Jump to content


NEW UPDATES Debian

debian updates sunrat bruno v.t. eric layton

  • Please log in to reply
1475 replies to this topic

#301 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 10 October 2011 - 11:01 PM

- -------------------------------------------------------------------------Debian Security Advisory DSA-2321-1                   security@debian.orghttp://www.debian.org/security/                        Moritz MuehlenhoffOctober 10, 2011                       http://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : moinVulnerability  : cross-site scriptingProblem type   : remoteDebian-specific: noCVE ID         : CVE-2011-1058 A cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki.For the oldstable distribution (lenny), this problem has been fixed inversion 1.7.1-3+lenny6.For the stable distribution (squeeze), this problem has been fixed inversion 1.9.3-1+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 1.9.3-3.- -------------------------------------------------------------------------Debian Security Advisory DSA-2322-1                   security@debian.orghttp://www.debian.org/security/                        Jonathan WiltshireOctober 10, 2011                       http://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : bugzillaVulnerability  : severalProblem type   : remoteDebian-specific: noCVE ID         : CVE-201-2979 CVE-2010-4567 CVE-2010-4568 CVE-2010-4572                  CVE-2011-0046 CVE-2011-0048 CVE-2011-2379 CVE-2011-2380                  CVE-2011-2381 CVE-2011-2978 Several vulnerabilities were discovered in Bugzilla, a web-based bugtracking system.CVE-2010-4572  By inserting particular strings into certain URLs, it was  possible to inject both headers and content to any  browser.CVE-2010-4567, CVE-2011-0048  Bugzilla has a "URL" field that can contain several types  of URL, including "java script:" and "data:" URLs. However,  it does not make "java script:" and "data:" URLs into  clickable links, to protect against cross-site scripting  attacks or other attacks. It was possible to bypass this  protection by adding spaces into the URL in places that  Bugzilla did not expect them. Also, "java script:" and  "data:" links were *always* shown as clickable to  logged-out users.CVE-2010-4568  It was possible for a user to gain unauthorized access to  any Bugzilla account in a very short amount of time (short  enough that the attack is highly effective).CVE-2011-0046  Various pages were vulnerable to Cross-Site Request  Forgery attacks. Most of these issues are not as serious  as previous CSRF vulnerabilities.CVE-2011-2978  When a user changes his email address, Bugzilla trusts  a user-modifiable field for obtaining the current e-mail  address to send a confirmation message to. If an attacker  has access to the session of another user (for example,  if that user left their browser window open in a public  place), the attacker could alter this field to cause  the email-change notification to go to their own address.  This means that the user would not be notified that his  account had its email address changed by the attacker.CVE-2011-2381  For flagmails only, attachment descriptions with a newline  in them could lead to the injection of crafted headers in  email notifications when an attachment flag is edited.CVE-2011-2379  Bugzilla uses an alternate host for attachments when  viewing them in raw format to prevent cross-site scripting  attacks. This alternate host is now also used when viewing  patches in "Raw Unified" mode because Internet Explorer 8  and older, and Safari before 5.0.6 do content sniffing,  which could lead to the execution of malicious code.CVE-2011-2380 CVE-201-2979  Normally, a group name is confidential and is only visible  to members of the group, and to non-members if the group  is used in bugs. By crafting the URL when creating or  editing a bug, it was possible to guess if a group existed  or not, even for groups which weren't used in bugs and so  which were supposed to remain confidential.For the oldstable distribution (lenny), it has not been practical tobackport patches to fix these bugs. Users of bugzilla on lenny are strongly advised to upgrade to the version in the squeeze distribution.For the stable distribution (squeeze), these problems have been fixed inversion 3.6.2.0-4.4.For the testing distribution (wheezy) and the unstable distribution (sid),the bugzilla packages have been removed.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#302 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 20 October 2011 - 08:10 PM

