Jump to content

Bruno

Recommended Posts

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2384-2 security@debian.org

http://www.debian.org/security/

February 04, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : cacti

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545

CVE-2011-4824

 

It was discovered that the last security update for cacti, DSA-2384-1,

introduced a regression in lenny.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.8.7b-2.1+lenny5.

 

The stable distribution (squeeze) is not affected by this regression.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2404-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

February 05, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xen-qemu-dm-4.0

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0029

 

Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e

network interface card of QEMU, which is used in the xen-qemu-dm-4.0

packages. This vulnerability might enable to malicious guest systems

to crash the host system or escalate their privileges.

 

The old stable distribution (lenny) does not contain the

xen-qemu-dm-4.0 package.

 

For the stable distribution (squeeze), this problem has been fixed in

version 4.0.1-2+squeeze1.

 

The testing distribution (wheezy) and the unstable distribution (sid)

will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2405-1 security@debian.org

http://www.debian.org/security/ Stefan Fritsch

February 06, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : apache2

Vulnerability : multiple issues

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3607 CVE-2011-3368 CVE-2011-3639 CVE-2011-4317

CVE-2012-0031 CVE-2012-0053

 

Several vulnerabilities have been found in the Apache HTTPD Server:

 

CVE-2011-3607:

 

An integer overflow in ap_pregsub() could allow local attackers to

execute arbitrary code at elevated privileges via crafted .htaccess

files.

 

CVE-2011-3368 CVE-2011-3639 CVE-2011-4317:

 

The Apache HTTP Server did not properly validate the request URI for

proxied requests. In certain reverse proxy configurations using the

ProxyPassMatch directive or using the RewriteRule directive with the

[P] flag, a remote attacker could make the proxy connect to an

arbitrary server. The could allow the attacker to access internal

servers that are not otherwise accessible from the outside.

 

The three CVE ids denote slightly different variants of the same

issue.

 

Note that, even with this issue fixed, it is the responsibility of

the administrator to ensure that the regular expression replacement

pattern for the target URI does not allow a client to append arbitrary

strings to the host or port parts of the target URI. For example, the

configuration

 

ProxyPassMatch ^/mail(.*) http://internal-host$1

 

is still insecure and should be replaced by one of the following

configurations:

 

ProxyPassMatch ^/mail(/.*) http://internal-host$1

ProxyPassMatch ^/mail/(.*) http://internal-host/$1

 

CVE-2012-0031:

 

An apache2 child process could cause the parent process to crash

during shutdown. This is a violation of the privilege separation

between the apache2 processes and could potentially be used to worsen

the impact of other vulnerabilities.

 

CVE-2012-0053:

 

The response message for error code 400 (bad request) could be used to

expose "httpOnly" cookies. This could allow a remote attacker using

cross site scripting to steal authentication cookies.

 

 

For the oldstable distribution (lenny), these problems have been fixed in

version apache2 2.2.9-10+lenny12.

 

For the stable distribution (squeeze), these problems have been fixed in

version apache2 2.2.16-6+squeeze6

 

For the testing distribution (wheezy), these problems will be fixed in

version 2.2.22-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.2.22-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2403-2 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

February 06, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

Vulnerability : code injection

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0830

 

Stefan Esser discovered that the implementation of the max_input_vars

configuration variable in a recent PHP security update was flawed such

that it allows remote attackers to crash PHP or potentially execute

code.

 

This update adds packages for the oldstable distribution, which were

missing from the original advisory. The problem has been fixed in

version 5.2.6.dfsg.1-1+lenny16, installed into the security archive

on 3 Feb 2012.

 

For the stable distribution (squeeze), this problem has been fixed in

version 5.3.3-7+squeeze7.

 

For the unstable distribution (sid), this problem has been fixed in

version 5.3.10-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2406-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

February 09, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449

 

Several vulnerabilities have been discovered in Icedove, Debian's

variant of the Mozilla Thunderbird code base.

