Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1389 replies to this topic

#326 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 07 December 2011 - 01:41 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2289-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
August 07, 2011                        http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : typo3-src
Vulnerability  : several
Problem type   : remote
Debian-specific: no
Debian Bug     : 635937

Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework: cross-site scripting, information
disclosure, authentication delay bypass, and arbitrary file deletion.
More details can be found in the Typo3 security advisory:
http://typo3.org/teams/security/security-b...o3-core-sa-2011
- -001/

For the oldstable distribution (lenny), these problems have been fixed in
version 4.2.5-1+lenny8.

For the stable distribution (squeeze), these problems have been fixed in
version 4.3.9+dfsg1-1+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 4.5.4+dfsg1-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2290-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
August 07, 2011                        http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : samba
Vulnerability  : cross-site scripting
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2522 CVE-2011-2694

The Samba Web Administration Tool (SWAT) contains several cross-site
request forgery (CSRF) vulnerabilities (CVE-2011-2522) and a
cross-site scripting vulnerability (CVE-2011-2694).

For the oldstable distribution (lenny), these problems have been fixed in
version 2:3.2.5-4lenny15.

For the stable distribution (squeeze), these problems have been fixed
in version 2:3.5.6~dfsg-3squeeze5.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 2:3.5.10~dfsg-1.

-------------------------------------------------------------------------
Debian Security Advisory DSA-2291-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
August 8, 2011                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : squirrelmail
Vulnerability  : various
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2010-4554 CVE-2010-4555 CVE-2011-2023
                 CVE-2011-2752 CVE-2011-2753

Various vulnerabilities have been found in SquirrelMail, a webmail
application. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CVE-2010-4554

  SquirrelMail did not prevent page rendering inside a third-party
  HTML frame, which makes it easier for remote attackers to conduct
  clickjacking attacks via a crafted web site.

CVE-2010-4555, CVE-2011-2752, CVE-2011-2753

  Multiple small bugs in SquirrelMail allowed an attacker to inject
  malicious script into various pages or alter the contents of user
  preferences.

CVE-2011-2023

  It was possible to inject arbitrary web script or HTML via a
  crafted STYLE element in an HTML part of an e-mail message.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.4.15-4+lenny5.

For the stable distribution (squeeze), this problem has been fixed in
version 1.4.21-2.

For the testing (wheezy) and unstable distribution (sid), these problems
have been fixed in version 1.4.22-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#327 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 07 December 2011 - 01:46 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2358-1                   security@debian.org
http://www.debian.org/security/                                          
December 05, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-6
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java platform.  This combines the two previous
openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.

CVE-2011-0862
Integer overflow errors in the JPEG and font parser allow
untrusted code (including applets) to elevate its privileges.

CVE-2011-0864
Hotspot, the just-in-time compiler in OpenJDK, mishandled
certain byte code instructions, allowing untrusted code
(including applets) to crash the virtual machine.

CVE-2011-0865
A race condition in signed object deserialization could
allow untrusted code to modify signed content, apparently
leaving its signature intact.

CVE-2011-0867
Untrusted code (including applets) could access information
about network interfaces which was not intended to be public.
(Note that the interface MAC address is still available to
untrusted code.)

CVE-2011-0868
A float-to-long conversion could overflow, , allowing
untrusted code (including applets) to crash the virtual
machine.

CVE-2011-0869
Untrusted code (including applets) could intercept HTTP
requests by reconfiguring proxy settings through a SOAP
connection.

CVE-2011-0871
Untrusted code (including applets) could elevate its
privileges through the Swing MediaTracker code.

CVE-2011-3389
The TLS implementation does not guard properly against certain
chosen-plaintext attacks when block ciphers are used in CBC
mode.

CVE-2011-3521
The CORBA implementation contains a deserialization
vulnerability in the IIOP implementation, allowing untrusted
Java code (such as applets) to elevate its privileges.