- -------------------------------------------------------------------------Debian Security Advisory DSA-2324-1                   security@debian.orghttp://www.debian.org/security/                        Moritz MuehlenhoffOctober 20, 2011                       http://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : wiresharkVulnerability  : programming errorProblem type   : remoteDebian-specific: noCVE ID         : CVE-2011-3360 The Microsoft Vulnerability Research group discovered that insecureload path handling could lead to execution of arbitrary Lua script code.For the oldstable distribution (lenny), this problem has been fixed inversion 1.0.2-3+lenny15. This build will be released shortly.For the stable distribution (squeeze), this problem has been fixed inversion 1.2.11-6+squeeze4.For the unstable distribution (sid), this problem has been fixed inversion 1.6.2-1.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#303 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 23 October 2011 - 07:32 PM

- --------------------------------------------------------------------------
Debian Security Advisory DSA-2325-1                    security@debian.org
http://www.debian.org/security/                             Aurelien Jarno
October 23, 2011                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kfreebsd-8
Vulnerability  : privilege escalation/denial of service
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4062

Buffer overflow in the "linux emulation" support in FreeBSD kernel
allows local users to cause a denial of service (panic) and possibly
execute arbitrary code by calling the bind system call with a long path
for a UNIX-domain socket, which is not properly handled when the
address is used by other unspecified system calls.

For the stable distribution (squeeze), this problem has been fixed in
version 8.1+dfsg-8+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 8.2-9.


registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#304 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 24 October 2011 - 08:04 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2326-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
October 24, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pam
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3148 CVE-2011-3149

Kees Cook of the ChromeOS security team discovered a buffer overflow
in pam_env, a PAM module to set environment variables through the
PAM stack, which allowed the execution of arbitrary code. An additional
issue in argument parsing allows denial of service.

The oldstable distribution (lenny) is not affected.

For the stable distribution (squeeze), this problem has been fixed in
version 1.1.1-6.1+squeeze1.

- --------------------------------------------------------------------------
Debian Security Advisory DSA-2327-1                    security@debian.org
http://www.debian.org/security/                                 Nico Golde
Oct 24th, 2011                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libfcgi-perl
Vulnerability  : authentication bypass
Problem type   : remote
Debian-specific: no
Debian bug     : 607479
CVE IDs        : CVE-2011-2766

Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing
FastCGI applications, is incorrectly restoring environment variables of
a prior request in subsequent requests.  In some cases this may lead
to authentication bypasses or worse.


The oldstable distribution (lenny) is not affected by this problem.

For the stable distribution (squeeze), this problem has been fixed in
version 0.71-1+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 0.73-2.

For the unstable distribution (sid), this problem has been fixed in
version 0.73-2.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2328-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
October 24, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : freetype
Vulnerability  : missing input sanitising
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3256
Debian Bug     : 646120

It was discovered that missing input sanitising in Freetype's glyph
handling could lead to memory corruption, resulting in denial of service
or the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.3.7-2+lenny7.

For the stable distribution (squeeze), this problem has been fixed in
version 2.4.2-2.1+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.7-1.


registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#305 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 27 October 2011 - 08:37 AM

- --------------------------------------------------------------------------
Debian Security Advisory DSA-2329-1                    security@debian.org
http://www.debian.org/security/                                 Nico Golde
Oct 27th, 2011                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : torque
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
Debian bug     : none
CVE IDs        : CVE-2011-2193

Bartlomiej Balcerek discovered several buffer overflows in torque server,
a PBS-derived batch processing server.  This allows an attacker to crash the
service or execute arbitrary code with privileges of the server via crafted
job or host names.

The oldstable distribution (lenny) does not contain torque.

For the stable distribution (squeeze), this problem has been fixed in
version 2.4.8+dfsg-9squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 2.4.15+dfsg-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.15+dfsg-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#306 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 27 October 2011 - 08:06 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2330-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
October 27, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : simplesamlphp
Vulnerability  : xml encryption weakness
Problem type   : remote
Debian-specific: no

Issues were found in the handling of XML encryption in simpleSAMLphp,
an application for federated authentication. The following two issues
have been addressed:

It may be possible to use an SP as an oracle to decrypt encrypted
messages sent to that SP.

