Security Information / Security Advisories from 2003

Security Advisories from 2003

[30 Dec 2003] DSA-405 xsok - missing privilege release
[04 Dec 2003] DSA-404 rsync - heap overflow
[01 Dec 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
[17 Nov 2003] DSA-402 minimalist - unsanitised input
[17 Nov 2003] DSA-401 hylafax - format strings
[11 Nov 2003] DSA-400 omega-rpg - buffer overflow
[10 Nov 2003] DSA-399 epic4 - buffer overflow
[10 Nov 2003] DSA-398 conquest - buffer overflow
[07 Nov 2003] DSA-397 postgresql - buffer overflow
[29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation
[15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
[11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
[01 Oct 2003] DSA-393 openssl - denial of service
[29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure
[28 Sep 2003] DSA-391 freesweep - buffer overflow
[26 Sep 2003] DSA-390 marbles - buffer overflow
[20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules
[19 Sep 2003] DSA-388 kdebase - several vulnerabilities
[18 Sep 2003] DSA-387 gopher - buffer overflows
[18 Sep 2003] DSA-386 libmailtools-perl - input validation bug
[18 Sep 2003] DSA-385 hztty - buffer overflows
[17 Sep 2003] DSA-384 sendmail - buffer overflows
[17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
[16 Sep 2003] DSA-382 ssh - possible remote vulnerability
[13 Sep 2003] DSA-381 mysql - buffer overflow
[12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
[11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
[07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service
[04 Sep 2003] DSA-377 wu-ftpd - insecure program execution
[04 Sep 2003] DSA-376 exim - buffer overflow
[29 Aug 2003] DSA-375 node - buffer overflow, format string
[26 Aug 2003] DSA-374 libpam-smb - buffer overflow
[16 Aug 2003] DSA-373 autorespond - buffer overflow
[16 Aug 2003] DSA-372 netris - buffer overflow
[11 Aug 2003] DSA-371 perl - cross-site scripting
[08 Aug 2003] DSA-370 pam-pgsql - format string
[08 Aug 2003] DSA-369 zblast - buffer overflow
[08 Aug 2003] DSA-368 xpcd - buffer overflow
[08 Aug 2003] DSA-367 xtokkaetama - buffer overflow
[05 Aug 2003] DSA-366 eroaster - insecure temporary file
[05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
[04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
[03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning
[02 Aug 2003] DSA-362 mindi - insecure temporary file
[01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities
[01 Aug 2003] DSA-360 xfstt - several vulnerabilities
[31 Jul 2003] DSA-359 atari800 - buffer overflows
[31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
[31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
[30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
[30 Jul 2003] DSA-355 gallery - cross-site scripting
[29 Jul 2003] DSA-354 xconq - buffer overflows
[29 Jul 2003] DSA-353 sup - insecure temporary file
[22 Jul 2003] DSA-352 fdclone - insecure temporary directory
[16 Jul 2003] DSA-351 php4 - cross-site scripting
[15 Jul 2003] DSA-350 falconseye - buffer overflow
[14 Jul 2003] DSA-349 nfs-utils - buffer overflow
[11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow
[08 Jul 2003] DSA-347 teapop - SQL injection
[08 Jul 2003] DSA-346 phpsysinfo - directory traversal
[08 Jul 2003] DSA-345 xbl - buffer overflow
[08 Jul 2003] DSA-344 unzip - directory traversal
[08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file
[07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration
[07 Jul 2003] DSA-341 liece - insecure temporary file
[06 Jul 2003] DSA-340 x-face-el - insecure temporary file
[06 Jul 2003] DSA-339 semi - insecure temporary file
[29 Jun 2003] DSA-338 proftpd - SQL injection
[29 Jun 2003] DSA-337 gtksee - buffer overflow
[29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
[28 Jun 2003] DSA-335 mantis - incorrect permissions
[28 Jun 2003] DSA-334 xgalaga - buffer overflows
[27 Jun 2003] DSA-333 acm - integer overflow
[27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities
[27 Jun 2003] DSA-331 imagemagick - insecure temporary file
[23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges
[20 Jun 2003] DSA-329 osh - buffer overflows
[19 Jun 2003] DSA-328 webfs - buffer overflow
[19 Jun 2003] DSA-327 xbl - buffer overflows
[19 Jun 2003] DSA-326 orville-write - buffer overflows
[19 Jun 2003] DSA-325 eldav - insecure temporary file
[18 Jun 2003] DSA-324 ethereal - several vulnerabilities
[16 Jun 2003] DSA-323 noweb - insecure temporary files
[16 Jun 2003] DSA-322 typespeed - buffer overflow
[13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow
[13 Jun 2003] DSA-320 mikmod - buffer overflow
[12 Jun 2003] DSA-319 webmin - session ID spoofing
[12 Jun 2003] DSA-318 lyskom-server - denial of service
[11 Jun 2003] DSA-317 cupsys - denial of service
[11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
[11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
[11 Jun 2003] DSA-314 atftp - buffer overflow
[11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows
[09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
[08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