CVE-2011-3544
The Java scripting engine lacks necessary security manager
checks, allowing untrusted Java code (such as applets) to
elevate its privileges.

CVE-2011-3547
The skip() method in java.io.InputStream uses a shared buffer,
allowing untrusted Java code (such as applets) to access data
that is skipped by other code.

CVE-2011-3548
The java.awt.AWTKeyStroke class contains a flaw which allows
untrusted Java code (such as applets) to elevate its
privileges.

CVE-2011-3551
The Java2D C code contains an integer overflow which results
in a heap-based buffer overflow, potentially allowing
untrusted Java code (such as applets) to elevate its
privileges.

CVE-2011-3552
Malicous Java code can use up an excessive amount of UDP
ports, leading to a denial of service.

CVE-2011-3553
JAX-WS enables stack traces for certain server responses by
default, potentially leaking sensitive information.

CVE-2011-3554
JAR files in pack200 format are not properly checked for
errors, potentially leading to arbitrary code execution when
unpacking crafted pack200 files.

CVE-2011-3556
The RMI Registry server lacks access restrictions on certain
methods, allowing a remote client to execute arbitary code.

CVE-2011-3557
The RMI Registry server fails to properly restrict privileges
of untrusted Java code, allowing RMI clients to elevate their
privileges on the RMI Registry server.

CVE-2011-3560
The com.sun.net.ssl.HttpsURLConnection class does not perform
proper security manager checks in the setSSLSocketFactory()
method, allowing untrusted Java code to bypass security policy
restrictions.

For the oldstable distribution (lenny), these problems have been fixed
in version 6b18-1.8.10-0~lenny1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2359-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
December 06, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mojarra
Vulnerability  : EL injection
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4358

It was discovered that Mojarra, an implementation of JavaServer Faces,
evaluates untrusted values as EL expressions if includeViewParameters
is set to true.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.3-1+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 2.0.3-2.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2360-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
December 6, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

This is an advance notice that security support for Debian GNU/Linux 5.0
(code name "lenny") will be terminated in two months.

The Debian project released Debian GNU/Linux 6.0 alias "squeeze" on the
6th of February 2011. Users and distributors have been given a one-year
timeframe to upgrade their old installations to the current stable
release. Hence, the security support for the old release of 5.0 is going
to end on the 6th of February 2012 as previously announced.

Previously announced security updates for the old release will continue
to be available on security.debian.org.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#328 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 07 December 2011 - 01:49 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2360-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 6, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

This is an advance notice that security support for Debian GNU/Linux 5.0
(code name "lenny") will be terminated in two months.

The Debian project released Debian GNU/Linux 6.0 alias "squeeze" on the
6th of February 2011. Users and distributors have been given a one-year
timeframe to upgrade their old installations to the current stable
release. Hence, the security support for the old release of 5.0 is going
to end on the 6th of February 2012 as previously announced.

Previously announced security updates for the old release will continue
to be available on security.debian.org.

registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#329 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 07 December 2011 - 09:01 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2361-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
December 07, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chasen
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4000

It was discovered that ChaSen, a Japanese morphological analysis
system, contains a buffer overflow, potentially leading to arbitrary
code execution in programs using the library.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.4.4-2+lenny2.

For the stable distribution (squeeze), this problem has been fixed in
version 2.4.4-11+squeeze2.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#330 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 11 December 2011 - 07:59 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2362-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
December 10, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : acpid
Vulnerability  : several
Problem type   : remote
Debian-specific: partly
CVE ID         : CVE-2011-1159 CVE-2011-2777 CVE-2011-4578

Multiple vulnerabilities were found in the acpid, the Advanced
Configuration and Power Interface event daemon:

CVE-2011-1159

    Vasiliy Kulikov of OpenWall discovered that the socket handling
    is vulnerable to denial of service.

CVE-2011-2777

    Oliver-Tobias Ripka discovered that incorrect process handling in
    the Debian-specific powerbtn.sh script could lead to local
    privilege escalation. This issue doesn't affect oldstable. The
    script is only shipped as an example in /usr/share/doc/acpid/examples.
    See /usr/share/doc/acpid/README.Debian for details.

