Security 10808 Published by

Two new security updates for Debian GNU/Linux has been released:

DSA-271-1 ecartis -- unauthorized password change

A problem has been discovered in ecartis, a mailing list manager, formerly known as listar. This vulnerability enables an attacker to reset the password of any user defined on the list server, including the list admins.

Read more

DSA-270-1 linux-kernel-mips -- local privilege escalation

The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.

This advisory only covers kernel packages for the big and little endian MIPS architectures. Other architectures will be covered by separate advisories.

Read more