Security 10809 Published by

New security updates for Debian GNU/Linux and SuSE Linux are available

Debian GNU/Linux:
DSA-160-1 scrollkeeper -- insecure temporary file creation

Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation. The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user.

Read more

SuSE Linux:
glibc: local/remote privilege escalation

An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker.

Read more