 

CVE-2011-3670

Icedove does not not properly enforce the IPv6 literal address

syntax, which allows remote attackers to obtain sensitive

information by making XMLHttpRequest calls through a proxy and

reading the error messages.

 

CVE-2012-0442

Memory corruption bugs could cause Icedove to crash or

possibly execute arbitrary code.

 

CVE-2012-0444

Icedove does not properly initialize nsChildView data

structures, which allows remote attackers to cause a denial of

service (memory corruption and application crash) or possibly

execute arbitrary code via a crafted Ogg Vorbis file.

 

CVE-2012-0449

Icedove allows remote attackers to cause a denial of service

(memory corruption and application crash) or possibly execute

arbitrary code via a malformed XSLT stylesheet that is

embedded in a document

 

For the stable distribution (squeeze), this problem has been fixed in

version 3.0.11-1+squeeze7.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2407-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

February 09, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : cvs

Vulnerability : heap overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0804

 

It was discovered that a malicious CVS server could cause a heap

overflow in the CVS client, potentially allowing the server to execute

arbitrary code on the client.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1:1.12.13-12+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2:1.12.13+real-7.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2408-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 13, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-1072 CVE-2011-4153 CVE-2012-0781 CVE-2012-0788

CVE-2012-0831

 

Several vulnerabilities have been discovered in PHP, the web scripting

language. The Common Vulnerabilities and Exposures project identifies

the following issues:

 

CVE-2011-1072

 

It was discoverd that insecure handling of temporary files in the PEAR

installer could lead to denial of service.

 

CVE-2011-4153

 

Maksymilian Arciemowicz discovered that a NULL pointer dereference in

the zend_strndup() function could lead to denial of service.

 

CVE-2012-0781

 

Maksymilian Arciemowicz discovered that a NULL pointer dereference in

the tidy_diagnose() function could lead to denial of service.

 

CVE-2012-0788

 

It was discovered that missing checks in the handling of PDORow

objects could lead to denial of service.

 

CVE-2012-0831

 

It was discovered that the magic_quotes_gpc setting could be disabled

remotely

 

This update also addresses PHP bugs, which are not treated as security issues

in Debian (see README.Debian.security), but which were fixed nonetheless:

CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467

CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182

CVE-2011-3267

 

For the stable distribution (squeeze), this problem has been fixed in

version 5.3.3-7+squeeze8.

 

For the unstable distribution (sid), this problem has been fixed in

version 5.3.10-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2409-1 security@debian.org

http://www.debian.org/security/ Raphael Geissert

February 15, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : devscripts

Vulnerability : several

Problem type : local (remote)

Debian-specific: yes

CVE ID : CVE-2012-0210 CVE-2012-0211 CVE-2012-0212

 

Several vulnerabilities have been discovered in debdiff, a script used

to compare two Debian packages, which is part of the devscripts package.

The following Common Vulnerabilities and Exposures project ids have been

assigned to identify them:

 

CVE-2012-0210:

 

Paul Wise discovered that due to insufficient input sanitising when

processing .dsc and .changes files, it is possible to execute

arbitrary code and disclose system information.

 

CVE-2012-0211:

 

Raphael Geissert discovered that it is possible to inject or modify

arguments of external commands when processing source packages with

specially-named tarballs in the top-level directory of the .orig

tarball, allowing arbitrary code execution.

 

CVE-2012-0212:

 

Raphael Geissert discovered that it is possible to inject or modify

arguments of external commands when passing as argument to debdiff

a specially-named file, allowing arbitrary code execution.

 

 

For the stable distribution (squeeze), these problems have been fixed in

version 2.10.69+squeeze2.

 

For the testing distribution (wheezy), these problems will be fixed soon.

