Jump to content

Bruno

Recommended Posts

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2363-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 16, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tor

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-2778

 

It was discovered that Tor, an online privacy tool, incorrectly computes

buffer sizes in certain cases involving SOCKS connections. Malicious

parties could use this to cause a heap-based buffer overflow, potentially

allowing execution of arbitrary code.

 

In Tor's default configuration this issue can only be triggered by

clients that can connect to Tor's socks port, which listens only on

localhost by default.

 

In non-default configurations where Tor's SocksPort listens not only on

localhost or where Tor was configured to use another socks server for all of

its outgoing connections, Tor is vulnerable to a larger set of malicious

parties.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.2.1.32-1.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.2.2.35-1~squeeze+1.

 

For the unstable and testing distributions, this problem has been fixed in

version 0.2.2.35-1.

 

For the experimental distribution, this problem has has fixed in

version 0.2.3.10-alpha-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2364-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 18, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xorg

Vulnerability : incorrect permission check

Problem type : local

Debian-specific: yes

CVE ID : CVE-2011-4613

Debian Bug : 652249

 

The Debian X wrapper enforces that the X server can only be started from

a console. "vladz" discovered that this wrapper could be bypassed.

 

The oldstable distribution (lenny) is not affected.

 

For the stable distribution (squeeze), this problem has been fixed in

version 7.5+8+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:7.6+10.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2365-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 18, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dtc

Vulnerability : several

Problem type : local/remote

Debian-specific: no

CVE ID : CVE-2011-3195 CVE-2011-3196 CVE-2011-3197 CVE-2011-3198

CVE-2011-3199

Debian Bug : 637469 637477 637485 637584 637629 637630 637618 637537 637487 637632 637669

 

Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple

vulnerabilities in DTC, a web control panel for admin and accounting

hosting services:

 

CVE-2011-3195

 

A possible shell insertion has been found in the mailing list

handling.

 

CVE-2011-3196

 

Unix rights for the apache2.conf were set incorrectly (world

readable).

 

CVE-2011-3197

 

Incorrect input sanitising for the $_SERVER["addrlink"] parameter

could lead to SQL insertion.

 

CVE-2011-3198

 

DTC was using the -b option of htpasswd, possibly revealing

password in clear text using ps or reading /proc.

 

CVE-2011-3199

 

A possible HTML/javascript insertion vulnerability has been found

in the DNS & MX section of the user panel.

 

This update also fixes several vulnerabilities, for which no CVE ID

has been assigned:

 

It has been discovered that DTC performs insufficient input sanitising

in the package installer, leading to possible unwanted destination

directory for installed packages if some DTC application packages

are installed (note that these aren't available in Debian main).

 

DTC was setting-up /etc/sudoers with permissive sudo rights to

chrootuid.

 

Incorrect input sanitizing in the package installer could lead to

SQL insertion.

 

A malicious user could enter a specially crafted support ticket

subject leading to an SQL injection in the draw_user_admin.php.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.29.18-1+lenny2

 

The stable distribution (squeeze) doesn't include dtc.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.34.1-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2366-1 security@debian.org

http://www.debian.org/security/ Jonathan Wiltshire

December 18, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mediawiki

Vulnerability : multiple

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1587

CVE-2011-4360 CVE-2011-4361

Debian Bug : 650434

 

Several problems have been discovered in mediawiki, a website engine for

collaborative work.

 

CVE-2011-1578 CVE-2011-1587

 

Masato Kinugawa discovered a cross-site scripting (XSS) issue, which

affects Internet Explorer clients only, and only version 6 and

earlier. Web server configuration changes are required to fix this

issue. Upgrading MediaWiki will only be sufficient for people who use

Apache with AllowOverride enabled.

 

For details of the required configuration changes, see the upstream

announcements:

http://lists.wikimedia.org/pipermail/media...ril/000096.html

http://lists.wikimedia.org/pipermail/media...ril/000097.html

 

CVE-2011-1579

 

Wikipedia user Suffusion of Yellow discovered a CSS validation error

in the wikitext parser. This is an XSS issue for Internet Explorer

clients, and a privacy loss issue for other clients since it allows

the embedding of arbitrary remote images.

