Security 10808 Published by

Two new security updates for Debian GNU/Linux are available:

DSA-228-1 libmcrypt -- buffer overflows and memory leak



Ilia Alshanetsky discovered several buffer overflows in libmcrypt, a decryption and encryption library, that originates from improper or lacking input validation. By passing input which is longer than expected to a number of functions (multiple functions are affected) the user can successfully make libmcrypt crash and may be able to insert arbitrary, malicious code which will be executed under the user libmcrypt runs as, e.g. inside a web server.
Read more

DSA-229-1 imp -- SQL injection