Jump to content

Bruno

Recommended Posts

- -------------------------------------------------------------------------Debian Security Advisory DSA-2321-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffOctober 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : moinVulnerability : cross-site scriptingProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1058 A cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki.For the oldstable distribution (lenny), this problem has been fixed inversion 1.7.1-3+lenny6.For the stable distribution (squeeze), this problem has been fixed inversion 1.9.3-1+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 1.9.3-3.- -------------------------------------------------------------------------Debian Security Advisory DSA-2322-1 security@debian.orghttp://www.debian.org/security/ Jonathan WiltshireOctober 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : bugzillaVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-201-2979 CVE-2010-4567 CVE-2010-4568 CVE-2010-4572 CVE-2011-0046 CVE-2011-0048 CVE-2011-2379 CVE-2011-2380 CVE-2011-2381 CVE-2011-2978 Several vulnerabilities were discovered in Bugzilla, a web-based bugtracking system.CVE-2010-4572 By inserting particular strings into certain URLs, it was possible to inject both headers and content to any browser.CVE-2010-4567, CVE-2011-0048 Bugzilla has a "URL" field that can contain several types of URL, including "java script:" and "data:" URLs. However, it does not make "java script:" and "data:" URLs into clickable links, to protect against cross-site scripting attacks or other attacks. It was possible to bypass this protection by adding spaces into the URL in places that Bugzilla did not expect them. Also, "java script:" and "data:" links were *always* shown as clickable to logged-out users.CVE-2010-4568 It was possible for a user to gain unauthorized access to any Bugzilla account in a very short amount of time (short enough that the attack is highly effective).CVE-2011-0046 Various pages were vulnerable to Cross-Site Request Forgery attacks. Most of these issues are not as serious as previous CSRF vulnerabilities.CVE-2011-2978 When a user changes his email address, Bugzilla trusts a user-modifiable field for obtaining the current e-mail address to send a confirmation message to. If an attacker has access to the session of another user (for example, if that user left their browser window open in a public place), the attacker could alter this field to cause the email-change notification to go to their own address. This means that the user would not be notified that his account had its email address changed by the attacker.CVE-2011-2381 For flagmails only, attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications when an attachment flag is edited.CVE-2011-2379 Bugzilla uses an alternate host for attachments when viewing them in raw format to prevent cross-site scripting attacks. This alternate host is now also used when viewing patches in "Raw Unified" mode because Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing, which could lead to the execution of malicious code.CVE-2011-2380 CVE-201-2979 Normally, a group name is confidential and is only visible to members of the group, and to non-members if the group is used in bugs. By crafting the URL when creating or editing a bug, it was possible to guess if a group existed or not, even for groups which weren't used in bugs and so which were supposed to remain confidential.For the oldstable distribution (lenny), it has not been practical tobackport patches to fix these bugs. Users of bugzilla on lenny are strongly advised to upgrade to the version in the squeeze distribution.For the stable distribution (squeeze), these problems have been fixed inversion 3.6.2.0-4.4.For the testing distribution (wheezy) and the unstable distribution (sid),the bugzilla packages have been removed.

Link to comment
Share on other sites

  • 2 weeks later...

- -------------------------------------------------------------------------Debian Security Advisory DSA-2324-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffOctober 20, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : wiresharkVulnerability : programming errorProblem type : remoteDebian-specific: noCVE ID : CVE-2011-3360 The Microsoft Vulnerability Research group discovered that insecureload path handling could lead to execution of arbitrary Lua script code.For the oldstable distribution (lenny), this problem has been fixed inversion 1.0.2-3+lenny15. This build will be released shortly.For the stable distribution (squeeze), this problem has been fixed inversion 1.2.11-6+squeeze4.For the unstable distribution (sid), this problem has been fixed inversion 1.6.2-1.

Link to comment
Share on other sites

- --------------------------------------------------------------------------

Debian Security Advisory DSA-2325-1 security@debian.org

http://www.debian.org/security/ Aurelien Jarno

October 23, 2011 http://www.debian.org/security/faq

- --------------------------------------------------------------------------

 

Package : kfreebsd-8

Vulnerability : privilege escalation/denial of service

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4062

 

Buffer overflow in the "linux emulation" support in FreeBSD kernel

allows local users to cause a denial of service (panic) and possibly

execute arbitrary code by calling the bind system call with a long path

for a UNIX-domain socket, which is not properly handled when the

address is used by other unspecified system calls.

 

For the stable distribution (squeeze), this problem has been fixed in

version 8.1+dfsg-8+squeeze2.

 

For the unstable distribution (sid), this problem has been fixed in

version 8.2-9.