 

CVE-2011-1580

 

MediaWiki developer Happy-Melon discovered that the transwiki import

feature neglected to perform access control checks on form submission.

The transwiki import feature is disabled by default. If it is enabled,

it allows wiki pages to be copied from a remote wiki listed in

$wgImportSources. The issue means that any user can trigger such an

import to occur.

 

CVE-2011-4360

 

Alexandre Emsenhuber discovered an issue where page titles on private

wikis could be exposed bypassing different page ids to index.php. In the

case of the user not having correct permissions, they will now be redirected

to Special:BadTitle.

 

CVE-2011-4361

 

Tim Starling discovered that action=ajax requests were dispatched to the

relevant function without any read permission checks being done. This could

have led to data leakage on private wikis.

 

For the oldstable distribution (lenny), these problems have been fixed in

version 1:1.12.0-2lenny9.

 

For the stable distribution (squeeze), these problems have been fixed in

version 1:1.15.5-2squeeze2.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:1.15.5-5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2367-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 19, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : asterisk

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4597 CVE-2011-4598

Debian Bug :

 

Several vulnerabilities have been discovered in Asterisk, an Open

Source PBX and telephony toolkit:

 

CVE-2011-4597

 

Ben Williams discovered that it was possible to enumerate SIP

user names in some configurations. Please see the upstream

advisory for details:

http://downloads.asterisk.org/pub/security/AST-2011-013.html

 

This update only modifies the sample sip.conf configuration

file. Please see README.Debian for more information on how

to update your installation.

 

CVE-2011-4598

 

Kristijan Vrban discovered that Asterisk can be crashed with

malformed SIP packets if the "automon" feature is enabled.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1:1.4.21.2~dfsg-3+lenny6.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1:1.6.2.9-2+squeeze4.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:1.8.8.0~dfsg-1.

Link to comment
Share on other sites

- ---------------------------------------------------------------------------

Debian Security Advisory DSA-2368-1 security@debian.org

http://www.debian.org/security/ Nico Golde

Dec 20th, 2011 http://www.debian.org/security/faq

- ---------------------------------------------------------------------------

 

Package : lighttpd

Vulnerability : multiple

Problem type : remote

Debian-specific: no

Debian bug : 652726

CVE IDs : CVE-2011-4362 CVE-2011-3389

 

Several vulnerabilities have been discovered in lighttpd, a small and fast

webserver with minimal memory footprint.

 

CVE-2011-4362

 

Xi Wang discovered that the base64 decoding routine which is used to

decode user input during an HTTP authentication, suffers of a signedness

issue when processing user input. As a result it is possible to force

lighttpd to perform an out-of-bounds read which results in Denial of

Service conditions.

 

CVE-2011-3389

 

When using CBC ciphers on an SSL enabled virtual host to communicate with

certain client, a so called "BEAST" attack allows man-in-the-middle

attackers to obtain plaintext HTTP traffic via a blockwise

chosen-boundary attack (BCBA) on an HTTPS session. Technically this is

no lighttpd vulnerability. However, lighttpd offers a workaround to

mitigate this problem by providing a possibility to disable CBC ciphers.

 

This updates includes this option by default. System administrators

are advised to read the NEWS file of this update (as this may break older

clients).

 

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.4.19+lenny3.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.4.28-2+squeeze1.

 

For the testing distribution (squeeze), this problem will be fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.4.30-1.

Link to comment
Share on other sites

- ---------------------------------------------------------------------------

Debian Security Advisory DSA-2369-1 security@debian.org

http://www.debian.org/security/ Nico Golde

Dec 21th, 2011 http://www.debian.org/security/faq

- ---------------------------------------------------------------------------

 

Package : libsoup2.4

Vulnerability : insufficient input sanitization

Problem type : remote

Debian-specific: no

Debian bug : 635837

CVE IDs : CVE-2011-2524

 

It was discovered that libsoup2.4, a HTTP library implementation in C, is

not properly validating input when processing requests made to SoupServer.

A remote attacker can exploit this flaw to access system files via a

directory traversal attack.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2.4.1-2+lenny1.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.30.2-1+squeeze1.

