Jump to content

Bruno

Recommended Posts

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2192-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMarch 15, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromium-browserVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0779 CVE-2011-1290Several vulnerabilities were discovered in the Chromium browser.The Common Vulnerabilities and Exposures project identifies thefollowing problems:CVE-2011-0779 Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.CVE-2011-1290 Integer overflow in WebKit allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2193-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstMarch 16, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libcgroupVulnerability : severalProblem type : localDebian-specific: noCVE ID : CVE-2011-1006 CVE-2011-1022Debian Bug : 615987Several issues have been discovered in libcgroup, a library to controland monitor control groups:CVE-2011-1006 Heap-based buffer overflow by converting list of controllers for given task into an array of strings could lead to privilege escalation by a local attacker.CVE-2011-1022 libcgroup did not properly check the origin of Netlink messages, allowing a local attacker to send crafted Netlink messages which could lead to privilege escalation.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2194-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstMarch 18, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libvirtVulnerability : insufficient checksProblem type : localDebian-specific: noCVE ID : CVE-2011-1146Debian Bug : 617773It was discovered that libvirt, a library for interfacing with differentvirtualization systems, did not properly check for read-only connections.This allowed a local attacker to perform a denial of service (crash) orpossibly escalate privileges.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2186-2 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMarch 18, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------The security update DSA-2186 issued for Iceweasel caused a regression in Vimperator, an Iceweasel extension to make it have vim look and feel.vimperator in stable has been updated to 2.3.1-0+squeeze1 to restore compatibility.We recommend that you upgrade your vimperator packages.

Link to comment
Share on other sites

V.T. Eric Layton

------------------------------------------------------------------------The Debian Project http://www.debian.org/Updated Debian 6.0: 6.0.1 released press@debian.orgMarch 18th, 2011 http://www.debian.org/News/2011/20110319------------------------------------------------------------------------Updated Debian 6.0: 6.0.1 releasedThe Debian project is pleased to announce the first update of itsstable distribution Debian 6.0 (codename "Squeeze"). This updatemainly adds corrections for security problems to the stable release,along with a few adjustment to serious problems.Please note that this update does not constitute a new version ofDebian 6.0 but only updates some of the packages included. There is noneed to throw away 6.0 CDs or DVDs but only to update via an up-to-dateDebian mirror after an installation, to cause any out of date packagesto be updated.Those who frequently install updates from security.debian.org won'thave to update many packages and most updates from security.debian.orgare included in this update.New CD and DVD images containing updated packages and the regularinstallation media accompanied with the package archive respectivelywill be available soon at the regular locations.Upgrading to this revision online is usually done by pointing theaptitude (or apt) package tool (see the sources.list(5) manual page) toone of Debian's many FTP or HTTP mirrors. A comprehensive list ofmirrors is available at: http://www.debian.org/mirror/list

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2195-1 security@debian.orghttp://www.debian.org/security/ Raphael GeissertMarch 19, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : php5Vulnerability : severalProblem type : local/remoteDebian-specific: yes/noCVE ID : CVE-2011-0441 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870 CVE-2010-4150Stephane Chazelas discovered that the cronjob of the PHP 5 package inDebian suffers from a race condition which might be used to removearbitrary files from a system (CVE-2011-0441).When upgrading your php5-common package take special care to _accept_the changes to the /etc/cron.d/php5 file. Ignoring them would leave thesystem vulnerable.=====- -------------------------------------------------------------------------Debian Security Advisory DSA-2196-1 security@debian.orghttp://www.debian.org/security/ Raphael GeissertMarch 19, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : maradnsVulnerability : buffer overflowProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0520Debian Bug : 610834Witold Baryluk discovered that MaraDNS, a simple security-focusedDomain Name Service server, may overflow an internal buffer whenhandling requests with a large number of labels, causing a servercrash and the consequent denial of service.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2197-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerMarch 21, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : quaggaVulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2010-1674 CVE-2010-1675It has been discovered that the Quagga routing daemon contains twodenial-of-service vulnerabilities in its BGP implementation:CVE-2010-1674 A crafted Extended Communities attribute triggers a null pointer dereference which causes the BGP daemon to crash. The crafted attributes are not propagated by the Internet core, so only explicitly configured direct peers are able to exploit this vulnerability in typical configurations.CVE-2010-1675 The BGP daemon resets BGP sessions when it encounters malformed AS_PATHLIMIT attributes, introducing a distributed BGP session reset vulnerability which disrupts packet forwarding. Such malformed attributes are propagated by the Internet core, and exploitation of this vulnerability is not restricted to directly configured BGP peers.This security update removes AS_PATHLIMIT processing from the BGPimplementation, preserving the configuration statements for backwardscompatibility. (Standardization of this BGP extension was abandonedlong ago.)