[08 Jun 2003] DSA-310 xaos - improper setuid-root execution
[06 Jun 2003] DSA-309 eterm - buffer overflow
[06 Jun 2003] DSA-308 gzip - insecure temporary files
[27 May 2003] DSA-307 gps - multiple vulnerabilities
[19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow
[15 May 2003] DSA-305 sendmail - insecure temporary files
[15 May 2003] DSA-304 lv - privilege escalation
[15 May 2003] DSA-303 mysql - privilege escalation
[07 May 2003] DSA-302 fuzz - privilege escalation
[07 May 2003] DSA-301 libgtop - buffer overflow
[06 May 2003] DSA-300 balsa - buffer overflow
[06 May 2003] DSA-299 leksbot - improper setuid-root execution
[02 May 2003] DSA-298 epic4 - buffer overflows
[01 May 2003] DSA-297 snort - integer overflow, buffer overflow
[30 Apr 2003] DSA-296 kdebase - insecure execution
[30 Apr 2003] DSA-295 pptpd - buffer overflow
[23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
[23 Apr 2003] DSA-293 kdelibs - insecure execution
[22 Apr 2003] DSA-292 mime-support - insecure temporary file creation
[22 Apr 2003] DSA-291 ircii - buffer overflows
[17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion
[17 Apr 2003] DSA-289 rinetd - incorrect memory resizing
[17 Apr 2003] DSA-288 openssl - several vulnerabilities
[15 Apr 2003] DSA-287 epic - buffer overflows
[14 Apr 2003] DSA-286 gs-common - insecure temporary file
[14 Apr 2003] DSA-285 lprng - insecure temporary file
[12 Apr 2003] DSA-284 kdegraphics - insecure execution
[11 Apr 2003] DSA-283 xfsdump - insecure file creation
[09 Apr 2003] DSA-282 glibc - integer overflow
[08 Apr 2003] DSA-281 moxftp - buffer overflow
[07 Apr 2003] DSA-280 samba - buffer overflow
[07 Apr 2003] DSA-279 metrics - insecure temporary file creation
[04 Apr 2003] DSA-278 sendmail - char-to-int conversion
[03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string
[03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation
[02 Apr 2003] DSA-275 lpr-ppd - buffer overflow
[28 Mar 2003] DSA-274 mutt - buffer overflow
[28 Mar 2003] DSA-273 krb4 - Cryptographic weakness
[28 Mar 2003] DSA-272 dietlibc - integer overflow
[27 Mar 2003] DSA-271 ecartis - unauthorized password change
[27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation
[26 Mar 2003] DSA-269 heimdal - Cryptographic weakness
[25 Mar 2003] DSA-268 mutt - buffer overflow
[24 Mar 2003] DSA-267 lpr - buffer overflow
[24 Mar 2003] DSA-266 krb5 - several vulnerabilities
[21 Mar 2003] DSA-265 bonsai - several vulnerabilities
[19 Mar 2003] DSA-264 lxr - missing filename sanitizing
[17 Mar 2003] DSA-263 netpbm-free - math overflow errors
[15 Mar 2003] DSA-262 samba - remote exploit
[14 Mar 2003] DSA-261 tcpdump - infinite loop
[13 Mar 2003] DSA-260 file - buffer overflow
[12 Mar 2003] DSA-259 qpopper - mail user privilege escalation
[10 Mar 2003] DSA-258 ethereal - format string vulnerability
[04 Mar 2003] DSA-257 sendmail - remote exploit
[28 Feb 2003] DSA-256 mhc - insecure temporary file
[27 Feb 2003] DSA-255 tcpdump - infinite loop
[27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow
[24 Feb 2003] DSA-253 openssl - information leak
[21 Feb 2003] DSA-252 slocate - buffer overflow
[14 Feb 2003] DSA-251 w3m - missing HTML quoting
[12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting
[11 Feb 2003] DSA-249 w3mmee - missing HTML quoting
[31 Jan 2003] DSA-248 hypermail - buffer overflows
[30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing
[29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting
[28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary
[27 Jan 2003] DSA-244 noffle - buffer overflows
[24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities
[24 Jan 2003] DSA-242 kdebase - several vulnerabilities
[24 Jan 2003] DSA-241 kdeutils - several vulnerabilities
[23 Jan 2003] DSA-240 kdegames - several vulnerabilities
[23 Jan 2003] DSA-239 kdesdk - several vulnerabilities
[23 Jan 2003] DSA-238 kdepim - several vulnerabilities
[22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities
[22 Jan 2003] DSA-236 kdelibs - several vulnerabilities
[22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities
[22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities
[21 Jan 2003] DSA-233 cvs - doubly freed memory
[20 Jan 2003] DSA-232 cupsys - several vulnerabilities
[17 Jan 2003] DSA-231 dhcp3 - stack overflows
[16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files
[15 Jan 2003] DSA-229 imp - SQL injection
[14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak
[13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs
[10 Jan 2003] DSA-226 xpdf-i - integer overflow
[09 Jan 2003] DSA-225 tomcat4 - source disclosure
[08 Jan 2003] DSA-224 canna - buffer overflow and more
[07 Jan 2003] DSA-223 geneweb - information exposure
[06 Jan 2003] DSA-222 xpdf - integer overflow
[03 Jan 2003] DSA-221 mhonarc - cross site scripting
[02 Jan 2003] DSA-220 squirrelmail - cross site scripting

You can get the latest Debian security advisories by subscribing to our debian-security-announce mailing list. You can also browse the archives for the list.

---

Back to the Debian Project homepage.

---

---