Security 10816 Published by

The following security updates for Debian GNU/Linux has been released

DSA-280-1 samba -- buffer overflow

Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use.

Since the packags for potato are quite old it is likely that they contain more security-relevant bugs that we know of. You are therefore advised to upgrade your systems running Samba to woody soon.

Read more

DSA-279-1 metrics -- insecure temporary file creation

Paul Szabo and Matt Zimmerman discoverd two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather_stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather_stats" is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root.

Read more