 

For the testing distribution (squeeze), this problem has been fixed in

version 2.34.3-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.34.3-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2370-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 22, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : unbound

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4528 CVE-2011-4869

 

It was discovered that Unbound, a recursive DNS resolver, would crash

when processing certain malformed DNS responses from authoritative DNS

servers, leading to denial of service.

 

CVE-2011-4528

Unbound attempts to free unallocated memory during processing

of duplicate CNAME records in a signed zone.

 

CVE-2011-4869

Unbound does not properly process malformed responses which

lack expected NSEC3 records.

 

For the oldstable distribution (lenny), these problems have been fixed in

version 1.4.6-1~lenny2.

 

For the stable distribution (squeeze), these problems have been fixed in

version 1.4.6-1+squeeze2.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 1.4.14-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2371-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 24, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jasper

Vulnerability : buffer overflows

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4516 CVE-2011-4517

 

Two buffer overflows were discovered in JasPer, a library for handling

JPEG-2000 images, which could lead to the execution of arbitrary code.

 

For the oldstable distribution (lenny), this problem will be fixed in

version 1.900.1-5.1+lenny2. Due to technical limitations of the Debian

archive software, the oldstable update cannot be released synchronously

with the stable update.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.900.1-7+squeeze1.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2372-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 25, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : heimdal

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4862

 

It was discovered that the Kerberos support for telnetd contains a

pre-authentication buffer overflow, which may enable remote attackers

who can connect to the Telnet to execute arbitrary code with root

privileges.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.2.dfsg.1-2.1+lenny1.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.4.0~git20100726.dfsg.1-2+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2373-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 25, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : inetutils

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4862

 

It was discovered that the Kerberos support for telnetd contains a

pre-authentication buffer overflow, which may enable remote attackers

who can connect to the Telnet to execute arbitrary code with root

privileges.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2:1.5.dfsg.1-9+lenny1.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2:1.6-3.1+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2374-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 26, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openswan

Vulnerability : implementation error

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4073

Debian Bug : 650674

 

The information security group at ETH Zurich discovered a denial of

service vulnerability in the crypto helper handler of the IKE daemon

pluto. More information can be found in the upstream advisory at

http://openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1:2.4.12+dfsg-1.3+lenny4.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1:2.6.28+dfsg-5+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:2.6.37-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2375-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 26, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : krb5, krb5-appl

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4862

 

It was discovered that the encryption support for BSD telnetd contains

a pre-authentication buffer overflow, which may enable remote

attackers who can connect to the Telnet port to execute arbitrary code

with root privileges.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.6.dfsg.4~beta1-5lenny7 of the krb5 package.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1:1.0.1-1.2 of the krb5-appl package.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2376-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

December 30, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ipmitool

Vulnerability : insecure pid file

Problem type : local

Debian-specific: no

CVE ID : CVE-2011-4339

Debian Bug : 651917

 

It was discovered that OpenIPMI, the Intelligent Platform Management

Interface library and tools, used too wide permissions PID file,

which allows local users to kill arbitrary processes by writing to

this file.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.8.11-2+squeeze2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.8.11-5.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2263-2 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

December 30, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : movabletype-opensource

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : not yet available

Debian Bug : 627936

 

Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny'

suite at that time. This update adds that package. The original advisory

text follows.

 

It was discovered that Movable Type, a weblog publishing system,

contains several security vulnerabilities:

 

A remote attacker could execute arbitrary code in a logged-in users'

web browser.

 

A remote attacker could read or modify the contents in the system

under certain circumstances.

 

For the oldstable distribution (lenny), these problems have been fixed in

version 4.2.3-1+lenny3.

 

For the stable distribution (squeeze), these problems have been fixed in

version 4.3.5+dfsg-2+squeeze2.

 

For the testing distribution (wheezy) and for the unstable

distribution (sid), these problems have been fixed in version

4.3.6.1+dfsg-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2376-2 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

December 31, 2011 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ipmitool

Vulnerability : insecure pid file

Problem type : local

Debian-specific: no

CVE ID : CVE-2011-4339

Debian Bug : 651917

 

It was discovered that OpenIPMI, the Intelligent Platform Management

Interface library and tools, used too wide permissions PID file,

which allows local users to kill arbitrary processes by writing to

this file.