 

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2326-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 24, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pam

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3148 CVE-2011-3149

 

Kees Cook of the ChromeOS security team discovered a buffer overflow

in pam_env, a PAM module to set environment variables through the

PAM stack, which allowed the execution of arbitrary code. An additional

issue in argument parsing allows denial of service.

 

The oldstable distribution (lenny) is not affected.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.1.1-6.1+squeeze1.

 

- --------------------------------------------------------------------------

Debian Security Advisory DSA-2327-1 security@debian.org

http://www.debian.org/security/ Nico Golde

Oct 24th, 2011 http://www.debian.org/security/faq

- --------------------------------------------------------------------------

 

Package : libfcgi-perl

Vulnerability : authentication bypass

Problem type : remote

Debian-specific: no

Debian bug : 607479

CVE IDs : CVE-2011-2766

 

Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing

FastCGI applications, is incorrectly restoring environment variables of

a prior request in subsequent requests. In some cases this may lead

to authentication bypasses or worse.

 

 

The oldstable distribution (lenny) is not affected by this problem.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.71-1+squeeze1.

 

For the testing distribution (wheezy), this problem has been fixed in

version 0.73-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.73-2.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2328-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 24, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : freetype

Vulnerability : missing input sanitising

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3256

Debian Bug : 646120

 

It was discovered that missing input sanitising in Freetype's glyph

handling could lead to memory corruption, resulting in denial of service

or the execution of arbitrary code.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2.3.7-2+lenny7.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.4.2-2.1+squeeze2.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.4.7-1.

 

 

Link to comment
Share on other sites

- --------------------------------------------------------------------------

Debian Security Advisory DSA-2329-1 security@debian.org

http://www.debian.org/security/ Nico Golde

Oct 27th, 2011 http://www.debian.org/security/faq

- --------------------------------------------------------------------------

 

Package : torque

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

Debian bug : none

CVE IDs : CVE-2011-2193

 

Bartlomiej Balcerek discovered several buffer overflows in torque server,

a PBS-derived batch processing server. This allows an attacker to crash the

service or execute arbitrary code with privileges of the server via crafted

job or host names.

 

The oldstable distribution (lenny) does not contain torque.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.4.8+dfsg-9squeeze1.

 

For the testing distribution (wheezy), this problem has been fixed in

version 2.4.15+dfsg-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.4.15+dfsg-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2330-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

October 27, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : simplesamlphp

Vulnerability : xml encryption weakness

Problem type : remote

Debian-specific: no

 

Issues were found in the handling of XML encryption in simpleSAMLphp,

an application for federated authentication. The following two issues

have been addressed:

 

It may be possible to use an SP as an oracle to decrypt encrypted

messages sent to that SP.

 

It may be possible to use the SP as a key oracle which can be used

to forge messages from that SP by issuing 300000-2000000 queries to

the SP.

 

The oldstable distribution (lenny) does not contain simplesamlphp.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.6.3-2.

 

The testing distribution (wheezy) will be fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.8.2-1.

 

Link to comment
Share on other sites

- --------------------------------------------------------------------------

Debian Security Advisory DSA-2331-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 28, 2011 http://www.debian.org/security/faq

- --------------------------------------------------------------------------

 

Package : tor

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-2768 CVE-2011-2769

 

It has been discovered by "frosty_un" that a design flaw in Tor, an online

privacy tool, allows malicious relay servers to learn certain information

that they should not be able to learn. Specifically, a relay that a user

connects to directly could learn which other relays that user is

connected to directly. In combination with other attacks, this issue

can lead to deanonymizing the user. The Common Vulnerabilities and

Exposures project has assigned CVE-2011-2768 to this issue.

 

In addition to fixing the above mentioned issues, the updates to oldstable

and stable fix a number of less critical issues (CVE-2011-2769). Please

see this posting from the Tor blog for more information:

https://blog.torproject.org/blog/tor-02234-...ecurity-patches

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian

archive scripts, the update cannot be released synchronously with the

packages for stable. It will be released shortly.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.2.1.31-1.

 

For the unstable and testing distributions, this problem has been fixed in

version 0.2.2.34-1.

 

For the experimental distribution, this problem have has fixed in version

0.2.3.6-alpha-1.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2323-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

October 26, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : radvd

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605

Debian Bug : 644614

 

Multiple security issues were discovered by Vasiliy Kulikov in radvd, an

IPv6 Router Advertisement daemon:

 

CVE-2011-3602

 

set_interface_var() function doesn't check the interface name, which is

chosen by an unprivileged user. This could lead to an arbitrary file

overwrite if the attacker has local access, or specific files overwrites

otherwise.

 

CVE-2011-3604

 

process_ra() function lacks multiple buffer length checks which could

lead to memory reads outside the stack, causing a crash of the daemon.