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2198-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeMarch 22, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : tex-commonVulnerability : insufficient input sanitizationProblem type : localDebian-specific: noCVE ID : CVE-2011-1400Mathias Svensson discovered that tex-common, a package shipping a numberof scripts and configuration files necessary for TeX, contains insecuresettings for the "shell_escape_commands" directive. Depending on thescenario, this may result in arbitrary code execution when a victim istricked into processing a malicious tex-file or this is done in anautomated fashion.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2200-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMarch 23, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceweaselVulnerability : none in iceweaselProblem type : none in iceweaselDebian-specific: noCVE ID : not availableThis update for Iceweasel, a web browser based on Firefox, updates thecertificate blacklist for several fraudulent HTTPS certificates. More details can be found in a blog posting by Jacob Appelbaum of the Torproject:https://blog.torproject.org/category/tags/s...ates-torbrowser

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2202-1 security@debian.orghttp://www.debian.org/security/ Stefan FritschMarch 23, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : apache2Vulnerability : failure to drop root privilegesProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1176 Debian Bug : 618857MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD thatis included in Debian's apache2 package.A configuration parsing flaw has been found in MPM_ITK. If theconfiguration directive NiceValue was set, but no AssignUserID directivewas specified, the requests would be processed as user and group rootinstead of the default Apache user and group.This issue does not affect the standard Apache HTTPD MPMs prefork,worker, and event.=====- -------------------------------------------------------------------------Debian Security Advisory DSA-2201-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMarch 23, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : wiresharkVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0538 CVE-2011-0713 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141Huzaifa Sidhpurwala, Joernchen, and Xiaopeng Zhang discovered severalvulnerabilities in the Wireshark network traffic analyzer. Vulnerabilities in the DCT3, LDAP and SMB dissectors and in the code toparse pcag-ng files could lead to denial of service or the execution ofarbitrary code.=====- -------------------------------------------------------------------------Debian Security Advisory DSA-2199-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMarch 23, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceapeVulnerability : none in iceapeProblem type : none in iceapeDebian-specific: noCVE ID : not availableThis update for the Iceape internet suite, an unbranded version ofSeamonkey, updates the certificate blacklist for several fraudulentHTTPS certificates. More details can be found in a blog posting by Jacob Appelbaum of the Tor project:https://blog.torproject.org/category/tags/s...ates-torbrowser

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2203-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMarch 26, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : nssVulnerability : none in nssProblem type : none in nssDebian-specific: noCVE ID : not availableThis update for the Network Security Service libraries marks severalfraudulent HTTPS certificates as unstrusted.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2204-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisMarch 27, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : imp4Vulnerability : Insufficient input sanitisingProblem type : remoteDebian-specific: noCVE ID : CVE-2010-3695 Debian Bug : 598584Moritz Naumann discovered that imp4, a webmail component for the hordeframework, is prone to cross-site scripting attacks by a lack of inputsanitising of certain fetchmail information.

