debian NEW UPDATES Debian

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2010 security@debian.orghttp://www.debian.org/security/ Dann FrazierMarch 10, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : kvmVulnerability : privilege escalation/denial of serviceProblem type : localDebian-specific: noCVE Id(s) : CVE-2010-0298 CVE-2010-0306 CVE-2010-0309 CVE-2010-0419Several local vulnerabilities have been discovered in kvm, a fullvirtualization system. The Common Vulnerabilities and Exposures projectidentifies the following problems:CVE-2010-0298 & CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to denial of service a guest (system crash) or gain escalated privileges with the guest.CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service (crash) of the host system.CVE-2010-0419 Paolo Bonzini found a bug in KVM that can be used to bypass proper permission checking while loading segment selectors. This potentially allows privileged guest users to execute privileged instructions on the host system.=====- --------------------------------------------------------------------------Debian Security Advisory DSA-2011-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeMarch 10th, 2010 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : dpkgVulnerability : path traversalProblem type : localDebian-specific: yesDebian bug : noneCVE ID : CVE-2010-0396William Grant discovered that the dpkg-source component of dpkg, thelow-level infrastructure for handling the installation and removal ofDebian software packages, is vulnerable to path traversal attacks.A specially crafted Debian source package can lead to file modificationoutside of the destination directory when extracting the package content.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ----------------------------------------------------------------------Debian Security Advisory DSA-2012-1 security@debian.orghttp://www.debian.org/security/ dann frazierMarch 11, 2010 http://www.debian.org/security/faq- ----------------------------------------------------------------------Package : linux-2.6Vulnerability : privilege escalation/denial of serviceProblem type : localDebian-specific: noCVE Id(s) : CVE-2009-3725 CVE-2010-0622Debian Bug(s) : 568561 570554 Two vulnerabilities have been discovered in the Linux kernel thatmay lead to a denial of service or privilege escalation. The CommonVulnerabilities and Exposures project identifies the following problems:CVE-2009-3725 Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets. This allows local users to manipulate settings for uvesafb devices which are normally reserved for privileged users.CVE-2010-0622 Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops).This update also includes fixes for regressions introduced by previousupdates. See the referenced Debian bug pages for details.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-2013-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMarch 11, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : egroupwareVulnerability : severalProblem type : remoteDebian-specific: noCVE Id(s) : not yet availableDebian Bug : 573279Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-basedgroupware suite: Missing input sanitising in the spellchecker integrationmay lead to the execution of arbitrary commands and a cross-site scriptingvulnerability was discovered in the login page.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2016-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMarch 13, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : drupal6Vulnerability : severalProblem type : remoteDebian-specific: noCVE Id(s) : not yet availableDebian Bug : 572439Several vulnerabilities (SA-CORE-2010-001) have been discovered indrupal6, a fully-featured content management framework.Installation cross site scriptingA user-supplied value is directly output during installation allowing amalicious user to craft a URL and perform a cross-site scripting attack.The exploit can only be conducted on sites not yet installed.Open redirectionThe API function drupal_goto() is susceptible to a phishing attack.An attacker could formulate a redirect in a way that gets the Drupal siteto send the user to an arbitrarily provided URL.No user submitted data will be sent to that URL.Locale module cross site scriptingLocale module and dependent contributed modules do not sanitize the displayof language codes, native and English language names properly.While these usually come from a preselected list, arbitrary administratorinput is allowed.This vulnerability is mitigated by the fact that the attacker must have arole with the 'administer languages' permission.Blocked user session regenerationUnder certain circumstances, a user with an open session that is blockedcan maintain his/her session on the Drupal site, despite being blocked.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2017-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMarch 15, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : pulseaudioVulnerability : insecure temporary directoryProblem type : localDebian-specific: noCVE Id : CVE-2009-1299Debian Bug : 573615Dan Rosenberg discovered that the PulseAudio sound server creates atemporary directory with a predictable name. This allows a local attackerto create a Denial of Service condition or possibly disclose sensitiveinformation to unprivileged users.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2015 security@debian.orghttp://www.debian.org/security/ Dann FrazierMarch 15, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : drbd8Vulnerability : privilege escalationProblem type : localDebian-specific: noCVE Id(s) : not yet availableDebian Bug : 573531A local vulnerability has been discovered in drbd8.Philipp Reisner fixed an issue in the drbd kernel module that allowslocal users to send netlink packets to perform actions that should berestricted to users with CAP_SYS_ADMIN privileges. This is a similarissue to those described by CVE-2009-3725.This update also fixes an ABI compatibility issue which was introducedby linux-2.6 (2.6.26-21lenny3). The prebuilt drbd module packages listedin this advisory require a linux-image package version 2.6.26-21lenny3or greater.