 

CVE-2011-3605

 

process_rs() function calls mdelay() (a function to wait for a defined

time) unconditionnally when running in unicast-only mode. As this call

is in the main thread, that means all request processing is delayed (for

a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacked could

flood the daemon with router solicitations in order to fill the input

queue, causing a temporary denial of service (processing would be

stopped during all the mdelay() calls).

Note: upstream and Debian default is to use anycast mode.

 

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1:1.1-3.1.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1:1.6-1.1.

 

For the testing distribution (wheezy), this problem has been fixed in

version 1:1.8-1.2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:1.8-1.2.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2332-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

October 29, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : python-django

Vulnerability : several issues

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139

CVE-2011-4140

Debian Bug : 641405

 

Paul McMillan, Mozilla and the Django core team discovered several

vulnerabilities in Django, a Python web framework:

 

CVE-2011-4136

 

When using memory-based sessions and caching, Django sessions are

stored directly in the root namespace of the cache. When user data is

stored in the same cache, a remote user may take over a session.

 

CVE-2011-4137, CVE-2011-4138

 

Django's field type URLfield by default checks supplied URL's by

issuing a request to it, which doesn't time out. A Denial of Service

is possible by supplying specially prepared URL's that keep the

connection open indefinately or fill the Django's server memory.

 

CVE-2011-4139

 

Django used X-Forwarded-Host headers to construct full URL's. This

header may not contain trusted input and could be used to poison the

cache.

 

CVE-2011-4140

 

The CSRF protection mechanism in Django does not properly handle

web-server configurations supporting arbitrary HTTP Host headers,

which allows remote attackers to trigger unauthenticated forged

requests.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.0.2-1+lenny3.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.2.3-3+squeeze2.

 

For the testing (wheezy) and unstable distribution (sid), this problem

has been fixed in version 1.3.1-1.

 

Link to comment
Share on other sites

- --------------------------------------------------------------------------

Debian Security Advisory DSA-2333-1 security@debian.org

http://www.debian.org/security/ Jonathan Wiltshire

Oct 31th, 2011 http://www.debian.org/security/faq

- --------------------------------------------------------------------------

 

Package : phpldapadmin

Vulnerability : several

Problem type : remote

Debian-specific: no

Debian bug : 646754

CVE IDs : CVE-2011-4075 CVE-2011-4074

 

Two vulnerabilities have been discovered in phpldapadmin, a web based

interface for administering LDAP servers. The Common Vulnerabilities and

Exposures project identifies the following problems:

 

CVE-2011-4074

 

Input appended to the URL in cmd.php (when "cmd" is set to "_debug") is

not properly sanitised before being returned to the user. This can be

exploited to execute arbitrary HTML and script code in a user's browser

session in context of an affected site.

 

CVE-2011-4075

 

Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to

"query_engine", "query" is set to "none", and "search" is set to e.g.

"1") is not properly sanitised in lib/functions.php before being used in a

"create_function()" function call. This can be exploited to inject and

execute arbitrary PHP code.

 

 

For the oldstable distribution (lenny), these problems have been fixed in

version 1.1.0.5-6+lenny2.

 

For the stable distribution (squeeze), these problems have been fixed in

version 1.2.0.5-2+squeeze1.

 

For the testing distribution (wheezy), these problems will be fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.2.0.5-2.1.

 

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2334-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 04, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mahara

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-2771 CVE-2011-2772 CVE-2011-2773

 

Several vulnerabilities were discovered in Mahara, an electronic

portfolio, weblog, and resume builder:

 

CVE-2011-2771

 

Teemu Vesala discovered that missing input sanitising of RSS

feeds could lead to cross-site scripting.

 

CVE-2011-2772

 

Richard Mansfield discovered that insufficient upload restrictions

allowed denial of service.

 

CVE-2011-2773

 

Richard Mansfield that the management of institutions was prone to

cross-site request forgery.

 

(no CVE ID available yet)

 

Andrew Nichols discovered a privilege escalation vulnerability

in MNet handling.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.0.4-4+lenny11.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.2.6-2+squeeze3.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.4.1-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2335-1 security@debian.org

http://www.debian.org/security/ Nico Golde

November 5th, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : man2hhtml

Vulnerability : missing input sanitization

Problem type : remote

Debian-specific: yes

CVE ID : CVE-2011-2770

 

Tim Starling discovered that the Debian-native CGI wrapper for man2html,

a program to convert UNIX man pages to HTML, is not properly escaping

user-supplied input when displaying various error messages. A remote

attacker can exploit this flaw to conduct cross-site scripting (XSS)

attacks.

 

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.6f-3+lenny1.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.6f+repack-1+squeeze1.

 

For the testing distribution (wheezy), this problem has been fixed in

version 1.6g-6.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.6g-6.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2337-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

November 6, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xen

Vulnerability : several vulnerabilities

Problem type : local

Debian-specific: no

CVE ID : CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262

 

Several vulnerabilities were discovered in the Xen virtual machine

hypervisor.