 

The original announcement didn't contain corrections for the Debian

5.0 "lenny" distribution. This update adds packages for lenny.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.8.9-2+squeeze1. (Although the version number contains the

string "squeeze", this is in fact an update for lenny.)

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.8.11-2+squeeze2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.8.11-5.

 

Link to comment
Share on other sites

- ---------------------------------------------------------------------------

Debian Security Advisory DSA-2377-1 security@debian.org

http://www.debian.org/security/ Nico Golde

Jan 1st, 2012 http://www.debian.org/security/faq

- ---------------------------------------------------------------------------

 

Package : cyrus-imapd-2.2

Vulnerability : NULL pointer dereference

Problem type : remote

Debian-specific: no

CVE IDs : CVE-2011-3481

 

It was discovered that cyrus-imapd, a highly scalable mail system designed

for use in enterprise environments, is not properly parsing mail headers

when a client makes use of the IMAP threading feature. As a result, a NULL

pointer is dereferenced which crashes the daemon. An attacker can trigger

this by sending a mail containing crafted reference headers and access the

mail with a client that uses the server threading feature of IMAP.

 

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2.2.13-14+lenny6.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.2.13-19+squeeze3.

 

For the testing (wheezy) and unstable (sid) distributions, this problem has been

fixed in cyrus-imapd-2.4 version 2.4.11-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2378-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 03, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ffmpeg

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4351 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579

 

Several vulnerabilities have been discovered in ffmpeg, a multimedia

player, server and encoder. Multiple input validations in the decoders

for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of

arbitrary code.

 

For the stable distribution (squeeze), this problem has been fixed in

version 4:0.5.6-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 4:0.7.3-1 of the libav source package.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2381-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

January 06, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : squid3

Vulnerability : invalid memory deallocation

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4096

 

It was discovered that the IPv6 support code in Squid does not

properly handle certain DNS responses, resulting in deallocation of an

invalid pointer and a daemon crash.

 

The squid package and the version of squid3 shipped in lenny lack IPv6

support and are not affected by this issue.

 

For the stable distribution (squeeze), this problem has been fixed in

version 3.1.6-1.2+squeeze2.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem has been fixed in version 3.1.18-1.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2382-1 security@debian.org

http://www.debian.org/security/ Jonathan Wiltshire

January 07, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ecryptfs-utils

Vulnerability : multiple

Problem type : local

Debian-specific: no

CVE ID : CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835

CVE-2011-1837 CVE-2011-3145

 

Several problems have been discovered in ecryptfs-utils, a cryptographic

filesystem for Linux.

 

CVE-2011-1831

 

Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs

incorrectly validated permissions on the requested mountpoint. A local

attacker could use this flaw to mount to arbitrary locations, leading

to privilege escalation.

 

CVE-2011-1832

 

Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs

incorrectly validated permissions on the requested mountpoint. A local

attacker could use this flaw to unmount to arbitrary locations, leading

to a denial of service.

 

CVE-2011-1834

 

Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly

handled modifications to the mtab file when an error occurs. A local

attacker could use this flaw to corrupt the mtab file, and possibly

unmount arbitrary locations, leading to a denial of service.

 

CVE-2011-1835

 

Marc Deslauriers discovered that eCryptfs incorrectly handled keys when

setting up an encrypted private directory. A local attacker could use

this flaw to manipulate keys during creation of a new user.

 

CVE-2011-1837

 

Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled

lock counters. A local attacker could use this flaw to possibly overwrite

arbitrary files.

 

We acknowledge the work of the Ubuntu distribution in preparing patches

suitable for near-direct inclusion in the Debian package.

 

For the oldstable distribution (lenny), these problems have been fixed in

version 68-1+lenny1.

 

For the stable distribution (squeeze), these problems have been fixed in

version 83-4+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution (sid),

these problems have been fixed in version 95-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2383-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 08, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : super

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-2776

 

Robert Luberda discovered a buffer overflow in the syslog logging code of

Super, a tool to execute scripts (or other commands) as if they were root.