CVE-2011-4578

    Helmut Grohne and Michael Biebl discovered that acpid sets a umask
    of 0 when executing scripts, which could result in local privilege
    escalation.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.8-1lenny4.

For the stable distribution (squeeze), this problem has been fixed in
version 1:2.0.7-1squeeze3.

For the unstable distribution (sid), this problem will be fixed soon.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#331 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 16 December 2011 - 05:50 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2363-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
December 16, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tor
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2778

It was discovered that Tor, an online privacy tool, incorrectly computes
buffer sizes in certain cases involving SOCKS connections.  Malicious
parties could use this to cause a heap-based buffer overflow, potentially
allowing execution of arbitrary code.

In Tor's default configuration this issue can only be triggered by
clients that can connect to Tor's socks port, which listens only on
localhost by default.

In non-default configurations where Tor's SocksPort listens not only on
localhost or where Tor was configured to use another socks server for all of
its outgoing connections, Tor is vulnerable to a larger set of malicious
parties.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.2.1.32-1.

For the stable distribution (squeeze), this problem has been fixed in
version 0.2.2.35-1~squeeze+1.

For the unstable and testing distributions, this problem has been fixed in
version 0.2.2.35-1.

For the experimental distribution, this problem has has fixed in
version 0.2.3.10-alpha-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#332 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 18 December 2011 - 06:22 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2364-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
December 18, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xorg
Vulnerability  : incorrect permission check
Problem type   : local
Debian-specific: yes
CVE ID         : CVE-2011-4613
Debian Bug     : 652249

The Debian X wrapper enforces that the X server can only be started from
a console. "vladz" discovered that this wrapper could be bypassed.

The oldstable distribution (lenny) is not affected.

For the stable distribution (squeeze), this problem has been fixed in
version 7.5+8+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 1:7.6+10.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2365-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
December 18, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dtc
Vulnerability  : several
Problem type   : local/remote
Debian-specific: no
CVE ID         : CVE-2011-3195 CVE-2011-3196 CVE-2011-3197 CVE-2011-3198
                 CVE-2011-3199
Debian Bug     : 637469 637477 637485 637584 637629 637630 637618 637537 637487 637632 637669

Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple
vulnerabilities in DTC, a web control panel for admin and accounting
hosting services:

CVE-2011-3195

    A possible shell insertion has been found in the mailing list
    handling.

CVE-2011-3196

    Unix rights for the apache2.conf were set incorrectly (world
    readable).

CVE-2011-3197

    Incorrect input sanitising for the $_SERVER["addrlink"] parameter
    could lead to SQL insertion.

CVE-2011-3198

    DTC was using the -b option of htpasswd, possibly revealing
    password in clear text using ps or reading /proc.

CVE-2011-3199

    A possible HTML/javascript insertion vulnerability has been found
    in the DNS & MX section of the user panel.

This update also fixes several vulnerabilities, for which no CVE ID
has been assigned:

It has been discovered that DTC performs insufficient input sanitising
in the package installer, leading to possible unwanted destination
directory for installed packages if some DTC application packages
are installed (note that these aren't available in Debian main).

DTC was setting-up /etc/sudoers with permissive sudo rights to
chrootuid.

Incorrect input sanitizing in the package installer could lead to
SQL insertion.

A malicious user could enter a specially crafted support ticket
subject leading to an SQL injection in the draw_user_admin.php.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.29.18-1+lenny2

The stable distribution (squeeze) doesn't include dtc.

For the unstable distribution (sid), this problem has been fixed in
version 0.34.1-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#333 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 20 December 2011 - 06:42 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2366-1                   security@debian.org
http://www.debian.org/security/                        Jonathan Wiltshire
December 18, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mediawiki
Vulnerability  : multiple
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1587
                 CVE-2011-4360 CVE-2011-4361
Debian Bug     : 650434

Several problems have been discovered in mediawiki, a website engine for
collaborative work.