 

CVE-2011-1166

 

A 64-bit guest can get one of its vCPU'ss into non-kernel

mode without first providing a valid non-kernel pagetable,

thereby locking up the host system.

 

CVE-2011-1583, CVE-2011-3262

 

Local users can cause a denial of service and possibly execute

arbitrary code via a crafted paravirtualised guest kernel image.

 

CVE-2011-1898

 

When using PCI passthrough on Intel VT-d chipsets that do not

have interrupt remapping, guest OS can users to gain host OS

privileges by writing to the interrupt injection registers.

 

The oldstable distribution (lenny) contains a different version of Xen

not affected by these problems.

 

For the stable distribution (squeeze), this problem has been fixed in

version 4.0.1-4.

 

For the testing (wheezy) and unstable distribution (sid), this problem

has been fixed in version 4.1.1-1.

 

Link to comment
Share on other sites

Package : moodle

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : not yet available

 

Several cross-site scripting and information disclosure issues have

been fixed in Moodle, a course management system for online learning:

 

* MSA-11-0020 Continue links in error messages can lead offsite

* MSA-11-0024 Recaptcha images were being authenticated from an older

server

* MSA-11-0025 Group names in user upload CSV not escaped

* MSA-11-0026 Fields in user upload CSV not escaped

* MSA-11-0031 Forms API constant issue

* MSA-11-0032 MNET SSL validation issue

* MSA-11-0036 Messaging refresh vulnerability

* MSA-11-0037 Course section editing injection vulnerability

* MSA-11-0038 Database injection protection strengthened

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.9.9.dfsg2-2.1+squeeze2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.9.9.dfsg2-4.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2339-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 07, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nss

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3640

Debian Bug : 647614

 

This update to the NSS cryptographic libraries revokes the trust in the

"DigiCert Sdn. Bhd" certificate authority. More information can be found

in the Mozilla Security Blog:

http://blog.mozilla.com/security/2011/11/0...cate-authority/

 

This update also fixes an insecure load path for pkcs11.txt configuration

file (CVE-2011-3640).

 

For the oldstable distribution (lenny), this problem has been fixed in

version 3.12.3.1-0lenny7.

 

For the stable distribution (squeeze), this problem has been fixed in

version 3.12.8-1+squeeze4.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.13.1.with.ckbi.1.88-1.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2336-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

November 07, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ffmpeg

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3362 CVE-2011-3973 CVE-2011-3974 CVE-2011-3504

Debian Bug : 641478

 

Multiple vulnerabilities were found in the ffmpeg, a multimedia player,

server and encoder:

 

CVE-2011-3362

 

An integer signedness error in decode_residual_block function of

the Chinese AVS video (CAVS) decoder in libavcodec can lead to

denial of service (memory corruption and application crash) or

possible code execution via a crafted CAVS file.

 

CVE-2011-3973/CVE-2011-3974

 

Multiple errors in the Chinese AVS video (CAVS) decoder can lead to

denial of service (memory corruption and application crash) via an

invalid bitstream.

 

CVE-2011-3504

 

A memory allocation problem in the Matroska format decoder can lead

to code execution via a crafted file.

 

For the stable distribution (squeeze), this problem has been fixed in

version 4:0.5.5-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 4:0.7.2-1 of the libav source package.

 

Security support for ffmpeg has been discontinued for the oldstable

distribution (lenny) before in DSA 2306.

The current version in oldstable is not supported by upstream anymore

and is affected by several security issues. Backporting fixes for these

and any future issues has become unfeasible and therefore we needed to

drop our security support for the version in oldstable.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2340-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

November 7, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : postgresql-8.3, postgresql-8.4, postgresql-9.0

Vulnerability : weak password hashing

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-2483

Debian Bug : 631285

 

magnum discovered that the blowfish password hashing used amongst

others in PostgreSQL contained a weakness that would give passwords

with 8 bit characters the same hash as weaker equivalents.

 

For the oldstable distribution (lenny), this problem has been fixed in

postgresql-8.3 version 8.3.16-0lenny1.

 

For the stable distribution (squeeze), this problem has been fixed in

postgresql-8.4 version 8.4.9-0squeeze1.

 

For the testing distribution (wheezy) and unstable distribution (sid),

this problem has been fixed in postgresql-8.4 version 8.4.9-1,

postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1.

 

The updates also include reliability improvements, originally scheduled

for inclusion into the next point release; for details see the respective

changelogs.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2341-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 09, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650

 

Several vulnerabilities have been discovered in Iceweasel, a web browser

based on Firefox. The included XULRunner library provides rendering

services for several other applications included in Debian.

 

CVE-2011-3647

 

"moz_bug_r_a4" discovered a privilege escalation vulnerability in

addon handling.

