 Timo Sirainen reported a buffer overflow vulnerability[3] in the
 screen package which could be exploited by an attacker who is able to
 send about 2Gb of data to the user's screen session.

 kdepim is a collection of Personal Information Management (PIM) tools
 for the K Desktop Enviromnent (KDE).
 
 The KDE team has found a buffer overflow vulnerability in the
 file information reader of .VCF files. A carefully constructed .VCF
 file, if opened or previewed by an unsuspecting user, could cause the
 execution of arbitrary code with the victim's privileges.

-- 

Ciao e alla prossima!
Lorenzo                                 nakis a libero.it
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome:        non disponibile
Tipo:        application/pgp-signature
Dimensione:  244 bytes
Descrizione: non disponibile
Url:         http://itlists.org/pipermail/security/attachments/20040121/d62e8220/attachment.pgp