CVE-2011-1578 CVE-2011-1587

   Masato Kinugawa discovered a cross-site scripting (XSS) issue, which
   affects Internet Explorer clients only, and only version 6 and
   earlier. Web server configuration changes are required to fix this
   issue. Upgrading MediaWiki will only be sufficient for people who use
   Apache with AllowOverride enabled.

   For details of the required configuration changes, see the upstream
   announcements:
  http://lists.wikimedia.org/pipermail/media...ril/000096.html
  http://lists.wikimedia.org/pipermail/media...ril/000097.html

CVE-2011-1579

   Wikipedia user Suffusion of Yellow discovered a CSS validation error
   in the wikitext parser. This is an XSS issue for Internet Explorer
   clients, and a privacy loss issue for other clients since it allows
   the embedding of arbitrary remote images.

CVE-2011-1580

   MediaWiki developer Happy-Melon discovered that the transwiki import
   feature neglected to perform access control checks on form submission.
   The transwiki import feature is disabled by default. If it is enabled,
   it allows wiki pages to be copied from a remote wiki listed in
   $wgImportSources. The issue means that any user can trigger such an
   import to occur.

CVE-2011-4360

   Alexandre Emsenhuber discovered an issue where page titles on private
   wikis could be exposed bypassing different page ids to index.php. In the
   case of the user not having correct permissions, they will now be redirected
   to Special:BadTitle.

CVE-2011-4361

   Tim Starling discovered that action=ajax requests were dispatched to the
   relevant function without any read permission checks being done. This could
   have led to data leakage on private wikis.

For the oldstable distribution (lenny), these problems have been fixed in
version 1:1.12.0-2lenny9.

For the stable distribution (squeeze), these problems have been fixed in
version 1:1.15.5-2squeeze2.

For the unstable distribution (sid), these problems have been fixed in
version 1:1.15.5-5.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2367-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
December 19, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : asterisk
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4597 CVE-2011-4598
Debian Bug     :

Several vulnerabilities have been discovered in Asterisk, an Open
Source PBX and telephony toolkit:

CVE-2011-4597

   Ben Williams discovered that it was possible to enumerate SIP
   user names in some configurations. Please see the upstream
   advisory for details:
   http://downloads.asterisk.org/pub/security/AST-2011-013.html
  
   This update only modifies the sample sip.conf configuration
   file. Please see README.Debian for more information on how
   to update your installation.

CVE-2011-4598

   Kristijan Vrban discovered that Asterisk can be crashed with
   malformed SIP packets if the "automon" feature is enabled.

For the oldstable distribution (lenny), this problem has been fixed in
version 1:1.4.21.2~dfsg-3+lenny6.

For the stable distribution (squeeze), this problem has been fixed in
version 1:1.6.2.9-2+squeeze4.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.8.8.0~dfsg-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#334 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 21 December 2011 - 06:15 AM

- ---------------------------------------------------------------------------
Debian Security Advisory DSA-2368-1                     security@debian.org
http://www.debian.org/security/                                  Nico Golde
Dec 20th, 2011                           http://www.debian.org/security/faq
- ---------------------------------------------------------------------------

Package        : lighttpd
Vulnerability  : multiple
Problem type   : remote
Debian-specific: no
Debian bug     : 652726
CVE IDs        : CVE-2011-4362 CVE-2011-3389

Several vulnerabilities have been discovered in lighttpd, a small and fast
webserver with minimal memory footprint.

CVE-2011-4362

  Xi Wang discovered that the base64 decoding routine which is used to
  decode user input during an HTTP authentication, suffers of a signedness
  issue when processing user input.  As a result it is possible to force
  lighttpd to perform an out-of-bounds read which results in Denial of
  Service conditions.