 

CVE-2011-3648

 

Yosuke Hasegawa discovered that incorrect handling of Shift-JIS

encodings could lead to cross-site scripting.

 

CVE-2011-3650

 

Marc Schoenefeld discovered that profiling the Javascript code

could lead to memory corruption.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.9.0.19-15 of the xulrunner source package.

 

For the stable distribution (squeeze), this problem has been fixed in

version 3.5.16-11.

 

For the unstable distribution (sid), this problem has been fixed in

version 8.0-1.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2342-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 09, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceape

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650

 

Several vulnerabilities have been found in the Iceape internet suite, an

unbranded version of Seamonkey:

 

CVE-2011-3647

 

"moz_bug_r_a4" discovered a privilege escalation vulnerability in

addon handling.

 

CVE-2011-3648

 

Yosuke Hasegawa discovered that incorrect handling of Shift-JIS

encodings could lead to cross-site scripting.

 

CVE-2011-3650

 

Marc Schoenefeld discovered that profiling the Javascript code

could lead to memory corruption.

 

The oldstable distribution (lenny) is not affected. The iceape package only

provides the XPCOM code.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.0.11-9.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.0.14-9.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2343-1 security@debian.org

http://www.debian.org/security/ Raphael Geissert

November 09, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

Vulnerability : CA trust revocation

Problem type : remote

Debian-specific: no

 

Several weak certificates were issued by Malaysian intermediate CA

"Digicert Sdn. Bhd." This event, along with other issues, has lead to

Entrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed

certificates.

 

This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this

decision by marking Digicert Sdn. Bhd.'s certificates as revoked.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.9.8g-15+lenny14.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.9.8o-4squeeze4.

 

For the testing distribution (wheezy), this problem will be fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.0.0e-2.1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2344-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

November 11, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : python-django-piston

Vulnerability : deserialization vulnerability

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4103

Debian Bug : 647315

 

It was discovered that the Piston framework can deserializes untrusted

YAML and Pickle data, leading to remote code execution. (CVE-2011-4103)

 

The old stable distribution (lenny) does not contain a

python-django-piston package.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.2.2-1+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem has been fixed in version 0.2.2-2.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2345-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

November 11, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

Vulnerability : several

Problem type : local (remote)

Debian-specific: no

CVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650

 

Several vulnerabilities have been discovered in Icedove, a mail client

based on Thunderbird.

 

CVE-2011-3647

The JSSubScriptLoader does not properly handle

XPCNativeWrappers during calls to the loadSubScript method in

an add-on, which makes it easier for remote attackers to gain

privileges via a crafted web site that leverages certain

unwrapping behavior.

 

CVE-2011-3648

A cross-site scripting (XSS) vulnerability allows remote

attackers to inject arbitrary web script or HTML via crafted

text with Shift JIS encoding.

 

CVE-2011-3650

Iceweasel does not properly handle JavaScript files that

contain many functions, which allows user-assisted remote

attackers to cause a denial of service (memory corruption and

application crash) or possibly have unspecified other impact

via a crafted file that is accessed by debugging APIs, as

demonstrated by Firebug.

 

For the stable distribution (squeeze), these problems have been fixed

in version 3.0.11-1+squeeze6.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 3.1.15-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2346-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

November 15, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : proftpd-dfsg

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4130

Debian Bug : 648373

 

Several vulnerabilities were discovered in ProFTPD, an FTP server:

 

ProFTPD incorrectly uses data from an unencrypted input buffer

after encryption has been enabled with STARTTLS, an issue

similar to CVE-2011-0411.

 

CVE-2011-4130

ProFTPD uses a response pool after freeing it under

exceptional conditions, possibly leading to remote code

execution. (The version in lenny is not affected by this

problem.)

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.3.1-17lenny8.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.3.3a-6squeeze4.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem has been fixed in version 1.3.4~rc3-2.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2346-2 security@debian.org

http://www.debian.org/security/ Florian Weimer

November 16, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : proftpd-dfsg

Vulnerability : several

Problem type : remote

Debian-specific: no

Debian Bug : 648922

 

The ProFTPD security update, DSA-2346-1, introduced a regression,

preventing successful TLS connections. This regression does not

affected the stable distribution (squeeze), nor the testing and

unstable distributions.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.3.1-17lenny9.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2347-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

November 16, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bind9

Vulnerability : improper assert

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4313

 

It was discovered that BIND, a DNS server, crashes while processing

certain sequences of recursive DNS queries, leading to a denial of

service. Authoritative-only server configurations are not affected by

this issue.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1:9.6.ESV.R4+dfsg-0+lenny4.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1:9.7.3.dfsg-1~squeeze4.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2349-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 19, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : spip

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : not available yet

 

Two vulnerabilities have been found in SPIP, a website engine for

publishing, which allow privilege escalation to site administrator

privileges and cross-site scripting.