The default Debian configuration is not affected.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 3.30.0-2+lenny1. Due to a technical limitation in the Debian

archive scripts this update cannot be released synchronously with the

stable update. It will be available shortly.

 

For the stable distribution (squeeze), this problem has been fixed in

version 3.30.0-3+squeeze1.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2384-1 security@debian.org

http://www.debian.org/security/ Luk Claes

January 09, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : cacti

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545

CVE-2011-4824

 

Several vulnerabilities have been discovered in cacti, a graphing tool

for monitoring data. Multiple cross site scripting issues allow remote

attackers to inject arbitrary web script or HTML. An SQL injection

vulnerability allows remote attackers to execute arbitrary SQL commands.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.8.7b-2.1+lenny4.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.8.7g-1+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.8.7i-2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2385-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

January 10, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pdns

Vulnerability : packet loop

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0206

 

Ray Morris discovered that the PowerDNS authoritative sever responds

to response packets. An attacker who can spoof the source address of

IP packets can cause an endless packet loop between a PowerDNS

authoritative server and another DNS server, leading to a denial of

service.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2.9.21.2-1+lenny1.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.9.22-8+squeeze1.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2387-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

January 11, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : simplesamlphp

Vulnerability : insufficient input sanitation

Problem type : remote

Debian-specific: no

 

timtai1 discovered that simpleSAMLphp, an authentication and federation

platform, is vulnerable to a cross site scripting attack, allowing a

remote attacker to access sensitive client data.

 

The oldstable distribution (lenny) does not contain a simplesamlphp

package.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.6.3-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.8.2-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2386-1 security@debian.org

http://www.debian.org/security/

January 10, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openttd

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3341 CVE-2011-3342 CVE-2011-3343

 

Several vulnerabilities have been discovered in openttd, a transport

business simulation game. Multiple buffer overflows and off-by-one

errors allow remote attackers to cause denial of service.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.6.2-1+lenny4.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.0.4-4.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.1.4-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2388-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

January 14, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : t1lib

Vulnerability : several

Problem type : local

Debian-specific: no

CVE ID : CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552

CVE-2011-1553 CVE-2011-1554

Debian Bug : 652996

 

Several vulnerabilities were discovered in t1lib, a Postscript Type 1

font rasterizer library, some of which might lead to code execution

through the opening of files embedding bad fonts.

 

CVE-2010-2642

A heap-based buffer overflow in the AFM font metrics parser

potentially leads to the execution of arbitrary code.

 

CVE-2011-0433

Another heap-based buffer overflow in the AFM font metrics

parser potentially leads to the execution of arbitrary code.

 

CVE-2011-0764

An invalid pointer dereference allows execution of arbitrary

code using crafted Type 1 fonts.

 

CVE-2011-1552

Another invalid pointer dereference results in an application

crash, triggered by crafted Type 1 fonts.

 

CVE-2011-1553

A use-after-free vulnerability results in an application

crash, triggered by crafted Type 1 fonts.

 

CVE-2011-1554

An off-by-one error results in an invalid memory read and

application crash, triggered by crafted Type 1 fonts.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 5.1.2-3+lenny1.

 

For the stable distribution (squeeze), this problem has been fixed in

version 5.1.2-3+squeeze1.

 

For the testing distribution (wheezy), this problem has been fixed in

version 5.1.2-3.3.

 

For the unstable distribution (sid), this problem has been fixed in

version 5.1.2-3.3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2390-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

January 15, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4108 CVE-2011-4109 CVE-2011-4354

CVE-2011-4576 CVE-2011-4619

 

Several vulnerabilities were discovered in OpenSSL, an implementation

of TLS and related protocols. The Common Vulnerabilities and

Exposures project identifies the following vulnerabilities:

 

CVE-2011-4108

The DTLS implementation performs a MAC check only if certain

padding is valid, which makes it easier for remote attackers

to recover plaintext via a padding oracle attack.

 

CVE-2011-4109

A double free vulnerability when X509_V_FLAG_POLICY_CHECK is

enabled, allows remote attackers to cause applications crashes

and potentially allow execution of arbitrary code by

triggering failure of a policy check.