CVE-2011-3389

  When using CBC ciphers on an SSL enabled virtual host to communicate with
  certain client, a so called "BEAST" attack allows man-in-the-middle
  attackers to obtain plaintext HTTP traffic via a blockwise
  chosen-boundary attack (BCBA) on an HTTPS session.  Technically this is
  no lighttpd vulnerability.  However, lighttpd offers a workaround to
  mitigate this problem by providing a possibility to disable CBC ciphers.

  This updates includes this option by default. System administrators
  are advised to read the NEWS file of this update (as this may break older
  clients).


For the oldstable distribution (lenny), this problem has been fixed in
version 1.4.19+lenny3.

For the stable distribution (squeeze), this problem has been fixed in
version 1.4.28-2+squeeze1.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.30-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#335 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 22 December 2011 - 07:16 AM

- ---------------------------------------------------------------------------
Debian Security Advisory DSA-2369-1                     security@debian.org
http://www.debian.org/security/                                  Nico Golde
Dec 21th, 2011                           http://www.debian.org/security/faq
- ---------------------------------------------------------------------------

Package        : libsoup2.4
Vulnerability  : insufficient input sanitization
Problem type   : remote
Debian-specific: no
Debian bug     : 635837
CVE IDs        : CVE-2011-2524

It was discovered that libsoup2.4, a HTTP library implementation in C, is
not properly validating input when processing requests made to SoupServer.
A remote attacker can exploit this flaw to access system files via a
directory traversal attack.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.4.1-2+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 2.30.2-1+squeeze1.

For the testing distribution (squeeze), this problem has been fixed in
version 2.34.3-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.34.3-1.

registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#336 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 22 December 2011 - 05:44 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2370-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
December 22, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : unbound
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4528 CVE-2011-4869

It was discovered that Unbound, a recursive DNS resolver, would crash
when processing certain malformed DNS responses from authoritative DNS
servers, leading to denial of service.

CVE-2011-4528
Unbound attempts to free unallocated memory during processing
of duplicate CNAME records in a signed zone.

CVE-2011-4869
Unbound does not properly process malformed responses which
lack expected NSEC3 records.

For the oldstable distribution (lenny), these problems have been fixed in
version 1.4.6-1~lenny2.

For the stable distribution (squeeze), these problems have been fixed in
version 1.4.6-1+squeeze2.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.4.14-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#337 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 24 December 2011 - 07:56 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2371-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
December 24, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jasper
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4516 CVE-2011-4517

Two buffer overflows were discovered in JasPer, a library for handling
JPEG-2000 images, which could lead to the execution of arbitrary code.

For the oldstable distribution (lenny), this problem will be fixed in
version 1.900.1-5.1+lenny2. Due to technical limitations of the Debian
archive software, the oldstable update cannot be released synchronously
with the stable update.

For the stable distribution (squeeze), this problem has been fixed in
version 1.900.1-7+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#338 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 25 December 2011 - 06:58 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2372-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
December 25, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : heimdal
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4862

It was discovered that the Kerberos support for telnetd contains a
pre-authentication buffer overflow, which may enable remote attackers
who can connect to the Telnet to execute arbitrary code with root
privileges.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.2.dfsg.1-2.1+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 1.4.0~git20100726.dfsg.1-2+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem will be fixed soon.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2373-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
December 25, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : inetutils
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4862

It was discovered that the Kerberos support for telnetd contains a
pre-authentication buffer overflow, which may enable remote attackers
who can connect to the Telnet to execute arbitrary code with root
privileges.

For the oldstable distribution (lenny), this problem has been fixed in
version 2:1.5.dfsg.1-9+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 2:1.6-3.1+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem will be fixed soon.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#339 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 27 December 2011 - 05:14 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2374-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
December 26, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openswan
Vulnerability  : implementation error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4073
Debian Bug     : 650674

The information security group at ETH Zurich discovered a denial of
service vulnerability in the crypto helper handler of the IKE daemon
pluto. More information can be found in the upstream advisory at
http://openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt  

For the oldstable distribution (lenny), this problem has been fixed in
version 1:2.4.12+dfsg-1.3+lenny4.