 

The oldstable distribution (lenny) doesn't include spip.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.1.1-3squeeze2.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.1.12-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2350-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 20, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : freetype

Vulnerability : missing input sanitising

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3439

Debian Bug : 649122

 

It was discovered that missing input sanitising in Freetype's processing

of CID-keyed fonts could lead to the execution of arbitrary code.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2.3.7-2+lenny8.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.4.2-2.1+squeeze3.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.4.8-1.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2348-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 17, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : systemtap

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2010-4170 CVE-2010-4171 CVE-2011-2503

 

Several vulnerabilities were discovered in SystemTap, an instrumentation

system for Linux:

 

CVE-2011-2503

 

It was discovered that a race condition in staprun could lead to

privilege escalation.

 

CVE-2010-4170

 

It was discovered that insufficient validation of environment

variables in staprun could lead to privilege escalation.

 

CVE-2010-4171

 

It was discovered that insufficient validation of module unloading

could lead to denial of service.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.2-5+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.6-1.

 

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2351-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 21, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wireshark

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4102

 

Huzaifa Sidhpurwala discovered a buffer overflow in Wireshark's ERF

dissector, which could lead to the execution of arbitrary code.

 

For the oldstable distribution (lenny), this problem has been fixed in

version wireshark 1.0.2-3+lenny16.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.2.11-6+squeeze5.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.6.3-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2352-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 22, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : puppet

Vulnerability : programming error

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3872

 

It was discovered that Puppet, a centralized configuration management

solution, misgenerated certificates if the "certdnsnames" option was

used. This could lead to man in the middle attacks. More details are

available at http://puppetlabs.com/security/cve/cve-2011-3872/

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.24.5-3+lenny2.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.6.2-5+squeeze3.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.7.6-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2353-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 24, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ldns

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3581

Debian Bug :

 

David Wheeler discovered a buffer overflow in ldns's code to parse

RR records, which could lead to the execution of arbitrary code.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.4.0-1+lenny2.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.6.6-2+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.6.11-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2354-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

November 28, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : cups

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-2896 CVE-2011-3170

 

Petr Sklenar and Tomas Hoger discovered that missing input sanitising in

the GIF decoder inside the Cups printing system could lead to denial

of service or potentially arbitrary code execution through crafted GIF

files.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.3.8-1+lenny10.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.4.4-7+squeeze1.

 

For the testing and unstable distribution (sid), this problem has been

fixed in version 1.5.0-8.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2355-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 30, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : clearsilver

Vulnerability : format string vulnerability

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4357

 

Leo Iannacone and Colin Watson discovered a format string vulnerability

in the Python bindings for the Clearsilver HTML template system, which

may lead to denial of service or the execution of arbitrary code.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.10.4-1.3+lenny1.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.10.5-1+squeeze1.

 

For the unstable distribution (sid), this problem will be fixed soon.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2356-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 01, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-6

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Java platform:

 

CVE-2011-3389

The TLS implementation does not guard properly against certain

chosen-plaintext attacks when block ciphers are used in CBC

mode.

 

CVE-2011-3521

The CORBA implementation contains a deserialization

vulnerability in the IIOP implementation, allowing untrusted

Java code (such as applets) to elevate its privileges.

 

CVE-2011-3544

The Java scripting engine lacks necessary security manager

checks, allowing untrusted Java code (such as applets) to

elevate its privileges.

 

CVE-2011-3547

The skip() method in java.io.InputStream uses a shared buffer,

allowing untrusted Java code (such as applets) to access data

that is skipped by other code.

 

CVE-2011-3548

The java.awt.AWTKeyStroke class contains a flaw which allows

untrusted Java code (such as applets) to elevate its

privileges.

 

CVE-2011-3551

The Java2D C code contains an integer overflow which results

in a heap-based buffer overflow, potentially allowing

untrusted Java code (such as applets) to elevate its

privileges.

 

CVE-2011-3552

Malicous Java code can use up an excessive amount of UDP

ports, leading to a denial of service.

 

CVE-2011-3553

JAX-WS enables stack traces for certain server responses by

default, potentially leaking sensitive information.

 

CVE-2011-3554

JAR files in pack200 format are not properly checked for

errors, potentially leading to arbitrary code execution when

unpacking crafted pack200 files.

 

CVE-2011-3556

The RMI Registry server lacks access restrictions on certain

methods, allowing a remote client to execute arbitary code.

 

CVE-2011-3557

The RMI Registry server fails to properly restrict privileges

of untrusted Java code, allowing RMI clients to elevate their

privileges on the RMI Registry server.

 

CVE-2011-3560

The com.sun.net.ssl.HttpsURLConnection class does not perform

proper security manager checks in the setSSLSocketFactory()

method, allowing untrusted Java code to bypass security policy

restrictions.