Link to comment
Share on other sites

V.T. Eric Layton

- --------------------------------------------------------------------------Debian Security Advisory DSA 2206-1 security@debian.orghttp://www.debian.org/security/ Martin SchulzeMarch 29th, 2011 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : maharaVulnerability : severalCVE IDs : CVE-2011-0439 CVE-2011-0440Debian-specific: noTwo security vulnerabilities have been discovered in Mahara, a fullyfeatured electronic portfolio, weblog, resume builder and socialnetworking system:CVE-2011-0439 A security review commissioned by a Mahara user discovered that Mahara processes unsanitized input which can lead to cross-site scripting (XSS).CVE-2011-0440 Mahara Developers discovered that Mahara doesn't check the session key under certain circumstances which can be exploited as cross-site request forgery (CSRF) and can lead to the deletion of blogs.======- -------------------------------------------------------------------------Debian Security Advisory DSA-2207-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMarch 30, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : tomcat5.5Vulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal. Further details on theindividual security issues can be found at http://tomcat.apache.org/security-5.html.For the oldstable distribution (lenny), this problem has been fixed inversion 5.5.26-5lenny2.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2208-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerMarch 30, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : bind9Vulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0414It was discovered that BIND, a DNS server, contains a race conditionwhen processing zones updates in an authoritative server, eitherthrough dynamic DNS updates or incremental zone transfer (IXFR). Suchan update while processing a query could result in deadlock and denialof service. (CVE-2011-0414)In addition, this security update addresses a defect related to theprocessing of new DNSSEC DS records by the caching resolver, which maylead to name resolution failures in the delegated zone. If DNSSECvalidation is enabled, this issue can make domains ending in .COMunavailable when the DS record for .COM is added to the DNS root zoneon March 31st, 2011. An unpatched server which is affected by thisissue can be restarted, thus re-enabling resolution of .COM domains.This workaround applies to the version in oldstable, too.Configurations not using DNSSEC validations are not affected by thissecond issue.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2208-2 security@debian.orghttp://www.debian.org/security/ Florian WeimerMarch 30, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : bind9Vulnerability : denial of serviceProblem type : remoteDebian-specific: noThe BIND, a DNS server, contains a defect related to the processing ofnew DNSSEC DS records by the caching resolver, which may lead to nameresolution failures in the delegated zone. If DNSSEC validation isenabled, this issue can make domains ending in .COM unavailable whenthe DS record for .COM is added to the DNS root zone on March 31st,2011. An unpatched server which is affected by this issue can berestarted, thus re-enabling resolution of .COM domains. Configurations not using DNSSEC validations are not affected by thisusse.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2209-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffApril 02, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : tgtVulnerability : double freeProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0001Emmanuel Bouillon discovered a double free in tgt, the Linux SCSI target user-space tools, which could lead to denial of service.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2210-1 security@debian.orghttp://www.debian.org/security/ Thijs Kinkhorst April 03, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : tiffVulnerability : severalProblem type : local (remote)Debian-specific: noCVE ID : CVE-2011-0191 CVE-2011-0192 CVE-2011-1167Debian Bug : 619614Several vulnearbilities were discovered in the TIFF manipulation andconversion library:CVE-2011-0191 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. This issue affects the Debian 5.0 Lenny package only.CVE-2011-0192 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding.CVE-2011-1167 Heap-based buffer overflow in the thunder (aka ThunderScan) decoder allows to execute arbitrary code via a TIFF file that has an unexpected BitsPerSample value.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2211-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffApril 06, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : vlcVulnerability : missing input sanitisingProblem type : remoteDebian-specific: noCVE ID : CVE-2010-3275 CVE-2010-3276Ricardo Narvaja discovered that missing input sanitising in VLC, a multimedia player and streamer, could lead to the execution of arbitrary code if a user is tricked into opening a malformed media file.This update also provides updated packages for oldstable (lenny) for vulnerabilities, which have already been addressed in Debian stable(squeeze), either during the freeze or in DSA-2159.(CVE-2010-0522, CVE-2010-1441, CVE-2010-1442, CVE-2011-0531)