 

For the unstable distribution (sid), these problems will be fixed in

version 2.11.4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2410-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 15, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libpng

Vulnerability : integer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3026

 

Jueri Aedla discovered an integer overflow in the libpng PNG library,

which could lead to the execution of arbitrary code if a malformed

image is processed.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.2.44-1+squeeze2.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2411-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

February 19, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mumble

Vulnerability : information disclosure

Problem type : local

Debian-specific: no

CVE ID : CVE-2012-0863

Debian Bug : 659039

 

It was discovered that mumble, a VoIP client, does not probably manage

permission on its user-specific configuration files, allowing other

local users on the system to access them.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.2.2-6+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem has been fixed in version 1.2.3-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2412-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 19, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libvorbis

Vulnerability : buffer overflow

Problem type : local

Debian-specific: no

CVE ID : CVE-2012-0444

 

It was discovered that a heap overflow in the Vorbis audio compression

library could lead to the execution of arbitrary code if a malformed

Ogg Vorbis file is processed.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.3.1-1+squeeze1.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2413-1 security@debian.org

http://www.debian.org/security/ Luk Claes

February 20, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libarchive

Vulnerability : buffer overflows

Problem type : remote/local

Debian-specific: no

CVE ID : CVE-2011-1777 CVE-2011-1778

 

Two buffer overflows have been discovered in libarchive, a library

providing a flexible interface for reading and writing archives in

various formats. The possible buffer overflows while reading is9660

or tar streams allow remote attackers to execute arbitrary

code depending on the application that makes use of this functionality.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.8.4-1+squeeze1.

 

For the testing (wheezy) and unstable (sid) distributions,

this problem has been fixed in version 2.8.5-5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2413-1 security@debian.org

http://www.debian.org/security/ Nico Golde

February 21, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : fex

Vulnerability : insufficient input sanitization

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0869

 

Nicola Fioravanti discovered that F*X, a web service for transferring

very large files, is not properly sanitizing input parameters of the "fup"

script. An attacker can use this flaw to conduct reflected cross-site

scripting attacks via various script parameters.

 

For the stable distribution (squeeze), this problem has been fixed in

version 20100208+debian1-1+squeeze2.

 

For the testing distribution (wheezy), this problem will be fixed soon.

 

For the unstable distribution (sid), this problem has been fixed

in version 20120215-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2415-1 security@debian.org

http://www.debian.org/security/ Nico Golde

February 21, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libmodplug

Vulnerability : several

Problem type : local

Debian-specific: no

CVE ID : CVE-2011-1761 CVE-2011-2911 CVE-2011-2912 CVE-2011-2913

CVE-2011-2914 CVE-2011-2915

 

Several vulnerabilities that can lead to the execution of arbitrary code

have been discovered in libmodplug, a library for mod music based on

ModPlug. The Common Vulnerabilities and Exposures project identifies

the following issues:

 

CVE-2011-1761

 

epiphant discovered that the abc file parser is vulnerable to several

stack-based buffer overflows that potentially lead to the execution

of arbitrary code.

 

CVE-2011-2911

 

Hossein Lotfi of Secunia discovered that the CSoundFile::ReadWav

function is vulnerable to an integer overflow which leads to a

heap-based buffer overflow. An attacker can exploit this flaw to

potentially execute arbitrary code by tricking a victim into opening

crafted WAV files.

 

CVE-2011-2912

 

Hossein Lotfi of Secunia discovered that the CSoundFile::ReadS3M

function is vulnerable to a stack-based buffer overflow. An attacker

can exploit this flaw to potentially execute arbitrary code by

tricking a victim into opening crafted S3M files.

 

CVE-2011-2913

 

Hossein Lotfi of Secunia discovered that the CSoundFile::ReadAMS

function suffers from an off-by-one vulnerability that leads to

memory corruption. An attacker can exploit this flaw to potentially

execute arbitrary code by tricking a victim into opening crafted AMS

files.

 

CVE-2011-2914

 

It was discovered that the CSoundFile::ReadDSM function suffers

from an off-by-one vulnerability that leads to memory corruption.