It may be possible to use the SP as a key oracle which can be used
to forge messages from that SP by issuing 300000-2000000 queries to
the SP.

The oldstable distribution (lenny) does not contain simplesamlphp.

For the stable distribution (squeeze), this problem has been fixed in
version 1.6.3-2.

The testing distribution (wheezy) will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.2-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#307 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 28 October 2011 - 06:20 PM

- --------------------------------------------------------------------------
Debian Security Advisory DSA-2331-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
October 28, 2011                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : tor
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2768 CVE-2011-2769

It has been discovered by "frosty_un" that a design flaw in Tor, an online
privacy tool, allows malicious relay servers to learn certain information
that they should not be able to learn. Specifically, a relay that a user
connects to directly could learn which other relays that user is
connected to directly. In combination with other attacks, this issue
can lead to deanonymizing the user.  The Common Vulnerabilities and
Exposures project has assigned CVE-2011-2768 to this issue.

In addition to fixing the above mentioned issues, the updates to oldstable
and stable fix a number of less critical issues (CVE-2011-2769). Please
see this posting from the Tor blog for more information:
https://blog.torproject.org/blog/tor-02234-...ecurity-patches

For the oldstable distribution (lenny), this problem has been fixed in
version 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian
archive scripts, the update cannot be released synchronously with the
packages for stable. It will be released shortly.

For the stable distribution (squeeze), this problem has been fixed in
version 0.2.1.31-1.

For the unstable and testing distributions, this problem has been fixed in
version 0.2.2.34-1.

For the experimental distribution, this problem have has fixed in version
0.2.3.6-alpha-1.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2323-1                   security@debian.org
http://www.debian.org/security/                         Yves-Alexis Perez
October 26, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : radvd
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605
Debian Bug     : 644614

Multiple security issues were discovered by Vasiliy Kulikov in radvd, an
IPv6 Router Advertisement daemon:

CVE-2011-3602

   set_interface_var() function doesn't check the interface name, which is
   chosen by an unprivileged user. This could lead to an arbitrary file
   overwrite if the attacker has local access, or specific files overwrites
   otherwise.

CVE-2011-3604

   process_ra() function lacks multiple buffer length checks which could
   lead to memory reads outside the stack, causing a crash of the daemon.

CVE-2011-3605

   process_rs() function calls mdelay() (a function to wait for a defined
   time) unconditionnally when running in unicast-only mode. As this call
   is in the main thread, that means all request processing is delayed (for
   a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacked could
   flood the daemon with router solicitations in order to fill the input
   queue, causing a temporary denial of service (processing would be
   stopped during all the mdelay() calls).
   Note: upstream and Debian default is to use anycast mode.


For the oldstable distribution (lenny), this problem has been fixed in
version 1:1.1-3.1.

For the stable distribution (squeeze), this problem has been fixed in
version 1:1.6-1.1.

For the testing distribution (wheezy), this problem has been fixed in
version 1:1.8-1.2.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.8-1.2.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#308 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 29 October 2011 - 02:51 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2332-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
October 29, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django
Vulnerability  : several issues
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139
                 CVE-2011-4140
Debian Bug     : 641405

Paul McMillan, Mozilla and the Django core team discovered several
vulnerabilities in Django, a Python web framework:

CVE-2011-4136

  When using memory-based sessions and caching, Django sessions are
  stored directly in the root namespace of the cache. When user data is
  stored in the same cache, a remote user may take over a session.

CVE-2011-4137, CVE-2011-4138

  Django's field type URLfield by default checks supplied URL's by
  issuing a request to it, which doesn't time out. A Denial of Service
  is possible by supplying specially prepared URL's that keep the
  connection open indefinately or fill the Django's server memory.

CVE-2011-4139

  Django used X-Forwarded-Host headers to construct full URL's. This
  header may not contain trusted input and could be used to poison the
  cache.

