Security 10812 Published by

3 new security updates for Debian GNU/Linux are available:

DSA-290-1 sendmail-wide -- char-to-int conversion

Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable.

Read more

DSA-289-1 rinetd -- incorrect memory resizing

Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of service and potentially execution of arbitrary code.

Read more

DSA-288-1 openssl -- several vulnerabilities

Researchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server's private key or make the encrypted session decryptable otherwise.

Read more