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2213-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeApril 8, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : x11-xserver-utilsVulnerability : missing input sanitizationProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0465Debian bug : 621423Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils,a X server resource database utility, is not properly filtering craftedhostnames. This allows a remote attacker to execute arbitrary code withroot privileges given that either remote logins via xdmcp are allowed orthe attacker is able to place a rogue DHCP server into the victims network.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2216-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeApril 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : isc-dhcpVulnerability : missing input sanitizationProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0997Debian bug : 621099Sebastian Krahmer and Marius Tomaschewski discovered that dhclient ofisc-dhcp, a DHCP client, is not properly filtering shell meta-charactersin certain options in DHCP server responses. These options are reused inan insecure fashion by dhclient scripts. This allows an attacker to executearbitrary commands with the privileges of such a process by sending craftedDHCP options to a client using a rogue server.======- -------------------------------------------------------------------------Debian Security Advisory DSA-2217-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeApril 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : dhcp3Vulnerability : missing input sanitizationProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0997Sebastian Krahmer and Marius Tomaschewski discovered that dhclient ofdhcp3, a DHCP client, is not properly filtering shell meta-charactersin certain options in DHCP server responses. These options are reused inan insecure fashion by dhclient scripts. This allows an attacker to executearbitrary commands with the privileges of such a process by sending craftedDHCP options to a client using a rogue server.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2218-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeApril 12, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : vlcVulnerability : heap-based buffer overflowProblem type : localDebian-specific: noCVE ID : none yetAliz Hammond discovered that the MP4 decoder plugin of vlc, a multimediaplayer and streamer, is vulnerable to a heap-based buffer overflow.This has been introduced by a wrong data type being used for a sizecalculation. An attacker could use this flaw to trick a victim intoopening a specially crafted MP4 file and possibly execute arbitrary codeor crash the media player.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2219-1 security@debian.orghttp://www.debian.org/security/ Thijs Kinkhorst April 18, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : xmlsec1Vulnerability : arbitrary file overwriteProblem type : local (remote)Debian-specific: noCVE ID : CVE-2011-1425 Debian Bug : 620560Nicolas Gregoire discovered that the XML Security Library xmlsec allowedremote attackers to create or overwrite arbitrary files throughspecially crafted XML files using the libxslt output extension and ads:Transform element during signature verification.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2220-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerApril 19, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : request-tracker3.6, request-tracker3.8Vulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1685 CVE-2011-1686 CVE-2011-1687 CVE-2011-1688 CVE-2011-1689 CVE-2011-1690Several vulnerabilities were in Request Tracker, an issue trackingsystem.CVE-2011-1685 If the external custom field feature is enabled, Request Tracker allows authenticated users to execute arbitrary code with the permissions of the web server, possible triggered by a cross-site request forgery attack. (External custom fields are disabled by default.)CVE-2011-1686 Multiple SQL injection attacks allow authenticated users to obtain data from the database in an unauthorized way.CVE-2011-1687 An information leak allows an authenticated privileged user to obtain sensitive information, such as encrypted passwords, via the search interface.CVE-2011-1688 When running under certain web servers (such as Lighttpd), Request Tracker is vulnerable to a directory traversal attack, allowing attackers to read any files accessible to the web server. Request Tracker instances running under Apache or Nginx are not affected.CVE-2011-1689 Request Tracker contains multiple cross-site scripting vulnerabilities.CVE-2011-1690 Request Tracker enables attackers to redirect authentication credentials supplied by legitimate users to third-party servers.