Debian Security Advisory
DSA-2771-1 nas -- several vulnerabilities
- Date Reported:
- 09 Oct 2013
- Affected Packages:
- nas
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-4256, CVE-2013-4257, CVE-2013-4258.
- More information:
-
Hamid Zamani discovered multiple security problems (buffer overflows, format string vulnerabilities and missing input sanitising), which could lead to the execution of arbitrary code.
For the oldstable distribution (squeeze), these problems have been fixed in version 1.9.2-4squeeze1.
For the stable distribution (wheezy), these problems have been fixed in version 1.9.3-5wheezy1.
For the testing distribution (jessie), these problems have been fixed in version 1.9.3-6.
For the unstable distribution (sid), these problems have been fixed in version 1.9.3-6.
We recommend that you upgrade your nas packages.