Debian security advisory

Leonard den Ottolander leonard at den.ottolander.nl
Sun Jan 30 13:34:45 UTC 2005


Hi,

http://www.debian.org/security/2005/dsa-639 states a bunch of
vulnerabilities that are supposed to be fixed in CVS (they seem to have
overseen CAN-2004-0494 however). These vulnerabilities at least affect
users of mc-4.5.55 and before. The question is when have these been
fixed in CVS? Are they relevant to users of 4.6.0?

    * CAN-2004-1004
      Multiple format string vulnerabilities

    * CAN-2004-1005
      Multiple buffer overflows

    * CAN-2004-1009
      One infinite loop vulnerability

    * CAN-2004-1090
      Denial of service via corrupted section header

    * CAN-2004-1091
      Denial of service via null dereference

    * CAN-2004-1092
      Freeing unallocated memory

    * CAN-2004-1093
      Denial of service via use of already freed memory

    * CAN-2004-1174
      Denial of service via manipulating non-existing file handles

    * CAN-2004-1175
      Unintended program execution via insecure filename quoting

    * CAN-2004-1176
      Denial of service via a buffer underflow

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research





More information about the mc-devel mailing list