An attacker can exploit this flaw to potentially execute arbitrary

code by tricking a victim into opening crafted DSM files.

 

CVE-2011-2915

 

It was discovered that the CSoundFile::ReadAMS2 function suffers

from an off-by-one vulnerability that leads to memory corruption.

An attacker can exploit this flaw to potentially execute arbitrary

code by tricking a victim into opening crafted AMS files.

 

 

For the stable distribution (squeeze), this problem has been fixed in

version 1:0.8.8.1-1+squeeze2.

 

For the testing (wheezy) and unstable (sid) distributions, this problem

has been fixed in version 1:0.8.8.4-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2417-1 security@debian.org

http://www.debian.org/security/ Nico Golde

February 22, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxml2

Vulnerability : computational denial of service

Problem type : local/remote

Debian-specific: no

Debug bug : 660846

CVE ID : CVE-2012-0841

 

It was discovered that the internal hashing routine of libxml2,

a library providing an extensive API to handle XML data, is vulnerable to

predictable hash collisions. Given an attacker with knowledge of the

hashing algorithm, it is possible to craft input that creates a large

amount of collisions. As a result it is possible to perform denial of

service attacks against applications using libxml2 functionality because

of the computational overhead.

 

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.7.8.dfsg-2+squeeze3.

 

For the testing (wheezy) and unstable (sid) distributions, this problem

will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2416-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

February 22, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : notmuch

Vulnerability : information disclosure

Problem type : remote

Debian-specific: no

 

It was discovered that Notmuch, an email indexer, did not sufficiently

escape Emacs MML tags. When using the Emacs interface, a user could

be tricked into replying to a maliciously formatted message which could

lead to files from the local machine being attached to the outgoing

message.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.3.1+squeeze1.

 

For the testing distribution (wheezy) and unstable distribution (sid),

this problem has been fixed in version 0.11.1-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2414-2 security@debian.org

http://www.debian.org/security/ Nico Golde

February 25, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : fex

Vulnerability : insufficient input sanitization

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0869

 

It was discovered that the last security update for F*X, DSA-2414-1,

introduced a regression. Updated packages are now available to address

this problem.

 

For the stable distribution (squeeze), this problem has been fixed in

version 20100208+debian1-1+squeeze3.

 

The testing (wheezy) and unstable (sid) distributions are not affected

by this problem.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2418-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 27, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : postgresql-8.4

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0866 CVE-2012-0867 CVE-2012-0868

 

Several local vulnerabilities have been discovered in PostgreSQL, an

object-relational SQL database. The Common Vulnerabilities and Exposures

project identifies the following problems:

 

CVE-2012-0866

 

It was discovered that the permissions of a function called by a

trigger are not checked. This could result in privilege escalation.

 

CVE-2012-0867

 

It was discovered that only the first 32 characters of a host name

are checked when validating host names through SSL certificates.

This could result in spoofing the connection in limited

circumstances.

 

CVE-2012-0868

 

It was discovered that pg_dump did not sanitise object names.

This could result in arbitrary SQL command execution if a

malformed dump file is opened.

 

For the stable distribution (squeeze), this problem has been fixed in

version 8.4.11-0squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 8.4.11-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2419-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

February 27, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : puppet

Vulnerability : several

Problem type : local

Debian-specific: no

CVE ID : CVE-2012-1053 CVE-2012-1054

 

Two vulnerabilities were discovered in Puppet, a centralized

configuration management tool.

 

CVE-2012-1053

Puppet runs execs with an unintended group privileges,

potentially leading to privilege escalation.

 

CVE-2012-1054

The k5login type writes to untrusted locations,

enabling local users to escalate their privileges

if the k5login type is used.

 

For the stable distribution (squeeze), these problems have been fixed

in version 2.6.2-5+squeeze4.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 2.7.11-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2420-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

February 28, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-6

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3377 CVE-2011-3563 CVE-2011-5035 CVE-2012-0497

CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505

CVE-2012-0506 CVE-2012-0507

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform.

