Two security patches for Debian GNU/Linux has been released:

DSA-255-1 tcpdump -- infinite loop

Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop.

In addition to the above problem the tcpdump developers discovered a potential infinite loop when parsing malformed BGP packets. They also discovered a buffer overflow that can be exploited with certain malformed NFS packets.

For the stable distribution (woody) these problems have been fixed in version 3.6.2-2.3.

For the old stable distribution (potato) does not seem to be affected by this problem.

For the unstable distribution (sid) these problems have been fixed in version 3.7.1-1.2.

Read more

DSA-256-1 mhc -- insecure temporary file

It has been discovered that adb2mhc from the mhc-utils package. The default temporary directory uses a predictable name. This adds a vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for.

For the stable distribution (woody) this problem has been fixed in version 0.25+20010625-7.1.

For the old stable distribution (potato) does not contain mhc packages.

For the unstable distribution (sid) this problem has been fixed in version 0.25+20030224-1.

Read more