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2018-1 security@debian.orghttp://www.debian.org/security/ Raphael GeissertMarch 18, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : php5Vulnerability : DoS (crash)Problem type : remoteDebian-specific: noCVE Id(s) : CVE-2010-0397Debian Bug : 573573Auke van Slooten discovered that PHP 5, an hypertext preprocessor,crashes (because of a NULL pointer dereference) when processing invalidXML-RPC requests.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2019-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMarch 20, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : pango1.0Vulnerability : missing input sanitizationProblem type : localDebian-specific: noCVE Id : CVE-2010-0421Debian Bug : 574021Marc Schoenefeld discovered an improper input sanitization in Pango, a libraryfor layout and rendering of text, leading to array indexing error.If a local user was tricked into loading a specially-crafted font file in anapplication, using the Pango font rendering library, it could lead to denialof service (application crash).=====- --------------------------------------------------------------------------Debian Security Advisory DSA-2020-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeMarch 20th, 2010 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : ikiwikiVulnerability : insufficient input sanitizationProblem type : local/remoteDebian-specific: noDebian bug : noneCVE ID : none assigned yetIvan Shmakov discovered that the htmlscrubber component of ikwiki, a wikicompiler, performs insufficient input sanitization on data:image/svg+xmlURIs. As these can contain script code this can be used by an attackerto conduct cross-site scripting attacks.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2021-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMarch 22, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : spamass-milterVulnerability : missing input sanitizationProblem-Type : remoteDebian-specific: noCVE Id(s) : none assigned yetDebian Bug : 573228It was discovered a missing input sanitization in spamass-milter, a milterused to filter mail through spamassassin.This allows a remote attacker to inject and execute arbitrary shell commands.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- --------------------------------------------------------------------------Debian Security Advisory DSA-2022-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeMarch 23th, 2010 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : mediawikiVulnerability : severalProblem type : remoteDebian-specific: noDebian bug : noneCVE ID : none assigned yetSeveral vulnerabilities have been discovered in mediawiki, a web-based wikiengine. The following issues have been identified:Insufficient input sanitization in the CSS validation code allows editorsto display external images in wiki pages. This can be a privacy concernon public wikis as it allows attackers to gather IP addresses and otherinformation by linking these images to a web server under their control.Insufficient permission checks have been found in thump.php which can leadto disclosure of image files that are restricted to certain users(e.g. with img_auth.php).~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2023-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisMarch 28, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : curlVulnerability : buffer overflowProblem type : local (remote)Debian-specific: noCVE Id : CVE-2010-0734Wesley Miaw discovered that libcurl, a multi-protocol file transferlibrary, is prone to a buffer overflow via the callback function whenan application relies on libcurl to automatically uncompress data. Notethat this only affects applications that trust libcurl's maximum limitfor a fixed buffer size and do not perform any sanity checks themselves.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2024-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMarch 31, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : moinVulnerability : insufficient input sanitisingProblem type : remoteDebian-specific: noCVE Id : CVE-2010-0828Debian Bugs : 575995Jamie Strandboge discovered that moin, a python clone of WikiWiki, doesnot sufficiently sanitize the page name in "Despam" action, allowing remoteattackers to perform cross-site scripting (XSS) attacks.In addition, this update fixes a minor issue in the "textcha" protection, itcould be trivially bypassed by blanking the "textcha-question" and "textcha-answer"form fields.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-2025-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisMarch 31, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : icedove Vulnerability : several vulnerabilities Problem type : remote Debian-specific: no CVE IDs : CVE-2009-2408 CVE-2009-2404 CVE-2009-2463 CVE-2009-3072 CVE-2009-3075 CVE-2010-0163Several remote vulnerabilities have been discovered in the Icedovemail client, an unbranded version of the Thunderbird mail client. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:CVE-2009-2408Dan Kaminsky and Moxie Marlinspike discovered that icedove does notproperly handle a '\0' character in a domain name in the subject'sCommon Name (CN) field of an X.509 certificate (MFSA 2009-42).CVE-2009-2404Moxie Marlinspike reported a heap overflow vulnerability in the codethat handles regular expressions in certificate names (MFSA 2009-43).CVE-2009-2463monarch2020 discovered an integer overflow n a base64 decoding function(MFSA 2010-07).CVE-2009-3072Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).CVE-2009-3075Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).CVE-2010-0163Ludovic Hirlimann reported a crash indexing some messages withattachments, which could lead to the execution of arbitrary code(MFSA 2010-07).