Re: [d-sec] Fwd: [suse-security-announce] SuSE Security Announcement: wuftpd (SuSE-SA:2001:043)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
> > Is there a place where to find pending issues for debian?
>
> http://security.debian.org/
>
Hm. I may be blind, but here I only see the already anounced issues.
I am looking for a list of issues, not jet announced. Like the one in
the SuSE Mailing.
> 2) Pending vulnerabilities in SuSE Distributions and Workarounds:
>
> - openssh
> After stabilizing the openssh package, updates for the
> distributions 6.4-7.2 are currently being prepared. The update
> packages fix a security problem related to the recently discovered
> problems with source ip based access restrictions in a user's
> ~/.ssh/authorized_keys2 file. The packages will appear shortly on
> our ftp servers. Please note that packages for the distributions
> 6.3 and up including 7.0 containing cryptographic software are
> located on the German ftp server ftp.suse.de, all other packages
> can be found on ftp.suse.com at the usual location. We will issue a
> dedicated Security announcement for the openssh package.
>
> - The ziptool program runs setuid root in the easy permission
> mode and contains an overflow which allows local attackers to gain
> root privileges. A zipdrive must be configured and a zipdisk being
> inserted in order to exploit the bug. The overflow has been fixed.
> Please update your packages.
>
> - The ncpfs package containing the setuid root programs
> ncpmount and ncpumount was vulnerable to local bufferoverflow
> attacks. The package has been fixed.
>
Hendrik
- --
PGP ID 21F0AC0265C92061
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD4DBQE8BhpaIfCsAmXJIGERAkcbAJ9M0T0/mIu6eesnN380pZX0nKVuHACYhH0I
jY3XZbsQBxSkvfisPy9TSQ==
=W0uY
-----END PGP SIGNATURE-----
Reply to: