sunrat Posted March 25, 2012 Share Posted March 25, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2441-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 25, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnutls26 Vulnerability : missing bounds check Problem type : remote Debian-specific: no CVE ID : CVE-2012-1573 Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library. For the stable distribution (squeeze), this problem has been fixed in version 2.8.6-1+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 2.12.18-1 of the gnutls26 package and version 3.0.17-2 of the gnutls28 package. Link to comment Share on other sites More sharing options...
sunrat Posted March 26, 2012 Share Posted March 26, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2442-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 26, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openarena Vulnerability : UDP traffic amplification Problem type : remote Debian-specific: no CVE ID : CVE-2010-5077 Debian Bug : 665656 It has been discovered that spoofed "getstatus" UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine (such as openarena). These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of service. For the stable distribution (squeeze), this problem has been fixed in version 0.8.5-5+squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 0.8.5-6. Link to comment Share on other sites More sharing options...
sunrat Posted March 27, 2012 Share Posted March 27, 2012 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2443-1 security@debian.org http://www.debian.org/security/ Dann Frazier March 26, 2012 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : privilege escalation/denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-4307 CVE-2011-1833 CVE-2011-4347 CVE-2012-0045 CVE-2012-1090 CVE-2012-1097 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4307 Nageswara R Sastry reported an issue in the ext4 filesystem. Local users with the privileges to mount a filesystem can cause a denial of service (BUG) by providing a s_log_groups_per_flex value greater than 31. CVE-2011-1833 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information leak in the eCryptfs filesystem. Local users were able to mount arbitrary directories. CVE-2011-4347 Sasha Levin reported an issue in the device assignment functionality in KVM. Local users with permission to access /dev/kvm could assign unused pci devices to a guest and cause a denial of service (crash). CVE-2012-0045 Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest running on a 64-bit system can crash the guest with a syscall instruction. CVE-2012-1090 CAI Qian reported an issue in the CIFS filesystem. A reference count leak can occur during the lookup of special files, resulting in a denial of service (oops) on umount. CVE-2012-1097 H. Peter Anvin reported an issue in the regset infrastructure. Local users can cause a denial of service (NULL pointer dereference) by triggering the write methods of readonly regsets. For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-41squeeze2. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+41squeeze2 Link to comment Share on other sites More sharing options...
sunrat Posted March 29, 2012 Share Posted March 29, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2444-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 29, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tryton-server Vulnerability : privilege escalation Problem type : remote Debian-specific: no CVE ID : CVE-2012-0215 It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field. For the stable distribution (squeeze), this problem has been fixed in version 1.6.1-2+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 2.2.2-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 31, 2012 Share Posted March 31, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2445-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 31, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : typo3-src Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-1606 CVE-2012-1607 CVE-2012-1608 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: CVE-2012-1606 Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these vulnerabilities. CVE-2012-1607 Accessing a CLI Script directly with a browser may disclose the database name used for the TYPO3 installation. CVE-2012-1608 By not removing non printable characters, the API method t3lib_div::RemoveXSS() fails to filter specially crafted HTML injections, thus is susceptible to Cross-Site Scripting. For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 4.5.14+dfsg1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2442-2 security@debian.org http://www.debian.org/security/ Florian Weimer March 31, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openarena Vulnerability : UDP traffic amplification Problem type : remote Debian-specific: no CVE ID : CVE-2010-5077 The openarena update DSA-2442-1 introduced a regression in which servers would cease to respond to status requests after an uptime of several weeks. For the stable distribution (squeeze), this problem has been fixed in version 0.8.5-5+squeeze3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2398-2 security@debian.org http://www.debian.org/security/ Florian Weimer March 31, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl Vulnerability : regression Debian-specific: no Debian Bug : 658276 cURL is a command-line tool and library for transferring data with URL syntax. It was discovered that the countermeasures against the Dai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389, "BEAST") cause interoperability issues with some server implementations. This update ads the the CURLOPT_SSL_OPTIONS and CURLSSLOPT_ALLOW_BEAST options to the library, and the - --ssl-allow-beast option to the "curl" program. For the stable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze2. Link to comment Share on other sites More sharing options...
sunrat Posted April 5, 2012 Share Posted April 5, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2446-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 04, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpng Vulnerability : incorrect memory handling Problem type : local(remote) Debian-specific: no CVE ID : CVE-2011-3048 It was discovered that incorrect memory handling in the png_set_text2() function of the PNG library could lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version libpng_1.2.44-1+squeeze4. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2447-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 04, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff Vulnerability : integer overflow Problem type : local(remote) Debian-specific: no CVE ID : CVE-2012-1173 Alexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened. For the stable distribution (squeeze), this problem has been fixed in version 3.9.4-5+squeeze4. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted April 10, 2012 Share Posted April 10, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2448-1 security@debian.org http://www.debian.org/security/ Jonathan Wiltshire April 10, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inspircd Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-1836 Debian Bug : 667914 It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query. For the stable distribution (squeeze), this problem has been fixed in version 1.1.22+dfsg-4+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 1.1.22+dfsg-4+wheezy1. For the unstable distribution (sid), this problem has been fixed in version 2.0.5-0.1. Link to comment Share on other sites More sharing options...
sunrat Posted April 13, 2012 Share Posted April 13, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2449-1 security@debian.org http://www.debian.org/security/ Nico Golde April 12, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sqlalchemy Vulnerability : missing input sanitization Problem type : remote Debian-specific: no CVE ID : CVE-2012-0805 It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select() as well as the value passed to select.limit()/offset(). This allows an attacker to perform SQL injection attacks against applications using sqlalchemy that do not implement their own filtering. For the stable distribution (squeeze), this problem has been fixed in version 0.6.3-3+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 0.6.7-1. For the unstable distribution (sid), this problem has been fixed in version 0.6.7-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2450-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst April 12, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba Vulnerability : privilege escalation Problem type : remote Debian-specific: no CVE ID : CVE-2012-1182 Debian Bug : 668309 It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection. For the stable distribution (squeeze), this problem has been fixed in version 2:3.5.6~dfsg-3squeeze7. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2:3.6.4-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2451-1 security@debian.org http://www.debian.org/security/ Nico Golde April 13, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : puppet Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2012-1906 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 Several vulnerabilities have been discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-1906 Puppet is using predictable temporary file names when downloading Mac OS X package files. This allows a local attacker to either overwrite arbitrary files on the system or to install an arbitrary package. CVE-2012-1986 When handling requests for a file from a remote filebucket, puppet can be tricked into overwriting its defined location for filebucket storage. This allows an authorized attacker with access to the puppet master to read arbitrary files. CVE-2012-1987 Puppet is incorrectly handling filebucket store requests. This allows an attacker to perform denial of service attacks against puppet by resource exhaustion. CVE-2012-1988 Puppet is incorrectly handling filebucket requests. This allows an attacker with access to the certificate on the agent and an unprivileged account on puppet master to execute arbitrary code via crafted file path names and making a filebucket request. For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze5. For the testing distribution (wheezy), this problem has been fixed in version 2.7.13-1. For the unstable distribution (sid), this problem has been fixed in version 2.7.13-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 16, 2012 Share Posted April 16, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2452-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch April 15, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 Vulnerability : insecure default configuration Problem type : local/remote Debian-specific: yes CVE ID : CVE-2012-0216 Niels Heinen noticed a security issue with the default Apache configuration on Debian if certain scripting modules like mod_php or mod_rivet are installed. The problem arises because the directory /usr/share/doc, which is mapped to the URL /doc, may contain example scripts that can be executed by requests to this URL. Although access to the URL /doc is restricted to connections from localhost, this still creates security issues in two specific configurations: - - If some front-end server on the same host forwards connections to an apache2 backend server on the localhost address, or - - if the machine running apache2 is also used for web browsing. Systems not meeting one of these two conditions are not known to be vulnerable. The actual security impact depends on which packages (and accordingly which example scripts) are installed on the system. Possible issues include cross site scripting, code execution, or leakage of sensitive data. This updates removes the problematic configuration sections from the files /etc/apache2/sites-available/default and .../default-ssl. When upgrading, you should not blindly allow dpkg to replace those files, though. Rather you should merge the changes, namely the removal of the 'Alias /doc "/usr/share/doc"' line and the related '<Directory "/usr/share/doc/">' block, into your versions of these config files. You may also want to check if you have copied these sections to any additional virtual host configurations. For the stable distribution (squeeze), this problem has been fixed in version 2.2.16-6+squeeze7. For the testing distribution (wheezy), this problem will be fixed in version 2.2.22-4. For the unstable distribution (sid), this problem will be fixed in version 2.2.22-4. For the experimental distribution, this problem has been fixed in version 2.4.1-3. Link to comment Share on other sites More sharing options...
sunrat Posted April 16, 2012 Share Posted April 16, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2453-1 security@debian.org http://www.debian.org/security/ Nico Golde April 16, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gajim Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2012-2093 CVE-2012-2086 CVE-2012-2085 Debian bug : 668038 Several vulnerabilities have been discovered in gajim, a feature-rich jabber client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-1987 gajim is not properly sanitizing input before passing it to shell commands. An attacker can use this flaw to execute arbitrary code on behalf of the victim if the user e.g. clicks on a specially crafted URL in an instant message. CVE-2012-2093 gajim is using predictable temporary files in an insecure manner when converting instant messages containing LaTeX to images. A local attacker can use this flaw to conduct symlink attacks and overwrite files the victim has write access to. CVE-2012-2086 gajim is not properly sanitizing input when logging conversations which results in the possibility to conduct SQL injection attacks. For the stable distribution (squeeze), this problem has been fixed in version 0.13.4-3+squeeze2. For the testing distribution (wheezy), this problem has been fixed in version 0.15-1. For the unstable distribution (sid), this problem has been fixed in version 0.15-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 19, 2012 Share Posted April 19, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2453-2 security@debian.org http://www.debian.org/security/ Nico Golde April 19, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gajim Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2012-2093 CVE-2012-2086 CVE-2012-2085 Debian bug : 668038 It was discovered that the last security update for gajim, DSA-2453-1, introduced a regression in certain environments. For the stable distribution (squeeze), this problem has been fixed in version 0.13.4-3+squeeze3. Link to comment Share on other sites More sharing options...
sunrat Posted April 20, 2012 Share Posted April 20, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2454-1 security@debian.org http://www.debian.org/security/ Raphael Geissert April 19, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl Vulnerability : multiple Problem type : remote Debian-specific: no CVE ID : CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). CVE-2012-1165 It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow. Additionally, the fix for CVE-2011-4619 has been updated to address an issue with SGC handshakes. For the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze11. For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.0.1a-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 21, 2012 Share Posted April 21, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2455-1 security@debian.org http://www.debian.org/security/ Nico Golde April 20, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : typo3-src Vulnerability : missing input sanitization Problem type : remote Debian-specific: no CVE IDs : CVE-2012-2112 Debian bug : 669158 Helmut Hummel of the typo3 security team discovered that typo3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this output on their own or in the presence of extensions using the extbase MVC framework which accept objects to controller actions. For the stable distribution (squeeze), this problem has been fixed in version 4.3.9+dfsg1-1+squeeze4. For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted May 3, 2012 Share Posted May 3, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2456-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 23, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dropbear Vulnerability : use after free Problem type : remote Debian-specific: no CVE ID : CVE-2012-0920 Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place. For the stable distribution (squeeze), this problem has been fixed in version 0.52-5+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 2012.55-1. For the unstable distribution (sid), this problem has been fixed in version 2012.55-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2457-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0470 Atte Kettunen discovered that a memory corruption bug in gfxImageSurface may lead to the execution of arbitrary code. CVE-2012-0471 Anne van Kesteren discovered that incorrect multibyte octet decoding may lead to cross-site scripting. CVE-2012-0477 Masato Kinugawa discovered that incorrect encoding of Korean and Chinese character sets may lead to cross-site scripting. CVE-2012-0479 Jeroen van der Gun discovered a spoofing vulnerability in the presentation of Atom and RSS feeds over HTTPS. For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-14. For the unstable distribution (sid), this problem has been fixed in version 10.0.4esr-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2458-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceape Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461 CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. CVE-2012-0458 Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page. CVE-2012-0461 Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0470 Atte Kettunen discovered that a memory corruption bug in gfxImageSurface may lead to the execution of arbitrary code. CVE-2012-0471 Anne van Kesteren discovered that incorrect multibyte octet encoding may lead to cross-site scripting. CVE-2012-0477 Masato Kinugawa discovered that incorrect encoding of Korean and Chinese character sets may lead to cross-site scripting. CVE-2012-0479 Jeroen van der Gun discovered a spoofing vulnerability in the presentation of Atom and RSS feeds over HTTPS. For the stable distribution (squeeze), this problem has been fixed in version 2.0.11-11 For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2454-2 security@debian.org http://www.debian.org/security/ Raphael Geissert April 24, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl Vulnerability : multiple Problem type : remote Debian-specific: no CVE ID : CVE-2012-2131 Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier. For reference, the original description of CVE-2012-2110 from DSA-2454-1 is quoted below: CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow. For the stable distribution (squeeze), this problem has been fixed in version 0.9.8o-4squeeze12. The testing distribution (wheezy), and the unstable distribution (sid), are not affected by this issue. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2460-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 25, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : asterisk Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-1183 CVE-2012-2414 CVE-2012-2415 Several vulnerabilities were discovered in the Asterisk PBX and telephony toolkit: CVE-2012-1183 Russell Bryant discovered a buffer overflow in the Milliwatt application. CVE-2012-2414 David Woolley discovered a privilege escalation in the Asterisk manager interface. CVE-2012-2415 Russell Bryant discovered a buffer overflow in the Skinny driver. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6.2.9-2+squeeze5. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2459-1 security@debian.org http://www.debian.org/security/ Florian Weimer April 26, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : quagga Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 Several vulnerabilities have been discovered in Quagga, a routing daemon. CVE-2012-0249 A buffer overflow in the ospf_ls_upd_list_lsa function in the OSPFv2 implementation allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. CVE-2012-0250 A buffer overflow in the OSPFv2 implementation allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. CVE-2012-0255 The BGP implementation does not properly use message buffers for OPEN messages, which allows remote attackers impersonating a configured BGP peer to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed AS4 capability. This security update upgrades the quagga package to the most recent upstream release. This release includes other corrections, such as hardening against unknown BGP path attributes. For the stable distribution (squeeze), these problems have been fixed in version 0.99.20.1-0+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.20.1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2461-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 26, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip Vulnerability : several Problem type : remote Debian-specific: no CVE ID : not yet available Several vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site scripting, script code injection and bypass of restrictions. For the stable distribution (squeeze), this problem has been fixed in version 2.1.1-3squeeze3. For the testing distribution (wheezy), this problem has been fixed in version 2.1.13-1. For the unstable distribution (sid), this problem has been fixed in version 2.1.13-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2462-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 29, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 CVE-2012-1610 CVE-2012-1798 Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. For the stable distribution (squeeze), this problem has been fixed in version 6.6.0.4-3+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 8:6.7.4.0-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2463-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 02, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba Vulnerability : missing permission checks Problem type : remote Debian-specific: no CVE ID : CVE-2012-2111 Ivano Cristofolini discovered that insufficient security checks in Samba's handling of LSA RPC calls could lead to privilege escalation by gaining the "take ownership" privilege. For the stable distribution (squeeze), this problem has been fixed in version 3.5.6~dfsg-3squeeze8. For the unstable distribution (sid), this problem has been fixed in version 3.6.5-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 4, 2012 Share Posted May 4, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2464-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 02, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0470 Atte Kettunen discovered that a memory corruption bug in gfxImageSurface may lead to the execution of arbitrary code. CVE-2012-0471 Anne van Kesteren discovered that incorrect multibyte octet decoding may lead to cross-site scripting. CVE-2012-0477 Masato Kinugawa discovered that incorrect encoding of Korean and Chinese character sets may lead to cross-site scripting. CVE-2012-0479 Jeroen van der Gun discovered a spoofing vulnerability in the presentation of Atom and RSS feeds over HTTPS. For the stable distribution (squeeze), this problem has been fixed in version 3.0.11-1+squeeze9. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2462-2 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 3, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 CVE-2012-1610 CVE-2012-1798 The initial update introduced a regression, which could lead to errors when processing some JPEG files. For the stable distribution (squeeze), this problem has been fixed in version 6.6.0.4-3+squeeze3. Link to comment Share on other sites More sharing options...
sunrat Posted May 4, 2012 Share Posted May 4, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2459-2 security@debian.org http://www.debian.org/security/ Florian Weimer May 04, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : quagga Vulnerability : regression Problem type : remote Debian-specific: no The recent quagga update, DSA-2459-1, introduced a memory leak in the bgpd process in some configurations. For the stable distribution (squeeze), this problem has been fixed in version 0.99.20.1-0+squeeze2. Link to comment Share on other sites More sharing options...
sunrat Posted May 9, 2012 Share Posted May 9, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2464-2 security@debian.org http://www.debian.org/security/ Florian Weimer May 08, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove Debian Bug : 671408 671410 The latest security update, DSA-2464-1, for Icedove, Debian's version of the Mozilla Thunderbird mail client, contained a regression: the removal of UTF-7 support resulted in incorrect display of IMAP folder names. For the stable distribution (squeeze), this problem has been fixed in version 3.0.11-1+squeeze10. Link to comment Share on other sites More sharing options...
sunrat Posted May 10, 2012 Share Posted May 10, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2465-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst May 09, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-1172 CVE-2012-1823 CVE-2012-2311 De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code. Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze9. The testing distribution (wheezy) will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 5.4.3-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2466-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst May 09, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rails Vulnerability : cross site scripting Problem type : remote Debian-specific: no CVE ID : CVE-2012-1099 Debian Bug : 668607 Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document. For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze3. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 2.3.14. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2467-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst May 09, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mahara Vulnerability : insecure defaults Problem type : remote Debian-specific: no It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's. For the stable distribution (squeeze), this problem has been fixed in version 1.2.6-2+squeeze4. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 1.4.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2422-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst May 09, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file Vulnerability : regression fix Problem type : remote Debian-specific: no CVE ID : CVE-2012-1571 A regression was discovered in the security update for file, which lead to false positives on the CDF format. This update fixes that regression. For reference the original advisory text follows. The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File (CDF) format, leading to crashes. Note that after this update, file may return different detection results for CDF files (well-formed or not). The new detections are believed to be more accurate. For the stable distribution (squeeze), this problem has been fixed in version 5.04-5+squeeze2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2468-1 security@debian.org http://www.debian.org/security/ Florian Weimer May 09, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libjakarta-poi-java Vulnerability : unbounded memory allocation Problem type : local Debian-specific: no CVE ID : CVE-2012-0213 It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine. For the stable distribution (squeeze), this problem has been fixed in version 3.6+dfsg-1+squeeze1. Link to comment Share on other sites More sharing options...
sunrat Posted May 11, 2012 Share Posted May 11, 2012 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2469-1 security@debian.org http://www.debian.org/security/ Dann Frazier May 10, 2012 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : privilege escalation/denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2011-4086 CVE-2012-0879 CVE-2012-1601 CVE-2012-2123 CVE-2012-2133 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4086 Eric Sandeen reported an issue in the journaling layer for EXT4 filesystems (jbd2). Local users can cause buffers to be accessed after they have been torn down, resulting in a denial of service (DoS) due to a system crash. CVE-2012-0879 Louis Rilling reported two reference counting issues in the CLONE_IO feature of the kernel. Local users can prevent io context structures from being freed, resulting in a denial of service. CVE-2012-1601 Michael Ellerman reported an issue in the KVM subsystem. Local users could cause a denial of service (NULL pointer dereference) by creating VCPUs before a call to KVM_CREATE_IRQCHIP. CVE-2012-2123 Steve Grubb reported in an issue in fcaps, a filesystem-based capabilities system. Personality flags set using this mechanism, such as the disabling of address space randomization, may persist across suid calls. CVE-2012-2133 Shachar Raindel discovered a use-after-free bug in the hugepages quota implementation. Local users with permission to use hugepages via the hugetlbfs implementation may be able to cause a denial of service (system crash). For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-44. Updates are currently only available for the amd64, i386 and sparc ports. NOTE: Updated linux-2.6 packages will also be made available in the release of Debian 6.0.5, scheduled to take place the weekend of 2012.05.12. This pending update will be version 2.6.32-45, and provides an additional fix for build failures on some architectures. Users for whom this update is not critical, and who may wish to avoid multiple reboots, should consider waiting for the 6.0.5 release before updating, or installing the 2.6.32-45 version ahead of time from proposed-updates. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+44 Link to comment Share on other sites More sharing options...
sunrat Posted May 12, 2012 Share Posted May 12, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2670-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez May 11, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3122 CVE-2011-3125 CVE-2011-3126 CVE-2011-3127 CVE-2011-3128 CVE-2011-3129 CVE-2011-3130 CVE-2011-4956 CVE-2011-4957 CVE-2012-2399 CVE-2012-2400 CVE-2012-2401 CVE-2012-2402 CVE-2012-2403 CVE-2012-2404 Debian Bug : 670124 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade. For the stable distribution (squeeze), those problems have been fixed in version 3.3.2+dfsg-1~squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), those problems have been fixed in version 3.3.2+dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 14, 2012 Share Posted May 14, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2471-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg Vulnerability : several Problem type : local(remote) Debian-specific: no CVE ID : CVE-2011-3892 CVE-2011-3893 CVE-2011-3895 CVE-2011-3929 CVE-2011-3936 CVE-2011-3940 CVE-2011-3947 CVE-2012-0853 CVE-2012-0947 Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code. These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael Coldwind, and Michael Niedermayer. For the stable distribution (squeeze), this problem has been fixed in version 4:0.5.8-1. For the unstable distribution (sid), this problem has been fixed in version 6:0.8.2-1 of libav. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2457-2 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel / icedove Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 The updates DSA-2457 and DSA-2458 for Iceweasel and Icedove introduced a regression, which could lead to crashes when interpreting some Javascript statements. For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-15 for Iceweasel and 2.0.11-12 for Icedove. The unstable distribution (sid) is not affected. Link to comment Share on other sites More sharing options...
sunrat Posted May 16, 2012 Share Posted May 16, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2472-1 security@debian.org http://www.debian.org/security/ Florian Weimer May 15, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gridengine Vulnerability : privilege escalation Problem type : remote Debian-specific: no CVE ID : CVE-2012-0208 Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes. For the stable distribution (squeeze), this problem has been fixed in version 6.2u5-1squeeze1. For the unstable distribution (sid), this problem has been fixed in version 6.2u5-6. Link to comment Share on other sites More sharing options...
sunrat Posted May 16, 2012 Share Posted May 16, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2473-1 security@debian.org http://www.debian.org/security/ Florian Weimer May 16, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openoffice.org Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2012-1149 Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution. For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.1-11+squeeze5. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1:3.4.5-1 of the libreoffice package. Link to comment Share on other sites More sharing options...
sunrat Posted May 18, 2012 Share Posted May 18, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2474-1 security@debian.org http://www.debian.org/security/ Raphael Geissert May 16, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ikiwiki Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE ID : CVE-2012-0220 Raúl Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks. For the stable distribution (squeeze), this problem has been fixed in version 3.20100815.9. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 3.20120516. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2475-1 security@debian.org http://www.debian.org/security/ Raphael Geissert May 17, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl Vulnerability : integer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-2333 It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.) For the stable distribution (squeeze), this problem has been fixed in version 0.9.8o-4squeeze13. For the testing distribution (wheezy), and the unstable distribution (sid), this problem has been fixed in version 1.0.1c-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 19, 2012 Share Posted May 19, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2476-1 security@debian.org http://www.debian.org/security/ Jonathan Wiltshire May 19, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pidgin-otr Vulnerability : format string vulnerability Problem type : remote Debian-specific: no CVE ID : CVE-2012-2369 Debian Bug : 673154 intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin. This could be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine. The problem is only in pidgin-otr. Other applications which use libotr are not affected. For the stable distribution (squeeze), this problem has been fixed in version 3.2.0-5+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 3.2.1-1. For the unstable distribution (sid), this problem has been fixed in version 3.2.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 21, 2012 Share Posted May 21, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2477-1 security@debian.org http://www.debian.org/security/ Florian Weimer May 20, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sympa Vulnerability : authorization bypass Problem type : remote Debian-specific: no CVE ID : CVE-2012-2352 Debian Bug : Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users. For the stable distribution (squeeze), this problem has been fixed in version 6.0.1+dfsg-4+squeeze1. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 6.1.11~dfsg-2. Link to comment Share on other sites More sharing options...
sunrat Posted May 24, 2012 Share Posted May 24, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2478-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sudo Vulnerability : parsing error Problem type : remote Debian-specific: no CVE ID : CVE-2012-2337 It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command. For the stable distribution (squeeze), this problem has been fixed in version 1.7.4p4-2.squeeze.3. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2479-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 Vulnerability : off-by-one Problem type : remote Debian-specific: no CVE ID : CVE-2011-3102 Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze4. For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-9.1. Link to comment Share on other sites More sharing options...
sunrat Posted May 25, 2012 Share Posted May 25, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2480-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : request-tracker3.8 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2082 CVE-2011-2083 CVE-2011-2084 CVE-2011-2085 CVE-2011-4458 CVE-2011-4459 CVE-2011-4460 Several vulnerabilities were discovered in Request Tracker, an issue tracking system: CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users. CVE-2011-2083 Several cross-site scripting issues have been discovered. CVE-2011-2084 Password hashes could be disclosed by privileged users. CVE-2011-2085 Several cross-site request forgery vulnerabilities have been found. If this update breaks your setup, you can restore the old behaviour by setting $RestrictReferrer to 0. CVE-2011-4458 The code to support variable envelope return paths allowed the execution of arbitrary code. CVE-2011-4459 Disabled groups were not fully accounted as disabled. CVE-2011-4460 SQL injection vulnerability, only exploitable by privileged users. For the stable distribution (squeeze), this problem has been fixed in version 3.8.8-7+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 4.0.5-3. Link to comment Share on other sites More sharing options...
sunrat Posted May 30, 2012 Share Posted May 30, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2480-2 security@debian.org http://www.debian.org/security/ Florian Weimer May 29, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : request-tracker3.8 Vulnerability : regression Problem type : remote Debian-specific: no It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl. Please note that if you run request-tracker3.8 under the Apache web server, you must stop and start Apache manually. The "restart" mechanism is not recommended, especially when using mod_perl. For the stable distribution (squeeze), this problem has been fixed in version 3.8.8-7+squeeze3. Link to comment Share on other sites More sharing options...
sunrat Posted June 1, 2012 Share Posted June 1, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2483-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez May 31, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : strongswan Vulnerability : authentication bypass Problem type : remote Debian-specific: no CVE ID : CVE-2012-2388 An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder. The default configuration in Debian does not use the gmp plugin for RSA operations but rather the OpenSSL plugin, so the packages as shipped by Debian are not vulnerable. For the stable distribution (squeeze), this problem has been fixed in version 4.4.1-5.2. For the testing distribution (wheezy), this problem has been fixed in version 4.5.2-1.4. For the unstable distribution (sid), this problem has been fixed in version 4.5.2-1.4. Link to comment Share on other sites More sharing options...
Recommended Posts