For the stable distribution (squeeze), this problem has been fixed in
version 1:2.6.28+dfsg-5+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.6.37-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2375-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
December 26, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : krb5, krb5-appl
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4862

It was discovered that the encryption support for BSD telnetd contains
a pre-authentication buffer overflow, which may enable remote
attackers who can connect to the Telnet port to execute arbitrary code
with root privileges.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny7 of the krb5 package.

For the stable distribution (squeeze), this problem has been fixed in
version 1:1.0.1-1.2 of the krb5-appl package.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem will be fixed soon.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#340 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 30 December 2011 - 07:44 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2376-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
December 30, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ipmitool
Vulnerability  : insecure pid file
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2011-4339
Debian Bug     : 651917

It was discovered that OpenIPMI, the Intelligent Platform Management
Interface library and tools, used too wide permissions PID file,
which allows local users to kill arbitrary processes by writing to
this file.

For the stable distribution (squeeze), this problem has been fixed in
version 1.8.11-2+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.11-5.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2263-2                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
December 30, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : movabletype-opensource
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : not yet available
Debian Bug     : 627936

Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny'
suite at that time. This update adds that package. The original advisory
text follows.

It was discovered that Movable Type, a weblog publishing system,
contains several security vulnerabilities:

A remote attacker could execute arbitrary code in a logged-in users'
web browser.

A remote attacker could read or modify the contents in the system
under certain circumstances.

For the oldstable distribution (lenny), these problems have been fixed in
version 4.2.3-1+lenny3.

For the stable distribution (squeeze), these problems have been fixed in
version 4.3.5+dfsg-2+squeeze2.

For the testing distribution (wheezy) and for the unstable
distribution (sid), these problems have been fixed in version
4.3.6.1+dfsg-1.

registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#341 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 01 January 2012 - 08:56 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2376-2                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
December 31, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ipmitool
Vulnerability  : insecure pid file
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2011-4339
Debian Bug     : 651917

It was discovered that OpenIPMI, the Intelligent Platform Management
Interface library and tools, used too wide permissions PID file,
which allows local users to kill arbitrary processes by writing to
this file.

The original announcement didn't contain corrections for the Debian
5.0 "lenny" distribution. This update adds packages for lenny.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.8.9-2+squeeze1. (Although the version number contains the
string "squeeze", this is in fact an update for lenny.)

For the stable distribution (squeeze), this problem has been fixed in
version 1.8.11-2+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.11-5.

registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#342 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 02 January 2012 - 08:05 AM

- ---------------------------------------------------------------------------
Debian Security Advisory DSA-2377-1                     security@debian.org
http://www.debian.org/security/                                  Nico Golde
Jan 1st, 2012                            http://www.debian.org/security/faq
- ---------------------------------------------------------------------------

Package        : cyrus-imapd-2.2
Vulnerability  : NULL pointer dereference
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2011-3481

It was discovered that cyrus-imapd, a highly scalable mail system designed
for use in enterprise environments, is not properly parsing mail headers
when a client makes use of the IMAP threading feature.  As a result, a NULL
pointer is dereferenced which crashes the daemon.  An attacker can trigger
this by sending a mail containing crafted reference headers and access the
mail with a client that uses the server threading feature of IMAP.


For the oldstable distribution (lenny), this problem has been fixed in
version 2.2.13-14+lenny6.

For the stable distribution (squeeze), this problem has been fixed in
version 2.2.13-19+squeeze3.

For the testing (wheezy) and unstable (sid) distributions, this problem has been
fixed in cyrus-imapd-2.4 version 2.4.11-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#343 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 03 January 2012 - 08:06 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2378-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
January 03, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ffmpeg
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4351 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579

Several vulnerabilities have been discovered in ffmpeg, a multimedia
player, server and encoder. Multiple input validations in the decoders
for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of
arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in
version 4:0.5.6-3.

