Debian security advisory
Leonard den Ottolander
leonard at den.ottolander.nl
Sun Jan 30 13:34:45 UTC 2005
Hi,
http://www.debian.org/security/2005/dsa-639 states a bunch of
vulnerabilities that are supposed to be fixed in CVS (they seem to have
overseen CAN-2004-0494 however). These vulnerabilities at least affect
users of mc-4.5.55 and before. The question is when have these been
fixed in CVS? Are they relevant to users of 4.6.0?
* CAN-2004-1004
Multiple format string vulnerabilities
* CAN-2004-1005
Multiple buffer overflows
* CAN-2004-1009
One infinite loop vulnerability
* CAN-2004-1090
Denial of service via corrupted section header
* CAN-2004-1091
Denial of service via null dereference
* CAN-2004-1092
Freeing unallocated memory
* CAN-2004-1093
Denial of service via use of already freed memory
* CAN-2004-1174
Denial of service via manipulating non-existing file handles
* CAN-2004-1175
Unintended program execution via insecure filename quoting
* CAN-2004-1176
Denial of service via a buffer underflow
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
More information about the mc-devel
mailing list