~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2026-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoApril 02, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : netpbm-freeVulnerability : stack-based buffer overflowProblem type : local (remote)Debian-specific: noCVE Id : CVE-2009-4274Debian Bug : 569060Marc Schoenefeld discovered a stack-based buffer overflow in the XPM readerimplementation in netpbm-free, a suite of image manipulation utilities.An attacker could cause a denial of service (application crash) or possiblyexecute arbitrary code via an XPM image file that contains a crafted headerfield associated with a large color index value.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2027-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffApril 03, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : xulrunnerVulnerability : severalProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel webbrowser. The Common Vulnerabilities and Exposures project identifies the following problems:CVE-2010-0174 Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code.CVE-2010-0175 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code.CVE-2010-0176 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code.CVE-2010-0177 It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code.CVE-2010-0178 Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation.CVE-2010-0179 It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- --------------------------------------------------------------------------Debian Security Advisory DSA-2028-1 security@debian.orghttp://www.debian.org/security/ Luciano BelloApril 5th, 2010 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : xpdfVulnerability : multipleProblem type : local (remote)Debian-specific: noDebian bug : 551287CVE ID : CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609Several vulnerabilities have been identified in xpdf, a suite of tools forviewing and converting Portable Document Format (PDF) files.The Common Vulnerabilities and Exposures project identifies the followingproblems:CVE-2009-1188 and CVE-2009-3603 Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document.CVE-2009-3604 NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.CVE-2009-3606 Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document.CVE-2009-3608 Integer overflow in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document.CVE-2009-3609 Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- --------------------------------------------------------------------------Debian Security Advisory DSA-2029-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeApril 5th, 2010 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : imlib2Vulnerability : severalProblem type : localDebian-specific: noDebian bug : 576469CVE ID : CVE-2008-6079It was discovered that imlib2, a library to load and process several imageformats, did not properly process various image file types.Several heap and stack based buffer overflows - partly due to integeroverflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders canlead to the execution of arbitrary code via crafted image files.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- --------------------------------------------------------------------------Debian Security Advisory DSA-2030-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeApril 6th, 2010 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : maharaVulnerability : sql injectionProblem type : remoteDebian-specific: noDebian bug : noneCVE ID : CVE-2010-0400It was discovered that mahara, an electronic portfolio, weblog, and resumebuilder is not properly escaping input when generating a unique usernamebased on a remote user name from a single sign-on application. An attackercan use this to compromise the mahara database via crafted user names.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2031-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoApril 11, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : krb5Vulnerability : use-after-freeProblem type : remoteDebian-specific: noCVE ID : CVE-2010-0629Debian Bug : 567052Sol Jerome discovered that kadmind service in krb5, a system for authenticatingusers and services on a network, allows remote authenticated users to cause adenial of service (daemon crash) via a request from a kadmin client that sendsan invalid API version number.=====Debian Security Advisory DSA-2032-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoApril 11, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : libpngVulnerability : severalProblem type : local (remote)Debian-specific: noCVE Id(s) : CVE-2009-2042 CVE-2010-0205Debian Bugs : 533676 572308Several vulnerabilities have been discovered in libpng, a library forreading and writing PNG files. The Common Vulnerabilities andExposures project identifies the following problems:CVE-2009-2042libpng does not properly parse 1-bit interlaced images with width valuesthat are not divisible by 8, which causes libpng to includeuninitialized bits in certain rows of a PNG file and might allow remoteattackers to read portions of sensitive memory via "out-of-boundspixels" in the file.CVE-2010-0205libpng does not properly handle compressed ancillary-chunk data that hasa disproportionately large uncompressed representation, which allowsremote attackers to cause a denial of service (memory and CPUconsumption, and application hang) via a crafted PNG file~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2033-1 security@debian.orghttp://www.debian.org/security/ Sébastien DelafondApril 15th, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : ejabberdVulnerability : heap overflowProblem type : remoteDebian-specific: noCVE Id : CVE-2010-0305Debian Bug : 568383It was discovered that in ejabberd, a distributed XMPP/Jabber serverwritten in Erlang, a problem in ejabberd_c2s.erl allows remoteauthenticated users to cause a denial of service by sending a largenumber of c2s (client2server) messages; that triggers an overload of thequeue, which in turn causes a crash of the ejabberd daemon.