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2222-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffApril 20, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : tinyproxyVulnerability : incorrect ACL processingProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1499Debian Bug : 621493 Christoph Martin discovered that incorrect ACL processing in TinyProxy, a lightweight, non-caching, optionally anonymizing http proxy could lead to unintended network access rights.=====- -------------------------------------------------------------------------Debian Security Advisory DSA-2223-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerApril 20, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : doctrineVulnerability : SQL injectionProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1522 Debian Bug : 622674It was discovered that Doctrine, a PHP library for implementing objectpersistence, contains SQL injection vulnerabilities. (CVE-2011-1522)The exact impact depends on the application which uses the Doctrinelibrary.=====- -------------------------------------------------------------------------Debian Security Advisory DSA-2224-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerApril 20, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : openjdk-6Vulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2010-4351 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2011-0025 CVE-2011-0706Several security vulnerabilities were discovered in OpenJDK, animplementation of the Java platform.CVE-2010-4351 The JNLP SecurityManager returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.CVE-2010-4448 Malicious applets can perform DNS cache poisoning.CVE-2010-4450 An empty (but set) LD_LIBRARY_PATH environment variable results in a misconstructed library search path, resulting in code execution from possibly untrusted sources.CVE-2010-4465 Malicious applets can extend their privileges by abusing Swing timers.CVE-2010-4469 The Hotspot just-in-time compiler miscompiles crafted byte sequences, resulting in heap corruption.CVE-2010-4470 JAXP can be exploited by untrusted code to elevate privileges.CVE-2010-4471 Java2D can be exploited by untrusted code to elevate privileges.CVE-2010-4472 Untrusted code can replace the XML DSIG implementation.CVE-2011-0025 Signatures on JAR files are not properly verified, which allows remote attackers to trick users into executing code that appears to come from a trusted source.CVE-2011-0706 The JNLPClassLoader class allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptorIn addition, this security update contains stability fixes, such asswitching to the recommended Hotspot version (hs14) for thisparticular version of OpenJDK.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2226-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffApril 26, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libmodplugVulnerability : buffer overflowProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1574 Debian Bug : 622091M. Lucinskij and P. Tumenas discovered a buffer overflow in the code forprocessing S3M tracker files in the Modplug tracker music library, which may result in the execution of arbitrary code.=====- -------------------------------------------------------------------------Debian Security Advisory DSA-2225-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffApril 25, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : asteriskVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1147 CVE-2011-1174 CVE-2011-1175 CVE-2011-1507 CVE-2011-1599 Several vulnerabilities have been discovered in Asterisk, an Open SourcePBX and telephony toolkit.CVE-2011-1147 Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service of the execution of arbitrary code.CVE-2011-1174 Blake Cornell discovered that incorrect connection handling in the manager interface may lead to denial of service.CVE-2011-1175 Blake Cornell and Chris May discovered that incorrect TCP connection handling may lead to denial of service.CVE-2011-1507 Tzafrir Cohen discovered that insufficient limitation of connection requests in several TCP based services may lead to denial of service. Please see http://downloads.asterisk.org/pub/security/AST-2011-005.html for details.CVE-2011-1599 Matthew Nicholson discovered a privilege escalation vulnerability in the manager interface.