For the unstable distribution (sid), this problem has been fixed in
version 4:0.7.3-1 of the libav source package.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#344 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 06 January 2012 - 09:48 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2381-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
January 06, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : squid3
Vulnerability  : invalid memory deallocation
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4096

It was discovered that the IPv6 support code in Squid does not
properly handle certain DNS responses, resulting in deallocation of an
invalid pointer and a daemon crash.

The squid package and the version of squid3 shipped in lenny lack IPv6
support and are not affected by this issue.

For the stable distribution (squeeze), this problem has been fixed in
version 3.1.6-1.2+squeeze2.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 3.1.18-1.

registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#345 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 07 January 2012 - 08:31 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2382-1                   security@debian.org
http://www.debian.org/security/                        Jonathan Wiltshire
January 07, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ecryptfs-utils
Vulnerability  : multiple
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835
                 CVE-2011-1837 CVE-2011-3145

Several problems have been discovered in ecryptfs-utils, a cryptographic
filesystem for Linux.

CVE-2011-1831

  Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
  incorrectly validated permissions on the requested mountpoint. A local
  attacker could use this flaw to mount to arbitrary locations, leading
  to privilege escalation.

CVE-2011-1832

  Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
  incorrectly validated permissions on the requested mountpoint. A local
  attacker could use this flaw to unmount to arbitrary locations, leading
  to a denial of service.

CVE-2011-1834

  Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly
  handled modifications to the mtab file when an error occurs. A local
  attacker could use this flaw to corrupt the mtab file, and possibly
  unmount arbitrary locations, leading to a denial of service.

CVE-2011-1835

  Marc Deslauriers discovered that eCryptfs incorrectly handled keys when
  setting up an encrypted private directory. A local attacker could use
  this flaw to manipulate keys during creation of a new user.

CVE-2011-1837

  Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled
  lock counters. A local attacker could use this flaw to possibly overwrite
  arbitrary files.

We acknowledge the work of the Ubuntu distribution in preparing patches
suitable for near-direct inclusion in the Debian package.

For the oldstable distribution (lenny), these problems have been fixed in
version 68-1+lenny1.

For the stable distribution (squeeze), these problems have been fixed in
version 83-4+squeeze1.

For the testing distribution (wheezy) and the unstable distribution (sid),
these problems have been fixed in version 95-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#346 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 08 January 2012 - 06:23 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2383-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
January 08, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : super
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2776

Robert Luberda discovered a buffer overflow in the syslog logging code of
Super, a tool to execute scripts (or other commands) as if they were root.
The default Debian configuration is not affected.

For the oldstable distribution (lenny), this problem has been fixed in
version 3.30.0-2+lenny1. Due to a technical limitation in the Debian
archive scripts this update cannot be released synchronously with the
stable update. It will be available shortly.

For the stable distribution (squeeze), this problem has been fixed in
version 3.30.0-3+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#347 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 10 January 2012 - 01:07 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2384-1                   security@debian.org
http://www.debian.org/security/                                 Luk Claes
January 09, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cacti
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545
                 CVE-2011-4824

Several vulnerabilities have been discovered in cacti, a graphing tool
for monitoring data. Multiple cross site scripting issues allow remote
attackers to inject arbitrary web script or HTML. An SQL injection
vulnerability allows remote attackers to execute arbitrary SQL commands.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.8.7b-2.1+lenny4.

For the stable distribution (squeeze), this problem has been fixed in
version 0.8.7g-1+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.7i-2.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#348 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 10 January 2012 - 06:47 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2385-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
January 10, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pdns
Vulnerability  : packet loop
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-0206

Ray Morris discovered that the PowerDNS authoritative sever responds
to response packets.  An attacker who can spoof the source address of
IP packets can cause an endless packet loop between a PowerDNS
authoritative server and another DNS server, leading to a denial of
service.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.9.21.2-1+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 2.9.22-8+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem will be fixed soon.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#349 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 11 January 2012 - 06:43 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2387-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
January 11, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : simplesamlphp
Vulnerability  : insufficient input sanitation
Problem type   : remote
Debian-specific: no

timtai1 discovered that simpleSAMLphp, an authentication and federation
platform, is vulnerable to a cross site scripting attack, allowing a
remote attacker to access sensitive client data.