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2034-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstApril 17, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : phpmyadminVulnerability : severalProblem type : local/remoteDebian-specific: noCVE Id(s) : CVE-2008-7251 CVE-2008-7252 CVE-2009-4605Several vulnerabilities have been discovered in phpMyAdmin, a toolto administer MySQL over the web. The Common Vulnerabilities and Exposuresproject identifies the following problems:CVE-2008-7251 phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, with insecure filesystem permissions.CVE-2008-7252 phpMyAdmin uses predictable filenames for temporary files, which may lead to a local denial of service attack or privilege escalation.CVE-2009-4605 The setup.php script shipped with phpMyAdmin may unserialize untrusted data, allowing for cross site request forgery.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2035-1 security@debian.orghttp://www.debian.org/security/ Stefan FritschApril 17, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : apache2Vulnerability : multiple issuesProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2010-0408 CVE-2010-0434Two issues have been found in the Apache HTTPD web server:CVE-2010-0408mod_proxy_ajp would return the wrong status code if it encountered anerror, causing a backend server to be put into an error state until theretry timeout expired. A remote attacker could send malicious requeststo trigger this issue, resulting in denial of service.CVE-2010-0434A flaw in the core subrequest process code was found, which could leadto a daemon crash (segfault) or disclosure of sensitive informationif the headers of a subrequest were modified by modules such asmod_headers.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2036-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstApril 17, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : jasperVulnerability : programming errorProblem type : local (remote)Debian-specific: noCVE Id(s) : CVE-2007-2721Debian Bug : 528543It was discovered that the JasPer JPEG-2000 runtime library allowed anattacker to create a crafted input file that could lead to denial ofservice and heap corruption.Besides addressing this vulnerability, this updates also addresses aregression introduced in the security fix for CVE-2008-3521, appliedbefore Debian Lenny's release, that could cause errors when reading someJPEG input files.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-2037-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstApril 17, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : kdm (kdebase)Vulnerability : race conditionProblem type : localDebian-specific: noCVE Id(s) : CVE-2010-0436Sebastian Krahmer discovered that a race condition in the KDE DesktopEnvironment's KDM display manager, allow a local user to elevate privilegesto root.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2038-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstApril 18, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : pidginVulnerability : severalProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2010-0420 CVE-2010-0423Debian Bug : 566775Several remote vulnerabilities have been discovered in Pidgin, a multiprotocol instant messaging client. The Common Vulnerabilities andExposures project identifies the following problems:CVE-2010-0420 Crafted nicknames in the XMPP protocol can crash Pidgin remotely.CVE-2010-0423 Remote contacts may send too many custom smilies, crashing Pidgin.Since a few months, Microsoft's servers for MSN have changed the protocol,making Pidgin non-functional for use with MSN. It is not feasible to portthese changes to the version of Pidgin in Debian Lenny. This updateformalises that situation by disabling the protocol in the client. Usersof the MSN protocol are advised to use the version of Pidgin in therepositories of www.backports.org.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2039-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstApril 23, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : cactiVulnerability : missing input sanitisingProblem type : remoteDebian-specific: noDebian Bug : 578909It was discovered that Cacti, a frontend to rrdtool for monitoringsystems and services missed input sanitising, making an SQL injectionattack possible.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2021-2 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoApril 26, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : spamass-milterVulnerability : missing input sanitizationProblem-Type : remoteDebian-specific: noCVE Id : CVE-2010-1132Debian Bug : 573228 575019The latest DSA for spamass-milter introduced a regression: when runningspamass-milter with -x, a zombie process is left around for every mailreceived. This update corrects this problem. For reference, the original advisory text is provided below.It was discovered a missing input sanitization in spamass-milter, a milterused to filter mail through spamassassin.This allows a remote attacker to inject and execute arbitrary shell commands.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2040-1 security@debian.orghttp://www.debian.org/security/ Sébastien DelafondMay 02, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : squidguardVulnerability : buffer overflowProblem type : remoteDebian-specific: noCVE Ids : CVE-2009-3700, CVE-2009-3826Debian Bug : 553319It was discovered that in squidguard, a URL redirector/filter/ACL pluginfor squid, several problems in src/sgLog.c and src/sgDiv.c allow remoteusers to either: * cause a denial of service, by requesting long URLs containing many slashes; this forces the daemon into emergency mode, where it does not process requests anymore. * bypass rules by requesting URLs whose length is close to predefined buffer limits, in this case 2048 for squidguard and 4096 or 8192 for squid (depending on its version).~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2041-1 security@debian.orghttp://www.debian.org/security/ Raphael GeissertMay 03, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : mediawikiVulnerability : CSRFProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2010-1150It was discovered that mediawiki, a website engine for collaborativework, is vulnerable to a Cross-Site Request Forgery login attack, whichcould be used to conduct phishing or similar attacks to users viaaffected mediawiki installations.Note that the fix used breaks the login API and may require clients using it to be updated.~Eric