Link to comment
Share on other sites

V.T. Eric Layton

- -------------------------------------------------------------------------Debian Security Advisory DSA-2227-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffApril 30, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceapeVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 Several vulnerabilities have been found in the Iceape internet suite, anunbranded version of Seamonkey:CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code.CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code.CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history.CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs.

Link to comment
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2228-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMay 01, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceweaselVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox:CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code.CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code.CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history.CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs.For the oldstable distribution (lenny), this problem will be fixed soonwith updated packages of the xulrunner source package. For the stable distribution (squeeze), this problem has been fixed inversion 3.5.16-7.For the unstable distribution (sid), this problem has been fixed inversion 3.5.19-1.=======- -------------------------------------------------------------------------Debian Security Advisory DSA-2229-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMay 01, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : spipVulnerability : programming errorProblem type : remoteDebian-specific: noCVE ID : not yet availableA vulnerability has been found in SPIP, a website engine for publishing,which allows a malicious registered author to disconnect the website from its database, resulting in denial of service.The oldstable distribution (lenny) doesn't include spip.For the stable distribution (squeeze), this problem has been fixed inversion 2.1.1-3squeeze1.The unstable distribution (sid) will be fixed soon.======- -------------------------------------------------------------------------Debian Security Advisory DSA-2230-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMay 01, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : qemu-kvmVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0011 CVE-2011-1750 Debian Bug : 611134 624177Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware:CVE-2011-0011 Setting the VNC password to an empty string silently disabled all authentication.CVE-2011-1750 The virtio-blk driver performed insufficient validation of read/write I/O from the guest instance, which could lead to denial of service or privilege escalation.The oldstable distribution (lenny) is not affected by this problem.For the stable distribution (squeeze), this problem has been fixed inversion 0.12.5+dfsg-5+squeeze1.The unstable distribution (sid) will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2231-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerJune 6, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : otrs2Vulnerability : cross-site scriptingProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1518Multiple cross-site scripting vulnerabilities were discovered in OpenTicket Request System (OTRS), a trouble-ticket system. (CVE-2011-1518)In addition, this security update a failure when upgrading the packagefrom lenny to squeeze.The oldstable distribution (lenny) is not affected by this problem.For the stable distribution (squeeze), this problem has been fixed inversion 2.4.9+dfsg1-3+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 2.4.10+dfsg1-1.==============- -------------------------------------------------------------------------Debian Security Advisory DSA-2232-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerMay 06, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : exim4Vulnerability : format string vulnerabilityProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1764Debian Bug : 624670It was discovered that Exim, the default mail transport agent inDebian, uses DKIM data obtain from DNS directly in a format string,potentially allowing malicious mail senders to execute arbitrary code.(CVE-2011-1764)The oldstable distribution (lenny) is not affected by this problembecause it does not contain DKIM support.For the stable distribution (squeeze), this problem has been fixed inversion 4.72-6+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 4.75-3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2233-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerMay 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : postfixVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2009-2939 CVE-2011-0411 CVE-2011-1720Several vulnerabilities were discovered in Postfix, a mail transferagent. The Common Vulnerabilities and Exposures project identifiesthe following problems:CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.CVE-2011-0411 The STARTTLS implementation does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place.CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.For the oldstable distribution (lenny), this problem has been fixed inversion 2.5.5-1.1+lenny1.For the stable distribution (squeeze), this problem has been fixed inversion 2.7.1-1+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 2.8.0-1.============- -------------------------------------------------------------------------Debian Security Advisory DSA-2234-1 security@debian.orghttp://www.debian.org/security/ Luciano BelloMay 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : zodbVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2009-0668 CVE-2009-0669 Debian Bug : 540465Several remote vulnerabilities have been discovered in python-zodb, a set oftools for using ZODB, that could lead to arbitrary code execution in the worstcase. The Common Vulnerabilities and Exposures project identified the followingproblems:CVE-2009-0668 The ZEO server doesn't restrict the callables when unpickling data received from a malicious client which can be used by an attacker to execute arbitrary python code on the server by sending certain exception pickles. This also allows an attacker to import any importable module as ZEO is importing the module containing a callable specified in a pickle to test for a certain flag.CVE-2009-0669 Due to a programming error an authorization method in the StorageServer component of ZEO was not used as an internal method. This allows a malicious client to bypass authentication when connecting to a ZEO server by simply calling this authorization method.The update also limits the number of new object ids a client can requestto 100 as it would be possible to consume huge amounts of resources byrequesting a big batch of new object ids. No CVE id has been assigned to this.For the oldstable distribution (lenny), this problem has been fixed inversion 1:3.6.0-2+lenny3.The stable distribution (squeeze) is not affected, it was fixed beforethe initial release.For the unstable distribution (sid), this problem has been fixed inversion 1:3.8.2-1.========================- -------------------------------------------------------------------------Debian Security Advisory DSA-2235-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMay 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : icedoveVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 Several vulnerabilities have been discovered in Icedove, an unbrandedversion of the Thunderbird mail/news client.CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code.CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code.CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history.CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs.As indicated in the Lenny (oldstable) release notes, security support forthe Icedove packages in the oldstable needed to be stopped before the endof the regular Lenny security maintenance life cycle.You are strongly encouraged to upgrade to stable or switch to a differentmail client.For the stable distribution (squeeze), this problem has been fixed inversion 3.0.11-1+squeeze2.For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2236-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerMay 12, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : exim4Vulnerability : command injectionProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1407It was discovered that Exim, Debian's default mail transfer agent, isvulnerable to command injection attacks in its DKIM processing code,leading to arbitrary code execution. (CVE-2011-1407)The default configuration supplied by Debian does not expose thisvulnerability.The oldstable distribution (lenny) is not affected by this problem.For the stable distribution (squeeze), this problem has been fixed inversion 4.72-6+squeeze2.For the unstable distribution (sid), this problem has been fixed inversion 4.76-1.

Link to comment
Share on other sites

×
×
  • Create New...