Gern! - Ort & Zeit? -- Lx // 0x18F80934 "so long and thanks for all the fish" On Tue, Feb 19, 2013 at 02:58:38PM +0100, Patrick Daloiso wrote: > hey babeee, naa wei gehts viel zu tun heute? > > mama fragt ob wir am sonntag zum lasagne essen kommen wollen :-) > > > Am 18.02.2013 18:01, schrieb Moritz Muehlenhoff: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >- ------------------------------------------------------------------------- > >Debian Security Advisory DSA-2628-1 secur...@debian.org > >http://www.debian.org/security/ Moritz Muehlenhoff > >February 18, 2013 http://www.debian.org/security/faq > >- ------------------------------------------------------------------------- > > > >Package : nss-pam-ldapd > >Vulnerability : buffer overflow > >Problem type : local (remote) > >Debian-specific: no > >CVE ID : CVE-2013-0288 > >Debian Bug : 690319 > > > >Garth Mollett discovered that a file descriptor overflow issue in the > >use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for > >using LDAP as a naming service, can lead to a stack-based buffer > >overflow. An attacker could, under some circumstances, use this flaw to > >cause a process that has the NSS or PAM module loaded to crash or > >potentially execute arbitrary code. > > > >For the stable distribution (squeeze) this problem has been fixed in > >version 0.7.15+squeeze3. > > > >For the testing distribution (wheezy), this problem has been fixed in > >version 0.8.10-3. > > > >For the unstable distribution (sid), this problem has been fixed in > >version 0.8.10-3. > > > >We recommend that you upgrade your nss-pam-ldapd packages. > > > >Further information about Debian Security Advisories, how to apply > >these updates to your system and frequently asked questions can be > >found at: http://www.debian.org/security/ > > > >Mailing list: debian-security-annou...@lists.debian.org > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.4.12 (GNU/Linux) > > > >iEYEARECAAYFAlEiW7gACgkQXm3vHE4uyloWqwCcDZWJYLmupXkP8XOAhAY9825R > >5rMAoOA3R8aSGzI+t1PAbx1hoUqR5Hgg > >=/Twb > >-----END PGP SIGNATURE----- > > > > > > -- > > Patrick Daloiso > - Systemadministration - > > rjm business solutions GmbH > Sperlingweg 3 > 68623 Lampertheim > > Tel.: +49 6206 130 6060 > Fax: +49 6206 130 6089 > > Registergericht: Amtsgericht Darmstadt, Reg.-Abt. Lampertheim, HRB 62134 > Geschäftsführer: Rudolf J. Manke > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/5123850e.6040...@rjm.de >
signature.asc
Description: Digital signature