CVE-2011-4140

  The CSRF protection mechanism in Django does not properly handle
  web-server configurations supporting arbitrary HTTP Host headers,
  which allows remote attackers to trigger unauthenticated forged
  requests.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.2-1+lenny3.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.3-3+squeeze2.

For the testing (wheezy) and unstable distribution (sid), this problem
has been fixed in version 1.3.1-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#309 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 30 October 2011 - 08:08 PM

- --------------------------------------------------------------------------
Debian Security Advisory DSA-2333-1                    security@debian.org
http://www.debian.org/security/                         Jonathan Wiltshire
Oct 31th, 2011                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : phpldapadmin
Vulnerability  : several
Problem type   : remote
Debian-specific: no
Debian bug     : 646754
CVE IDs        : CVE-2011-4075 CVE-2011-4074

Two vulnerabilities have been discovered in phpldapadmin, a web based
interface for administering LDAP servers. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2011-4074

  Input appended to the URL in cmd.php (when "cmd" is set to "_debug") is
  not properly sanitised before being returned to the user. This can be
  exploited to execute arbitrary HTML and script code in a user's browser
  session in context of an affected site.

CVE-2011-4075

  Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to
  "query_engine", "query" is set to "none", and "search" is set to e.g.
  "1") is not properly sanitised in lib/functions.php before being used in a
  "create_function()" function call. This can be exploited to inject and
  execute arbitrary PHP code.


For the oldstable distribution (lenny), these problems have been fixed in
version 1.1.0.5-6+lenny2.

For the stable distribution (squeeze), these problems have been fixed in
version 1.2.0.5-2+squeeze1.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 1.2.0.5-2.1.


registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#310 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 04 November 2011 - 06:07 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2334-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 04, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mahara
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2771 CVE-2011-2772 CVE-2011-2773

Several vulnerabilities were discovered in Mahara, an electronic
portfolio, weblog, and resume builder:

CVE-2011-2771

   Teemu Vesala discovered that missing input sanitising of RSS
   feeds could lead to cross-site scripting.

CVE-2011-2772
    
   Richard Mansfield discovered that insufficient upload restrictions
   allowed denial of service.

CVE-2011-2773

   Richard Mansfield that the management of institutions was prone to
   cross-site request forgery.

(no CVE ID available yet)

   Andrew Nichols discovered a privilege escalation vulnerability
   in MNet handling.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.4-4+lenny11.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.6-2+squeeze3.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.1-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#311 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 05 November 2011 - 08:00 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2335-1                   security@debian.org
http://www.debian.org/security/                                Nico Golde
November 5th, 2011                     http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : man2hhtml
Vulnerability  : missing input sanitization
Problem type   : remote
Debian-specific: yes
CVE ID         : CVE-2011-2770

Tim Starling discovered that the Debian-native CGI wrapper for man2html,
a program to convert UNIX man pages to HTML, is not properly escaping
user-supplied input when displaying various error messages.  A remote
attacker can exploit this flaw to conduct cross-site scripting (XSS)
attacks.


For the oldstable distribution (lenny), this problem has been fixed in
version 1.6f-3+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 1.6f+repack-1+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 1.6g-6.

For the unstable distribution (sid), this problem has been fixed in
version 1.6g-6.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#312 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 06 November 2011 - 09:46 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2337-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
November 6, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
Vulnerability  : several vulnerabilities
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262

Several vulnerabilities were discovered in the Xen virtual machine
hypervisor.

CVE-2011-1166

  A 64-bit guest can get one of its vCPU'ss into non-kernel
  mode without first providing a valid non-kernel pagetable,
  thereby locking up the host system.

CVE-2011-1583, CVE-2011-3262

  Local users can cause a denial of service and possibly execute
  arbitrary code via a crafted paravirtualised guest kernel image.

CVE-2011-1898

  When using PCI passthrough on Intel VT-d chipsets that do not
  have interrupt remapping, guest OS can users to gain host OS
  privileges by writing to the interrupt injection registers.