The oldstable distribution (lenny) does not contain a simplesamlphp
package.

For the stable distribution (squeeze), this problem has been fixed in
version 1.6.3-3.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.2-1.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2386-1                   security@debian.org
http://www.debian.org/security/                                          
January 10, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openttd
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3341 CVE-2011-3342 CVE-2011-3343

Several vulnerabilities have been discovered in openttd, a transport
business simulation game. Multiple buffer overflows and off-by-one
errors allow remote attackers to cause denial of service.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.6.2-1+lenny4.

For the stable distribution (squeeze), this problem has been fixed in
version 1.0.4-4.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.4-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#350 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,433 posts

Posted 15 January 2012 - 07:03 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2388-1                   security@debian.org
http://www.debian.org/security/                         Yves-Alexis Perez
January 14, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : t1lib
Vulnerability  : several
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552
                 CVE-2011-1553 CVE-2011-1554
Debian Bug     : 652996

Several vulnerabilities were discovered in t1lib, a Postscript Type 1
font rasterizer library, some of which might lead to code execution
through the opening of files embedding bad fonts.

CVE-2010-2642
A heap-based buffer overflow in the AFM font metrics parser
potentially leads to the execution of arbitrary code.

CVE-2011-0433
Another heap-based buffer overflow in the AFM font metrics
parser potentially leads to the execution of arbitrary code.

CVE-2011-0764
An invalid pointer dereference allows execution of arbitrary
code using crafted Type 1 fonts.

CVE-2011-1552
Another invalid pointer dereference results in an application
crash, triggered by crafted Type 1 fonts.

CVE-2011-1553
A use-after-free vulnerability results in an application
crash, triggered by crafted Type 1 fonts.

CVE-2011-1554
An off-by-one error results in an invalid memory read and
application crash, triggered by crafted Type 1 fonts.

For the oldstable distribution (lenny), this problem has been fixed in
version 5.1.2-3+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 5.1.2-3+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 5.1.2-3.3.

For the unstable distribution (sid), this problem has been fixed in
version 5.1.2-3.3.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2390-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
January 15, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4108 CVE-2011-4109 CVE-2011-4354
                 CVE-2011-4576 CVE-2011-4619

Several vulnerabilities were discovered in OpenSSL, an implementation
of TLS and related protocols.  The Common Vulnerabilities and
Exposures project identifies the following vulnerabilities:

CVE-2011-4108
The DTLS implementation performs a MAC check only if certain
padding is valid, which makes it easier for remote attackers
to recover plaintext via a padding oracle attack.

CVE-2011-4109
A double free vulnerability when X509_V_FLAG_POLICY_CHECK is
enabled, allows remote attackers to cause applications crashes
and potentially allow execution of arbitrary code by
triggering failure of a policy check.

CVE-2011-4354
On 32-bit systems, the operations on NIST elliptic curves
P-256 and P-384 are not correctly implemented, potentially
leaking the private ECC key of a TLS server.  (Regular
RSA-based keys are not affected by this vulnerability.)

CVE-2011-4576
The SSL 3.0 implementation does not properly initialize data
structures for block cipher padding, which might allow remote
attackers to obtain sensitive information by decrypting the
padding data sent by an SSL peer.

CVE-2011-4619
The Server Gated Cryptography (SGC) implementation in OpenSSL
does not properly handle handshake restarts, unnecessarily
simplifying CPU exhaustion attacks.

For the oldstable distribution (lenny), these problems have been fixed
in version 0.9.8g-15+lenny15.

For the stable distribution (squeeze), these problems have been fixed
in version 0.9.8o-4squeeze5.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.0.0f-1.
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users