 

CVE-2011-4354

On 32-bit systems, the operations on NIST elliptic curves

P-256 and P-384 are not correctly implemented, potentially

leaking the private ECC key of a TLS server. (Regular

RSA-based keys are not affected by this vulnerability.)

 

CVE-2011-4576

The SSL 3.0 implementation does not properly initialize data

structures for block cipher padding, which might allow remote

attackers to obtain sensitive information by decrypting the

padding data sent by an SSL peer.

 

CVE-2011-4619

The Server Gated Cryptography (SGC) implementation in OpenSSL

does not properly handle handshake restarts, unnecessarily

simplifying CPU exhaustion attacks.

 

For the oldstable distribution (lenny), these problems have been fixed

in version 0.9.8g-15+lenny15.

 

For the stable distribution (squeeze), these problems have been fixed

in version 0.9.8o-4squeeze5.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), these problems have been fixed in version 1.0.0f-1.

Link to comment
Share on other sites

- ----------------------------------------------------------------------

Debian Security Advisory DSA-2389-1 security@debian.org

http://www.debian.org/security/ Dann Frazier

January 15, 2012 http://www.debian.org/security/faq

- ----------------------------------------------------------------------

 

Package : linux-2.6

Vulnerability : privilege escalation/denial of service/information leak

Problem type : local/remote

Debian-specific: no

CVE Id(s) : CVE-2011-2183 CVE-2011-2213 CVE-2011-2898 CVE-2011-3353

CVE-2011-4077 CVE-2011-4110 CVE-2011-4127 CVE-2011-4611

CVE-2011-4622 CVE-2011-4914

 

Several vulnerabilities have been discovered in the Linux kernel that may lead

to a denial of service or privilege escalation. The Common Vulnerabilities and

Exposures project identifies the following problems:

 

CVE-2011-2183

 

Andrea Righi reported an issue in KSM, a memory-saving de-duplication

feature. By exploiting a race with exiting tasks, local users can cause

a kernel oops, resulting in a denial of service.

 

CVE-2011-2213

 

Dan Rosenberg discovered an issue in the INET socket monitoring interface.

Local users could cause a denial of service by injecting code and causing

the kernel to execute an infinite loop.

 

CVE-2011-2898

 

Eric Dumazet reported an information leak in the raw packet socket

implementation.

 

CVE-2011-3353

 

Han-Wen Nienhuys reported a local denial of service issue issue in the FUSE

(Filesystem in Userspace) support in the linux kernel. Local users could

cause a buffer overflow, leading to a kernel oops and resulting in a denial

of service.

 

CVE-2011-4077

 

Carlos Maiolino reported an issue in the XFS filesystem. A local user

with the ability to mount a filesystem could corrupt memory resulting

in a denial of service or possibly gain elevated privileges.

 

CVE-2011-4110

 

David Howells reported an issue in the kernel's access key retention

system which allow local users to cause a kernel oops leading to a denial

of service.

 

CVE-2011-4127

 

Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough

support for SCSI devices. Users with permission to access restricted

portions of a device (e.g. a partition or a logical volume) can obtain

access to the entire device by way of the SG_IO ioctl. This could be

exploited by a local user or privileged VM guest to achieve a privilege

escalation.

 

CVE-2011-4611

 

Maynard Johnson reported an issue with the perf support on POWER7 systems

that allows local users to cause a denial of service.

 

CVE-2011-4622

 

Jan Kiszka reported an issue in the KVM PIT timer support. Local users

with the permission to use KVM can cause a denial of service by starting

a PIT timer without first setting up the irqchip.

 

CVE-2011-4914

 

Ben Hutchings reported various bounds checking issues within the ROSE

protocol support in the kernel. Remote users could possibly use this

to gain access to sensitive memory or cause a denial of service.

 

For the stable distribution (squeeze), this problem has been fixed in version

2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution

(lenny) will be available soon.