The oldstable distribution (lenny) contains a different version of Xen
not affected by these problems.

For the stable distribution (squeeze), this problem has been fixed in
version 4.0.1-4.

For the testing (wheezy) and unstable distribution (sid), this problem
has been fixed in version 4.1.1-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#313 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 07 November 2011 - 07:59 PM

Package        : moodle
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : not yet available

Several cross-site scripting and information disclosure issues have
been fixed in Moodle, a course management system for online learning:

* MSA-11-0020 Continue links in error messages can lead offsite
* MSA-11-0024 Recaptcha images were being authenticated from an older
              server
* MSA-11-0025 Group names in user upload CSV not escaped
* MSA-11-0026 Fields in user upload CSV not escaped
* MSA-11-0031 Forms API constant issue
* MSA-11-0032 MNET SSL validation issue
* MSA-11-0036 Messaging refresh vulnerability
* MSA-11-0037 Course section editing injection vulnerability
* MSA-11-0038 Database injection protection strengthened

For the stable distribution (squeeze), this problem has been fixed in
version 1.9.9.dfsg2-2.1+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 1.9.9.dfsg2-4.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2339-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 07, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nss
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3640
Debian Bug     : 647614

This update to the NSS cryptographic libraries revokes the trust in the
"DigiCert Sdn. Bhd" certificate authority. More information can be found
in the Mozilla Security Blog:
http://blog.mozilla.com/security/2011/11/0...cate-authority/

This update also fixes an insecure load path for pkcs11.txt configuration
file (CVE-2011-3640).

For the oldstable distribution (lenny), this problem has been fixed in
version 3.12.3.1-0lenny7.

For the stable distribution (squeeze), this problem has been fixed in
version 3.12.8-1+squeeze4.

For the unstable distribution (sid), this problem has been fixed in
version 3.13.1.with.ckbi.1.88-1.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2336-1                   security@debian.org
http://www.debian.org/security/                         Yves-Alexis Perez
November 07, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ffmpeg
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3362 CVE-2011-3973 CVE-2011-3974 CVE-2011-3504
Debian Bug     : 641478

Multiple vulnerabilities were found in the ffmpeg, a multimedia player,
server and encoder:

CVE-2011-3362

    An integer signedness error in decode_residual_block function of
    the Chinese AVS video (CAVS) decoder in libavcodec can lead to
    denial of service (memory corruption and application crash) or
    possible code execution via a crafted CAVS file.

CVE-2011-3973/CVE-2011-3974

    Multiple errors in the Chinese AVS video (CAVS) decoder can lead to
    denial of service (memory corruption and application crash) via an
    invalid bitstream.

CVE-2011-3504

    A memory allocation problem in the Matroska format decoder can lead
    to code execution via a crafted file.

For the stable distribution (squeeze), this problem has been fixed in
version 4:0.5.5-1.

For the unstable distribution (sid), this problem has been fixed in
version 4:0.7.2-1 of the libav source package.

Security support for ffmpeg has been discontinued for the oldstable
distribution (lenny) before in DSA 2306.
The current version in oldstable is not supported by upstream anymore
and is affected by several security issues. Backporting fixes for these
and any future issues has become unfeasible and therefore we needed to
drop our security support for the version in oldstable.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2340-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
November 7, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : postgresql-8.3, postgresql-8.4, postgresql-9.0
Vulnerability  : weak password hashing
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2483
Debian Bug     : 631285

magnum discovered that the blowfish password hashing used amongst
others in PostgreSQL contained a weakness that would give passwords
with 8 bit characters the same hash as weaker equivalents.

For the oldstable distribution (lenny), this problem has been fixed in
postgresql-8.3 version 8.3.16-0lenny1.

For the stable distribution (squeeze), this problem has been fixed in
postgresql-8.4 version 8.4.9-0squeeze1.

For the testing distribution (wheezy) and unstable distribution (sid),
this problem has been fixed in postgresql-8.4 version 8.4.9-1,
postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1.