 

CVE-2011-3377

The Iced Tea browser plugin included in the openjdk-6 package

does not properly enforce the Same Origin Policy on web content

served under a domain name which has a common suffix with the

required domain name.

 

CVE-2011-3563

The Java Sound component did not properly check for array

boundaries. A malicious input or an untrusted Java application

or applet could use this flaw to cause Java Virtual Machine to

crash or disclose portion of its memory.

 

CVE-2011-5035

The OpenJDK embedded web server did not guard against an

excessive number of a request parameters, leading to a denial

of service vulnerability involving hash collisions.

 

CVE-2012-0497

It was discovered that Java2D did not properly check graphics

rendering objects before passing them to the native renderer.

This could lead to JVM crash or Java sandbox bypass.

 

CVE-2012-0501

The ZIP central directory parser used by java.util.zip.ZipFile

entered an infinite recursion in native code when processing a

crafted ZIP file, leading to a denial of service.

 

CVE-2012-0502

A flaw was found in the AWT KeyboardFocusManager class that

could allow untrusted Java applets to acquire keyboard focus

and possibly steal sensitive information.

 

CVE-2012-0503

The java.util.TimeZone.setDefault() method lacked a security

manager invocation, allowing an untrusted Java application or

applet to set a new default time zone.

 

CVE-2012-0505

The Java serialization code leaked references to serialization

exceptions, possibly leaking critical objects to untrusted

code in Java applets and applications.

 

CVE-2012-0506

It was discovered that CORBA implementation in Java did not

properly protect repository identifiers (that can be obtained

using _ids() method) on certain Corba objects. This could

have been used to perform modification of the data that should

have been immutable.

 

CVE-2012-0507

The AtomicReferenceArray class implementation did not properly

check if the array is of an expected Object[] type. A

malicious Java application or applet could use this flaw to

cause Java Virtual Machine to crash or bypass Java sandbox

restrictions

 

For the stable distribution (squeeze), these problems have been fixed in

version 6b18-1.8.13-0+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 6b24-1.11.1-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2421-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 29, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : moodle

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4308 CVE-2011-4584 CVE-2011-4585 CVE-2011-4586

CVE-2011-4587 CVE-2011-4588 CVE-2012-0792 CVE-2012-0793

CVE-2012-0794 CVE-2012-0795 CVE-2012-0796

 

Several security issues have been fixed in Moodle, a course management

system for online learning:

 

CVE-2011-4308 / CVE-2012-0792

 

Rossiani Wijaya discovered an information leak in

mod/forum/user.php

 

CVE-2011-4584

 

MNET authentication didn't prevent a user using "Login As" from

jumping to a remove MNET SSO.

 

CVE-2011-4585

 

Darragh Enright discovered that the change password form was send in

over plain HTTP even if httpslogin was set to "true".

 

CVE-2011-4586

 

David Michael Evans and German Sanchez Gances discovered CRLF

injection/HTTP response splitting vulnerabilities in the Calendar

module.

 

CVE-2011-4587

 

Stephen Mc Guiness discovered empty passwords could be entered in

some circumstances.

 

CVE-2011-4588

 

Patrick McNeill that IP address restrictions could be bypassed in

MNET.

 

CVE-2012-0796

 

Simon Coggins discovered that additional information could be

injected into mail headers.

 

CVE-2012-0795

 

John Ehringer discovered that email adresses were insufficiently

validated.

 

CVE-2012-0794

 

Rajesh Taneja discovered that cookie encryption used a fixed key.

 

CVE-2012-0793

 

Eloy Lafuente discovered that profile images were insufficiently

protected. A new configuration option "forceloginforprofileimages"

was introduced for that.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.9.9.dfsg2-2.1+squeeze3.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.9.9.dfsg2-5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2422-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

February 29, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : file

Vulnerability : missing bounds checks

Problem type : remote

Debian-specific: no

 

The file type identification tool, file, and its associated library,

libmagic, do not properly process malformed files in the Composite

Document File (CDF) format, leading to crashes.

 

Note that after this update, file may return different detection

results for CDF files (well-formed or not). The new detections are

believed to be more accurate.

 

For the stable distribution (squeeze), this problem has been fixed in

version 5.04-5+squeeze1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2423-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

March 02, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : movabletype-opensource

Vulnerability : several

Problem type : remote

Debian-specific: no

Debian Bug : 631437 661064

 

Several vulnerabilities were discovered in Movable Type, a blogging

system:

 

Under certain circumstances, a user who has "Create Entries" or

"Manage Blog" permissions may be able to read known files on the local

file system.

 

The file management system contains shell command injection

vulnerabilities, the most serious of which may lead to arbitrary OS

command execution by a user who has a permission to sign-in to the

admin script and also has a permission to upload files.

 

Session hijack and cross-site request forgery vulnerabilities exist in

the commenting and the community script. A remote attacker could

hijack the user session or could execute arbitrary script code on

victim's browser under the certain circumstances.

 

Templates which do not escape variable properly and mt-wizard.cgi

contain cross-site scripting vulnerabilities.

 

For the stable distribution (squeeze), these problems have been fixed

in version 4.3.8+dfsg-0+squeeze2.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 5.1.3+dfsg-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2424-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

March 04, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxml-atom-perl

Vulnerability : XML external entity expansion

Problem type : remote

Debian-specific: no

 

It was discovered that the XML::Atom Perl module did not disable

external entities when parsing XML from potentially untrusted sources.

This may allow attackers to gain read access to otherwise protected

ressources, depending on how the library is used.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.37-1+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem has been fixed in version 0.39-1.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2425-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

March 04, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : plib

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4620

Debian Bug : 654785

 

It was discovered that PLIB, a library used by TORCS, contains a

buffer overflow in error message processing, which could allow remote

attackers to execute arbitrary code.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.8.5-5+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem has been fixed in version 1.8.5-5.1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2426-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

March 06, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gimp

Vulnerability : several

Problem type : local

Debian-specific: no

CVE ID : CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543

CVE-2011-1782 CVE-2011-2896

 

Several vulnerabilities have been identified in GIMP, the GNU Image

Manipulation Program.

 

CVE-2010-4540

Stack-based buffer overflow in the load_preset_response

function in plug-ins/lighting/lighting-ui.c in the "LIGHTING

EFFECTS > LIGHT" plugin allows user-assisted remote attackers

to cause a denial of service (application crash) or possibly

execute arbitrary code via a long Position field in a plugin

configuration file.

 

CVE-2010-4541

Stack-based buffer overflow in the loadit function in

plug-ins/common/sphere-designer.c in the SPHERE DESIGNER

plugin allows user-assisted remote attackers to cause a denial

of service (application crash) or possibly execute arbitrary

code via a long "Number of lights" field in a plugin

configuration file.

 

CVE-2010-4542

Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb

function in in the GFIG plugin allows user-assisted remote

attackers to cause a denial of service (application crash) or

possibly execute arbitrary code via a long Foreground field in a

plugin configuration file.

 

CVE-2010-4543

Heap-based buffer overflow in the read_channel_data function in

file-psp.c in the Paint Shop Pro (PSP) plugin allows remote

attackers to cause a denial of service (application crash) or

possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE

compression) image file that begins a long run count at the end

of the image.

 

CVE-2011-1782

The correction for CVE-2010-4543 was incomplete.

 

CVE-2011-2896

The LZW decompressor in the LZWReadByte function in

plug-ins/common/file-gif-load.c does not properly handle code

words that are absent from the decompression table when

encountered, which allows remote attackers to trigger an

infinite loop or a heap-based buffer overflow, and possibly

execute arbitrary code, via a crafted compressed stream.

 

 

For the stable distribution (squeeze), these problems have been fixed in

version 2.6.10-1+squeeze3.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 2.6.11-5.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2427-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

March 06, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : imagemagick

Vulnerability : several

Problem type : local

CVE ID : CVE-2012-0247 CVE-2012-0248

 

Two security vulnerabilities related to EXIF processing were

discovered in ImageMagick, a suite of programs to manipulate images:

 

CVE-2012-0247

When parsing a maliciously crafted image with incorrect offset

and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick

writes two bytes to an invalid address.

 

CVE-2012-0248

Parsing a maliciously crafted image with an IFD whose all IOP

tags value offsets point to the beginning of the IFD itself

results in an endless loop and a denial of service.

 

For the stable distribution (squeeze), these problems have been fixed

in version 8:6.6.0.4-3+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 8:6.6.9.7-6.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2429-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

March 07, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mysql-5.1

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101

CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114

CVE-2012-0115 CVE-2012-0116 CVE-2012-0118 CVE-2012-0119

CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0490

CVE-2012-0492

Debian Bug : 659687

 

Several security vulnerabilities were discovered in MySQL, a database

management system. The vulnerabilities are addressed by upgrading

MySQL to a new upstream version, 5.1.61, which includes additional

changes, such as performance improvements and corrections for data

loss defects. These changes are described in the MySQL release notes

at: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html

 

For the stable distribution (squeeze), these problems have been fixed

in version 5.1.61-0+squeeze1.

 

For the unstable distribution (sid), these problems have been fixed in

version 5.1.61-2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2428-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 07, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : freetype

Vulnerability : several

Problem type : local

Debian-specific: no

CVE ID : CVE-2012-1133 CVE-2012-1134 CVE-2012-1136 CVE-2012-1142

CVE-2012-1144

 

Mateusz Jurczyk from the Google Security Team discovered several

vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts,

which could result in the execution of arbitrary code if a malformed

font file is processed.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.4.2-2.1+squeeze4. The updated packages are already available

since yesterday, but the advisory text couldn't be send earlier.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2430-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 10, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : python-pam

Vulnerability : double free

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-1502

 

Markus Vervier discovered a double free in the Python interface to the

PAM library, which could lead to denial of service.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.4.2-12.2+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.4.2-13.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2431-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 11, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libdbd-pg-perl

Vulnerability : format string vulnerabilities

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-1151

Debian Bug : 661536

 

Niko Tyni discovered two format string vulnerabilities in DBD::Pg, a Perl

DBI driver for the PostgreSQL database server, which can be exploited

by a rogue database server.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.17.1-2+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.19.0-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2432-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 12, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libyaml-libyaml-perl

Vulnerability : format string vulnerabilities

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-1152

Debian Bug : 661548

 

Dominic Hargreaves and Niko Tyni discovered two format string

vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml

library.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.33-1+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.38-2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2433-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 15, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461

 

Several vulnerabilities have been discovered in Iceweasel, a web browser

based on Firefox. The included XULRunner library provides rendering

services for several other applications included in Debian.

 

CVE-2012-0455

 

Soroush Dalili discovered that a cross-site scripting countermeasure

related to Javascript URLs could be bypassed.

 

CVE-2012-0456

 

Atte Kettunen discovered an out of bounds read in the SVG Filters,

resulting in memory disclosure.

 

CVE-2012-0458

 

Mariusz Mlynski discovered that privileges could be escalated through

a Javascript URL as the home page.

 

CVE-2012-0461

 

Bob Clary discovered memory corruption bugs, which may lead to the

execution of arbitrary code.

 

For the stable distribution (squeeze), this problem has been fixed in

version 3.5.16-13.

 

For the unstable distribution (sid), this problem has been fixed in

version 10.0.3esr-1.

 

For the experimental distribution, this problem has been fixed in

version 11.0-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2436-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

March 19, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libapache2-mod-fcgid

Vulnerability : inactive resource limits

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-1181

Debian Bug : 615814

 

It was discovered that the Apache FCGID module, a FastCGI implementation,

did not properly enforce the FcgidMaxProcessesPerClass resource limit,

rendering this control ineffective and potentially allowing a virtual

host to consume excessive resources.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1:2.3.6-1+squeeze1.

 

For the testing distribution (wheezy), this problem will be fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:2.3.6-1.1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2434-1 security@debian.org

http://www.debian.org/security/ Luciano Bello

March 19, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nginx

Vulnerability : sensitive information leak

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-1180

Debian Bug : 664137

 

Matthew Daley discovered a memory disclosure vulnerability in nginx. In

previous versions of this web server, an attacker can receive the content of

previously freed memory if an upstream server returned a specially crafted HTTP

response, potentially exposing sensitive information.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.7.67-3+squeeze2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.1.17-1.

 

- - -------------------------------------------------------------------------

Debian Security Advisory DSA-2435-1 security@debian.org

http://www.debian.org/security/ Gabriele Giacone

March 19, 2012 http://www.debian.org/security/faq

- - -------------------------------------------------------------------------

 

Package : gnash

Vulnerability : several

Problem type : local / local (remote)

Debian-specific: no

CVE ID : CVE-2010-4337 CVE-2011-4328 CVE-2012-1175

Debian Bug : 605419 649384 664023

 

Several vulnerabilities have been identified in Gnash, the GNU Flash

player.

 

CVE-2012-1175

 

Tielei Wang from Georgia Tech Information Security Center discovered a

vulnerability in GNU Gnash which is caused due to an integer overflow

error and can be exploited to cause a heap-based buffer overflow by

tricking a user into opening a specially crafted SWF file.

 

CVE-2011-4328

 

Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie

files are stored under /tmp and have predictable names, vulnerability

that allows a local attacker to overwrite arbitrary files the users has

write permissions for, and are also world-readable which may cause

information leak.

 

CVE-2010-4337

 

Jakub Wilk discovered an unsafe management of temporary files during the

build process. Files are stored under /tmp and have predictable names,

vulnerability that allows a local attacker to overwrite arbitrary files

the users has write permissions for.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.8.8-5+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.8.10-5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2437-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 21, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461

 

Several vulnerabilities have been discovered in Icedove, an unbranded

version of the Thunderbird mail/news client.

 

CVE-2012-0455

 

Soroush Dalili discovered that a cross-site scripting countermeasure

related to Javascript URLs could be bypassed.

 

CVE-2012-0456

 

Atte Kettunen discovered an out of bounds read in the SVG Filters,

resulting in memory disclosure.

 

CVE-2012-0458

 

Mariusz Mlynski discovered that privileges could be escalated through

a Javascript URL as the home page.

 

CVE-2012-0461

 

Bob Clary discovered memory corruption bugs, which may lead to the

execution of arbitrary code.

 

For the stable distribution (squeeze), this problem has been fixed in

version icedove 3.0.11-1+squeeze8.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2438-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 22, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : raptor

Vulnerability : programming error

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0037

 

It was discovered that Raptor, a RDF parser and serializer library,

allows file inclusion through XML entities, resulting in information

disclosure.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.4.21-2+squeeze1.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2439-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 22, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libpng

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3045

 

Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG

library, which could lead to the execution of arbitrary code if a

malformed image is processed.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.2.44-1+squeeze3. Packages for i386 are not yet available,

but will be provided shortly.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2440-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

March 24, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libtasn1-3

Vulnerability : missing bounds check

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-1569

 

Matthew Hall discovered that many callers of the asn1_get_length_der

function did not check the result against the overall buffer length

before processing it further. This could result in out-of-bounds

memory accesses and application crashes. Applications using GNUTLS

are exposed to this issue.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.7-1+squeeze+1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.12-1.

Link to comment
Share on other sites

×
×
  • Create New...