Security Information / 2013 / Security Information -- DSA-2771-1 nas

Debian Security Advisory

DSA-2771-1 nas -- several vulnerabilities

Date Reported:

09 Oct 2013

Affected Packages:

nas

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-4256, CVE-2013-4257, CVE-2013-4258.

More information:

Hamid Zamani discovered multiple security problems (buffer overflows, format string vulnerabilities and missing input sanitising), which could lead to the execution of arbitrary code.

For the oldstable distribution (squeeze), these problems have been fixed in version 1.9.2-4squeeze1.

For the stable distribution (wheezy), these problems have been fixed in version 1.9.3-5wheezy1.

For the testing distribution (jessie), these problems have been fixed in version 1.9.3-6.

For the unstable distribution (sid), these problems have been fixed in version 1.9.3-6.

We recommend that you upgrade your nas packages.