The updates also include reliability improvements, originally scheduled
for inclusion into the next point release; for details see the respective
changelogs.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#314 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 09 November 2011 - 07:41 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2341-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 09, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : iceweasel
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650

Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.

CVE-2011-3647

   "moz_bug_r_a4" discovered a privilege escalation vulnerability in
   addon handling.    

CVE-2011-3648

   Yosuke Hasegawa discovered that incorrect handling of Shift-JIS
   encodings could lead to cross-site scripting.

CVE-2011-3650

   Marc Schoenefeld discovered that profiling the Javascript code
   could lead to memory corruption.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.9.0.19-15 of the xulrunner source package.

For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-11.

For the unstable distribution (sid), this problem has been fixed in
version 8.0-1.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2342-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 09, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : iceape
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650

Several vulnerabilities have been found in the Iceape internet suite, an
unbranded version of Seamonkey:

CVE-2011-3647

   "moz_bug_r_a4" discovered a privilege escalation vulnerability in
   addon handling.    

CVE-2011-3648

   Yosuke Hasegawa discovered that incorrect handling of Shift-JIS
   encodings could lead to cross-site scripting.

CVE-2011-3650

   Marc Schoenefeld discovered that profiling the Javascript code
   could lead to memory corruption.

The oldstable distribution (lenny) is not affected. The iceape package only
provides the XPCOM code.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-9.

For the unstable distribution (sid), this problem has been fixed in
version 2.0.14-9.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2343-1                   security@debian.org
http://www.debian.org/security/                          Raphael Geissert
November 09, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
Vulnerability  : CA trust revocation
Problem type   : remote
Debian-specific: no

Several weak certificates were issued by Malaysian intermediate CA
"Digicert Sdn. Bhd." This event, along with other issues, has lead to
Entrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed
certificates.

This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this
decision by marking Digicert Sdn. Bhd.'s certificates as revoked.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.9.8g-15+lenny14.

For the stable distribution (squeeze), this problem has been fixed in
version 0.9.8o-4squeeze4.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1.0.0e-2.1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#315 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 11 November 2011 - 07:04 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2344-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
November 11, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django-piston
Vulnerability  : deserialization vulnerability
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4103
Debian Bug     : 647315

It was discovered that the Piston framework can deserializes untrusted
YAML and Pickle data, leading to remote code execution. (CVE-2011-4103)

The old stable distribution (lenny) does not contain a
python-django-piston package.

For the stable distribution (squeeze), this problem has been fixed in
version 0.2.2-1+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 0.2.2-2.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2345-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
November 11, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icedove
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650

Several vulnerabilities have been discovered in Icedove, a mail client
based on Thunderbird.

CVE-2011-3647
        The JSSubScriptLoader does not properly handle
        XPCNativeWrappers during calls to the loadSubScript method in
        an add-on, which makes it easier for remote attackers to gain
        privileges via a crafted web site that leverages certain
        unwrapping behavior.

CVE-2011-3648
A cross-site scripting (XSS) vulnerability allows remote
attackers to inject arbitrary web script or HTML via crafted
text with Shift JIS encoding.

CVE-2011-3650
        Iceweasel does not properly handle Javascript files that
contain many functions, which allows user-assisted remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly have unspecified other impact
via a crafted file that is accessed by debugging APIs, as
demonstrated by Firebug.

For the stable distribution (squeeze), these problems have been fixed
in version 3.0.11-1+squeeze6.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 3.1.15-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#316 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 15 November 2011 - 06:48 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2346-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
November 15, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : proftpd-dfsg
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4130
Debian Bug     : 648373

Several vulnerabilities were discovered in ProFTPD, an FTP server:

ProFTPD incorrectly uses data from an unencrypted input buffer
after encryption has been enabled with STARTTLS, an issue
similar to CVE-2011-0411.

CVE-2011-4130
ProFTPD uses a response pool after freeing it under
exceptional conditions, possibly leading to remote code
execution.  (The version in lenny is not affected by this
problem.)

For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny8.

