January 23, 2001

Debian security advisory: jazip

Author: JT Smith

From LWN.net: "With older versions of jazip a user could gain root access for members
of the floppy group to the local machine. The interface doesn't run
as root anymore and this very exploit was prevented. The program now
also truncates DISPLAY to 256 characters if it is bigger, which closes
the buffer overflow (within xforms)."


  • Linux
Click Here!