[V.T. Eric Layton]

Updates Debian Lenny ---------------------------------------------------------------------------Debian Security Advisory DSA-2042-1 security@debian.orghttp://www.debian.org/security/ Luciano BelloMay 5th, 2010 http://www.debian.org/security/faq- ---------------------------------------------------------------------------Package : iscsitargetVulnerability : format stringProblem type : remoteDebian-specific: noDebian bug : 574935CVE ID : CVE-2010-0743Florent Daigniere discovered multiple format string vulnerabilities in LinuxSCSI target framework (which is known as iscsitarget under Debian) allow remoteattackers to cause a denial of service in the ietd daemon. The flaw could betrigger by sending a carefully-crafted Internet Storage Name Service (iSNS)request.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2045-1 security@debian.orghttp://www.debian.org/security/ Sébastien DelafondMay 11, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : libtheoraVulnerability : integer overflowProblem type : remote (local)Debian-specific: noCVE Id : CVE-2009-3389Debian Bug : 572950Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, avideo library part of the Ogg project, several flaws allow allow context-dependent attackers via a large and specially crafted mediafile, to cause a denial of service (crash of the player using thislibrary), and possibly arbitrary code execution.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-2044-1 security@debian.orghttp://www.debian.org/security/ Devin CarrawayMay 11, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : mplayerVulnerability : integer overflowProblem type : local (remote)Debian-specific: notixxDZ (DZCORE labs) discovered a vulnerability in the mplayer movieplayer. Missing data validation in mplayer's real data transport (RDT)implementation enable an integer underflow and consequently an unboundedbuffer operation. A maliciously crafted stream could thus enable anattacker to execute arbitrary code.No Common Vulnerabilities and Exposures project identifier is available forthis issue.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-2043-1 security@debian.orghttp://www.debian.org/security/ Devin CarrawayMay 11, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : vlcVulnerability : integer overflowProblem type : local (remote)Debian-specific: notixxDZ (DZCORE labs) discovered a vulnerability in vlc, the multimediaplayer and streamer. Missing data validation in vlc's real data transport(RDT) implementation enable an integer underflow and consequently anunbounded buffer operation. A maliciously crafted stream could thus enablean attacker to execute arbitrary code.No Common Vulnerabilities and Exposures project identifier is available forthis issue.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2046-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMay 13, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : phpgroupwareVulnerability : severalProblem-Type : remoteDebian-specific: noCVE ID : CVE-2010-0403 CVE-2010-0404Several remote vulnerabilities have been discovered in phpgroupware, aWeb based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems:CVE-2010-0403A local file inclusion vulnerability allows remote attackers to executearbitrary PHP code and include arbitrary local files.CVE-2010-0404 Multiple SQL injection vulnerabilities allows remote attackers to executearbitrary SQL commands.~Eric

[V.T. Eric Layton]

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2047-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstMay 17, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : aria2Vulnerability : insufficient input sanitisingProblem type : local (remote)Debian-specific: noCVE Id : CVE-2010-1512A vulnerability was discovered in aria2, a download client. The "name"attribute of the "file" element of metalink files is not properlysanitised before using it to download files. If a user is tricked intodownloading from a specially crafted metalink file, this can beexploited to download files to directories outside of the intendeddownload directory.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-2038-2 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstMay 17, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : pidginVulnerability : severalProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2010-0420 CVE-2010-0423Debian Bug : 566775 579601The packages for Pidgin released as DSA 2038-1 had a regression, as theyunintentionally disabled the Zephyr instant messaging protocol. Thisupdate restores Zephyr functionality. For reference the originaladvisory text below.Several remote vulnerabilities have been discovered in Pidgin, a multiprotocol instant messaging client. The Common Vulnerabilities andExposures project identifies the following problems:CVE-2010-0420 Crafted nicknames in the XMPP protocol can crash Pidgin remotely.CVE-2010-0423 Remote contacts may send too many custom smilies, crashing Pidgin.Since a few months, Microsoft's servers for MSN have changed the protocol,making Pidgin non-functional for use with MSN. It is not feasible to portthese changes to the version of Pidgin in Debian Lenny. This updateformalises that situation by disabling the protocol in the client. Usersof the MSN protocol are advised to use the version of Pidgin in therepositories of www.backports.org.~Eric