For the stable distribution (squeeze), this problem has been fixed in
version 1.3.3a-6squeeze4.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 1.3.4~rc3-2.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#317 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 16 November 2011 - 06:54 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2346-2                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
November 16, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : proftpd-dfsg
Vulnerability  : several
Problem type   : remote
Debian-specific: no
Debian Bug     : 648922

The ProFTPD security update, DSA-2346-1, introduced a regression,
preventing successful TLS connections.  This regression does not
affected the stable distribution (squeeze), nor the testing and
unstable distributions.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny9.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2347-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
November 16, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : bind9
Vulnerability  : improper assert
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4313

It was discovered that BIND, a DNS server, crashes while processing
certain sequences of recursive DNS queries, leading to a denial of
service.  Authoritative-only server configurations are not affected by
this issue.

For the oldstable distribution (lenny), this problem has been fixed in
version 1:9.6.ESV.R4+dfsg-0+lenny4.

For the stable distribution (squeeze), this problem has been fixed in
version 1:9.7.3.dfsg-1~squeeze4.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#318 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 19 November 2011 - 12:29 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2349-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 19, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : spip
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : not available yet

Two vulnerabilities have been found in SPIP, a website engine for
publishing, which allow privilege escalation to site administrator
privileges and cross-site scripting.

The oldstable distribution (lenny) doesn't include spip.

For the stable distribution (squeeze), this problem has been fixed in
version 2.1.1-3squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 2.1.12-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#319 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 20 November 2011 - 07:35 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2350-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 20, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : freetype
Vulnerability  : missing input sanitising
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3439
Debian Bug     : 649122

It was discovered that missing input sanitising in Freetype's processing
of CID-keyed fonts could lead to the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.3.7-2+lenny8.

For the stable distribution (squeeze), this problem has been fixed in
version 2.4.2-2.1+squeeze3.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.8-1.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2348-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 17, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : systemtap
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2010-4170 CVE-2010-4171 CVE-2011-2503

Several vulnerabilities were discovered in SystemTap, an instrumentation
system for Linux:

CVE-2011-2503

   It was discovered that a race condition in staprun could lead to
   privilege escalation.    

CVE-2010-4170

   It was discovered that insufficient validation of environment
   variables in staprun could lead to privilege escalation.

CVE-2010-4171

   It was discovered that insufficient validation of module unloading
   could lead to denial of service.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2-5+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 1.6-1.


registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#320 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 21 November 2011 - 06:39 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2351-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 21, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wireshark
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4102

Huzaifa Sidhpurwala discovered a buffer overflow in Wireshark's ERF
dissector, which could lead to the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version wireshark 1.0.2-3+lenny16.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.11-6+squeeze5.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.3-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#321 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 22 November 2011 - 06:51 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2352-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 22, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : puppet
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3872

It was discovered that Puppet, a centralized configuration management
solution, misgenerated certificates if the "certdnsnames" option was
used. This could lead to man in the middle attacks. More details are
available at http://puppetlabs.com/security/cve/cve-2011-3872/

For the oldstable distribution (lenny), this problem has been fixed in
version 0.24.5-3+lenny2.

For the stable distribution (squeeze), this problem has been fixed in
version 2.6.2-5+squeeze3.

For the unstable distribution (sid), this problem has been fixed in
version 2.7.6-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#322 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 24 November 2011 - 06:10 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2353-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 24, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ldns
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3581
Debian Bug     :

David Wheeler discovered a buffer overflow in ldns's code to parse
RR records, which could lead to the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.4.0-1+lenny2.

For the stable distribution (squeeze), this problem has been fixed in
version 1.6.6-2+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.11-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#323 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 30 November 2011 - 07:28 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2354-1                   security@debian.org
http://www.debian.org/security/                         Yves-Alexis Perez
November 28, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cups
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2896 CVE-2011-3170

Petr Sklenar and Tomas Hoger discovered that missing input sanitising in
the GIF decoder inside the Cups printing system could lead to denial
of service or potentially arbitrary code execution through crafted GIF
files.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny10.