 

For the stable distribution (squeeze), this problem has been fixed in

version 6b18-1.8.10-0+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem has been fixed in version 6b23~pre11-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2357-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

December 03, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : evince

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-264320

Debian Bug : 609534

 

Jon Larimer from IBM X-Force Advanced Research discovered multiple

vulnerabilities in the DVI backend of the evince document viewer:

 

CVE-2010-2640

 

Insuficient array bounds checks in the PK fonts parser could lead

to function pointer overwrite, causing arbitrary code execution.

 

CVE-2010-2641

 

Insuficient array bounds checks in the PK fonts parser could lead

to function pointer overwrite, causing arbitrary code execution.

 

CVE-2010-2642

 

Insuficient bounds checks in the AFM fonts parser when writing

data to a memory buffer allocated on heap could lead to arbitrary

memory overwrite and arbitrary code execution.

 

CVE-2010-2643

 

Insuficient check on an integer used as a size for memory

allocation can lead to arbitrary write outside the allocated range

and cause arbitrary code execution.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2.22.2-4~lenny2.

 

For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641

and CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for

CVE-2010-2642 was incomplete. The final fix is present in version

2.30.3-2+squeeze1.

 

For the testing distribution (wheezy), this problem has been fixed in

version 3.0.2.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.0.2.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2289-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

August 07, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : typo3-src

Vulnerability : several

Problem type : remote

Debian-specific: no

Debian Bug : 635937

 

Several remote vulnerabilities have been discovered in the TYPO3 web

content management framework: cross-site scripting, information

disclosure, authentication delay bypass, and arbitrary file deletion.

More details can be found in the Typo3 security advisory:

http://typo3.org/teams/security/security-b...o3-core-sa-2011

- -001/

 

For the oldstable distribution (lenny), these problems have been fixed in

version 4.2.5-1+lenny8.

 

For the stable distribution (squeeze), these problems have been fixed in

version 4.3.9+dfsg1-1+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 4.5.4+dfsg1-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2290-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

August 07, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : samba

Vulnerability : cross-site scripting

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-2522 CVE-2011-2694

 

The Samba Web Administration Tool (SWAT) contains several cross-site

request forgery (CSRF) vulnerabilities (CVE-2011-2522) and a

cross-site scripting vulnerability (CVE-2011-2694).

 

For the oldstable distribution (lenny), these problems have been fixed in

version 2:3.2.5-4lenny15.

 

For the stable distribution (squeeze), these problems have been fixed

in version 2:3.5.6~dfsg-3squeeze5.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 2:3.5.10~dfsg-1.

 

-------------------------------------------------------------------------

Debian Security Advisory DSA-2291-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

August 8, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : squirrelmail

Vulnerability : various

Problem type : remote

Debian-specific: no

CVE ID : CVE-2010-4554 CVE-2010-4555 CVE-2011-2023

CVE-2011-2752 CVE-2011-2753

 

Various vulnerabilities have been found in SquirrelMail, a webmail

application. The Common Vulnerabilities and Exposures project

identifies the following vulnerabilities:

 

CVE-2010-4554

 

SquirrelMail did not prevent page rendering inside a third-party

HTML frame, which makes it easier for remote attackers to conduct

clickjacking attacks via a crafted web site.

 

CVE-2010-4555, CVE-2011-2752, CVE-2011-2753

 

Multiple small bugs in SquirrelMail allowed an attacker to inject

malicious script into various pages or alter the contents of user

preferences.

 

CVE-2011-2023

 

It was possible to inject arbitrary web script or HTML via a

crafted STYLE element in an HTML part of an e-mail message.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.4.15-4+lenny5.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.4.21-2.

 

For the testing (wheezy) and unstable distribution (sid), these problems

have been fixed in version 1.4.22-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2358-1 security@debian.org

http://www.debian.org/security/

December 05, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-6

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Java platform. This combines the two previous

openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.

 

CVE-2011-0862

Integer overflow errors in the JPEG and font parser allow

untrusted code (including applets) to elevate its privileges.

 

CVE-2011-0864

Hotspot, the just-in-time compiler in OpenJDK, mishandled

certain byte code instructions, allowing untrusted code

(including applets) to crash the virtual machine.

 

CVE-2011-0865

A race condition in signed object deserialization could

allow untrusted code to modify signed content, apparently

leaving its signature intact.

 

CVE-2011-0867

Untrusted code (including applets) could access information

about network interfaces which was not intended to be public.

(Note that the interface MAC address is still available to

untrusted code.)

 

CVE-2011-0868

A float-to-long conversion could overflow, , allowing

untrusted code (including applets) to crash the virtual

machine.

 

CVE-2011-0869

Untrusted code (including applets) could intercept HTTP

requests by reconfiguring proxy settings through a SOAP

connection.