 

The following matrix lists additional source packages that were rebuilt for

compatibility with or to take advantage of this update:

 

Debian 6.0 (squeeze)

user-mode-linux 2.6.32-1um-4+39squeeze1

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2391-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

January 22, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : phpmyadmin

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-1940 CVE-2011-3181 CVE-2011-4107

Debian Bug : 656247

 

Several vulnerabilities have been discovered in phpMyAdmin, a tool

to administer MySQL over the web. The Common Vulnerabilities and

Exposures project identifies the following problems:

 

CVE-2011-4107

 

The XML import plugin allowed a remote attacker to read arbitrary

files via XML data containing external entity references.

 

CVE-2011-1940, CVE-2011-3181

 

Cross site scripting was possible in the table tracking feature,

allowing a remote attacker to inject arbitrary web script or HTML.

 

 

The oldstable distribution (lenny) is not affected by these problems.

 

For the stable distribution (squeeze), these problems have been fixed

in version 4:3.3.7-7.

 

For the testing distribution (wheezy) and unstable distribution (sid),

these problems have been fixed in version 4:3.4.7.1-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2392-1 security@debian.org

http://www.debian.org/security/

January 23, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : rails

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214

Debian Bug : 629067

 

It was discovered that the last security update for Ruby on Rails,

DSA-2301-1, introduced a regression in the libactionpack-ruby package.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2.1.0-7+lenny2.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.3.5-1.2+squeeze2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2392-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

January 23, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

Vulnerability : out-of-bounds read

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0050

 

Antonio Martin discovered a denial-of-service vulnerability in

OpenSSL, an implementation of TLS and related protocols. A malicious

client can cause the DTLS server implementation to crash. Regular,

TCP-based TLS is not affected by this issue.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 0.9.8g-15+lenny16.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.9.8o-4squeeze7.

 

For the testing distribution (wheezy) and the unstable distribution

(sid), this problem has been fixed in version 1.0.0g-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2393-1 security@debian.org

http://www.debian.org/security/ dann frazier

January 25, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bip

Vulnerability : buffer overflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0806

Debian Bug : 657217

 

Julien Tinnes reported a buffer overflow in the bip multiuser irc proxy

which may allow arbitrary code execution by remote users.

 

The oldstable distribution (lenny) is not affected by this problem.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.8.2-1squeeze4.

 

For the testing distribution (wheezy) and the unstable distribution (sid),

this problem will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2394-1 security@debian.org

http://www.debian.org/security/ Luciano Bello

January 27, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxml2

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905

CVE-2011-3919

Debian Bug : 652352 643648 656377

 

Many security problems had been fixed in libxml2, a popular library to handle

XML data files.

 

CVE-2011-3919:

Jüri Aedla discovered a heap-based buffer overflow that allows remote attackers

to cause a denial of service or possibly have unspecified other impact via

unknown vectors.

 

CVE-2011-0216:

An Off-by-one error have been discoveried that allows remote attackers to

execute arbitrary code or cause a denial of service.

 

CVE-2011-2821:

A memory corruption (double free) bug has been identified in libxml2's XPath

engine. Through it, it is possible to an attacker allows cause a denial of

service or possibly have unspecified other impact. This vulnerability does not

affect the oldstable distribution (lenny).

 

CVE-2011-2834:

Yang Dingning discovered a double free vulnerability related to XPath handling.

 

CVE-2011-3905:

An out-of-bounds read vulnerability had been discovered, which allows remote

attackers to cause a denial of service.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 2.6.32.dfsg-5+lenny5.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.7.8.dfsg-2+squeeze2.

 

For the testing distribution (wheezy), this problem has been fixed in

version 2.7.8.dfsg-7.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.7.8.dfsg-7.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2395-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 27, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wireshark

Vulnerability : buffer underflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3483 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066

CVE-2012-0067 CVE-2012-0068

 

Laurent Butti discovered a buffer underflow in the LANalyzer dissector

of the Wireshark network traffic analyzer, which could lead to the

execution of arbitrary code (CVE-2012-0068)

 

This update also addresses several bugs, which can lead to crashes of

Wireshark. These are not treated as security issues, but are fixed

nonetheless if security updates are scheduled: CVE-2011-3483,

CVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.