For the stable distribution (squeeze), this problem has been fixed in
version 1.4.4-7+squeeze1.

For the testing and unstable distribution (sid), this problem has been
fixed in version 1.5.0-8.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2355-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 30, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : clearsilver
Vulnerability  : format string vulnerability
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-4357

Leo Iannacone and Colin Watson discovered a format string vulnerability
in the Python bindings for the Clearsilver HTML template system, which
may lead to denial of service or the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.10.4-1.3+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 0.10.5-1+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#324 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 01 December 2011 - 07:24 PM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2356-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
December 01, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-6
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java platform:

CVE-2011-3389
The TLS implementation does not guard properly against certain
chosen-plaintext attacks when block ciphers are used in CBC
mode.

CVE-2011-3521
The CORBA implementation contains a deserialization
vulnerability in the IIOP implementation, allowing untrusted
Java code (such as applets) to elevate its privileges.

CVE-2011-3544
The Java scripting engine lacks necessary security manager
checks, allowing untrusted Java code (such as applets) to
elevate its privileges.

CVE-2011-3547
The skip() method in java.io.InputStream uses a shared buffer,
allowing untrusted Java code (such as applets) to access data
that is skipped by other code.

CVE-2011-3548
The java.awt.AWTKeyStroke class contains a flaw which allows
untrusted Java code (such as applets) to elevate its
privileges.

CVE-2011-3551
The Java2D C code contains an integer overflow which results
in a heap-based buffer overflow, potentially allowing
untrusted Java code (such as applets) to elevate its
privileges.

CVE-2011-3552
Malicous Java code can use up an excessive amount of UDP
ports, leading to a denial of service.

CVE-2011-3553
JAX-WS enables stack traces for certain server responses by
default, potentially leaking sensitive information.

CVE-2011-3554
JAR files in pack200 format are not properly checked for
errors, potentially leading to arbitrary code execution when
unpacking crafted pack200 files.

CVE-2011-3556
The RMI Registry server lacks access restrictions on certain
methods, allowing a remote client to execute arbitary code.

CVE-2011-3557
The RMI Registry server fails to properly restrict privileges
of untrusted Java code, allowing RMI clients to elevate their
privileges on the RMI Registry server.

CVE-2011-3560
The com.sun.net.ssl.HttpsURLConnection class does not perform
proper security manager checks in the setSSLSocketFactory()
method, allowing untrusted Java code to bypass security policy
restrictions.

For the stable distribution (squeeze), this problem has been fixed in
version 6b18-1.8.10-0+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 6b23~pre11-1.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#325 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,655 posts

Posted 04 December 2011 - 09:16 AM

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2357-1                   security@debian.org
http://www.debian.org/security/                         Yves-Alexis Perez
December 03, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : evince
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-264320
Debian Bug     : 609534

Jon Larimer from IBM X-Force Advanced Research discovered multiple
vulnerabilities in the DVI backend of the evince document viewer:

CVE-2010-2640

    Insuficient array bounds checks in the PK fonts parser could lead
    to function pointer overwrite, causing arbitrary code execution.

CVE-2010-2641

    Insuficient array bounds checks in the PK fonts parser could lead
    to function pointer overwrite, causing arbitrary code execution.

CVE-2010-2642

    Insuficient bounds checks in the AFM fonts parser when writing
    data to a memory buffer allocated on heap could lead to arbitrary
    memory overwrite and arbitrary code execution.

CVE-2010-2643

    Insuficient check on an integer used as a size for memory
    allocation can lead to arbitrary write outside the allocated range
    and cause arbitrary code execution.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.22.2-4~lenny2.

For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641
and CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for
CVE-2010-2642 was incomplete. The final fix is present in version
2.30.3-2+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 3.0.2.

For the unstable distribution (sid), this problem has been fixed in
version 3.0.2.

registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.





Also tagged with one or more of these keywords: debian, updates, sunrat, bruno, v.t. eric layton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users