 

CVE-2011-0871

Untrusted code (including applets) could elevate its

privileges through the Swing MediaTracker code.

 

CVE-2011-3389

The TLS implementation does not guard properly against certain

chosen-plaintext attacks when block ciphers are used in CBC

mode.

 

CVE-2011-3521

The CORBA implementation contains a deserialization

vulnerability in the IIOP implementation, allowing untrusted

Java code (such as applets) to elevate its privileges.

 

CVE-2011-3544

The Java scripting engine lacks necessary security manager

checks, allowing untrusted Java code (such as applets) to

elevate its privileges.

 

CVE-2011-3547

The skip() method in java.io.InputStream uses a shared buffer,

allowing untrusted Java code (such as applets) to access data

that is skipped by other code.

 

CVE-2011-3548

The java.awt.AWTKeyStroke class contains a flaw which allows

untrusted Java code (such as applets) to elevate its

privileges.

 

CVE-2011-3551

The Java2D C code contains an integer overflow which results

in a heap-based buffer overflow, potentially allowing

untrusted Java code (such as applets) to elevate its

privileges.

 

CVE-2011-3552

Malicous Java code can use up an excessive amount of UDP

ports, leading to a denial of service.

 

CVE-2011-3553

JAX-WS enables stack traces for certain server responses by

default, potentially leaking sensitive information.

 

CVE-2011-3554

JAR files in pack200 format are not properly checked for

errors, potentially leading to arbitrary code execution when

unpacking crafted pack200 files.

 

CVE-2011-3556

The RMI Registry server lacks access restrictions on certain

methods, allowing a remote client to execute arbitary code.

 

CVE-2011-3557

The RMI Registry server fails to properly restrict privileges

of untrusted Java code, allowing RMI clients to elevate their

privileges on the RMI Registry server.

 

CVE-2011-3560

The com.sun.net.ssl.HttpsURLConnection class does not perform

proper security manager checks in the setSSLSocketFactory()

method, allowing untrusted Java code to bypass security policy

restrictions.

 

For the oldstable distribution (lenny), these problems have been fixed

in version 6b18-1.8.10-0~lenny1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2359-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 06, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mojarra

Vulnerability : EL injection

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4358

 

It was discovered that Mojarra, an implementation of JavaServer Faces,

evaluates untrusted values as EL expressions if includeViewParameters

is set to true.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.0.3-1+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem has been fixed in version 2.0.3-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2360-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 6, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

This is an advance notice that security support for Debian GNU/Linux 5.0

(code name "lenny") will be terminated in two months.

 

The Debian project released Debian GNU/Linux 6.0 alias "squeeze" on the

6th of February 2011. Users and distributors have been given a one-year

timeframe to upgrade their old installations to the current stable

release. Hence, the security support for the old release of 5.0 is going

to end on the 6th of February 2012 as previously announced.

 

Previously announced security updates for the old release will continue

to be available on security.debian.org.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2360-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 6, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

This is an advance notice that security support for Debian GNU/Linux 5.0

(code name "lenny") will be terminated in two months.

 

The Debian project released Debian GNU/Linux 6.0 alias "squeeze" on the

6th of February 2011. Users and distributors have been given a one-year

timeframe to upgrade their old installations to the current stable

release. Hence, the security support for the old release of 5.0 is going

to end on the 6th of February 2012 as previously announced.

 

Previously announced security updates for the old release will continue

to be available on security.debian.org.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2361-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 07, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chasen

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4000

 

It was discovered that ChaSen, a Japanese morphological analysis

system, contains a buffer overflow, potentially leading to arbitrary

code execution in programs using the library.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2.4.4-2+lenny2.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.4.4-11+squeeze2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2362-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 10, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : acpid

Vulnerability : several

Problem type : remote

Debian-specific: partly

CVE ID : CVE-2011-1159 CVE-2011-2777 CVE-2011-4578

 

Multiple vulnerabilities were found in the acpid, the Advanced

Configuration and Power Interface event daemon:

 

CVE-2011-1159

 

Vasiliy Kulikov of OpenWall discovered that the socket handling

is vulnerable to denial of service.

 

CVE-2011-2777

 

Oliver-Tobias Ripka discovered that incorrect process handling in

the Debian-specific powerbtn.sh script could lead to local

privilege escalation. This issue doesn't affect oldstable. The

script is only shipped as an example in /usr/share/doc/acpid/examples.

See /usr/share/doc/acpid/README.Debian for details.

 

CVE-2011-4578

 

Helmut Grohne and Michael Biebl discovered that acpid sets a umask

of 0 when executing scripts, which could result in local privilege

escalation.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.0.8-1lenny4.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1:2.0.7-1squeeze3.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

×
×
  • Create New...