 

For the stable distribution (squeeze), this problem has been fixed in

version 1.2.11-6+squeeze6.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.6.5-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2396-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 27, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu-kvm

Vulnerability : buffer underflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0029

 

Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e

network interface card of KVM, a solution for full virtualization on

x86 hardware, which could result in denial of service or privilege

escalation.

 

This update also fixes a guest-triggerable memory corruption in

VNC handling.

 

For the stable distribution (squeeze), this problem has been fixed in

version 0.12.5+dfsg-5+squeeze8.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.0+dfsg-5.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2397-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 29, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icu

Vulnerability : buffer underflow

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-4599

 

It was discovered that a buffer overflow in the Unicode libraray ICU

could lead to the execution of arbitrary code.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 3.8.1-3+lenny3.

 

For the stable distribution (squeeze), this problem has been fixed in

version 4.4.1-8.

 

For the unstable distribution (sid), this problem has been fixed in

version 4.8.1.1-3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2398-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 30, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : curl

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3389 CVE-2012-0036

 

Several vulnerabilities have been discovered in Curl, an URL transfer

library. The Common Vulnerabilities and Exposures project identifies the

following problems:

 

CVE-2011-3389

 

This update enables OpenSSL workarounds against the "BEAST" attack.

Additional information can be found in the Curl advisory:

http://curl.haxx.se/docs/adv_20120124B.html

 

CVE-2012-0036

 

Dan Fandrich discovered that Curl performs insufficient sanitising

when extracting the file path part of an URL.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 7.18.2-8lenny6.

 

For the stable distribution (squeeze), this problem has been fixed in

version 7.21.0-2.1+squeeze1.

 

For the unstable distribution (sid), this problem has been fixed in

version 7.24.0-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2399-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

January 31, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885

CVE-2012-0057

 

Several vulnerabilities have been discovered in PHP, the web scripting

language. The Common Vulnerabilities and Exposures project identifies

the following issues:

 

CVE-2011-1938

 

The UNIX socket handling allowed attackers to trigger a buffer overflow

via a long path name.

 

CVE-2011-2483

 

The crypt_blowfish function did not properly handle 8-bit characters,

which made it easier for attackers to determine a cleartext password

by using knowledge of a password hash.

 

CVE-2011-4566

 

When used on 32 bit platforms, the exif extension could be used to

trigger an integer overflow in the exif_process_IFD_TAG function

when processing a JPEG file.

 

CVE-2011-4885

 

It was possible to trigger hash collisions predictably when parsing

form parameters, which allows remote attackers to cause a denial of

service by sending many crafted parameters.

 

CVE-2012-0057

 

When applying a crafted XSLT transform, an attacker could write files

to arbitrary places in the filesystem.

 

NOTE: the fix for CVE-2011-2483 required changing the behaviour of this

function: it is now incompatible with some old (wrongly) generated hashes

for passwords containing 8-bit characters. See the package NEWS entry

for details. This change has not been applied to the Lenny version of PHP.

 

 

For the oldstable distribution (lenny), these problems have been fixed

in version 5.2.6.dfsg.1-1+lenny14.

 

For the stable distribution (squeeze), these problems have been fixed

in version 5.3.3-7+squeeze5.

 

For the testing distribution (wheezy) and unstable distribution (sid),

these problems have been fixed in version 5.3.9-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2399-2 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

January 31, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885

CVE-2012-0057

 

A regression was found in the fix for PHP's XSLT transformations

(CVE-2012-0057). Updated packages are now available to address this

regression. For reference, the original advisory text follows.

 

Several vulnerabilities have been discovered in PHP, the web scripting

language. The Common Vulnerabilities and Exposures project identifies

the following issues:

 

CVE-2011-1938

 

The UNIX socket handling allowed attackers to trigger a buffer overflow

via a long path name.

 

CVE-2011-2483

 

The crypt_blowfish function did not properly handle 8-bit characters,

which made it easier for attackers to determine a cleartext password

by using knowledge of a password hash.

 

CVE-2011-4566

 

When used on 32 bit platforms, the exif extension could be used to

trigger an integer overflow in the exif_process_IFD_TAG function

when processing a JPEG file.

 

CVE-2011-4885

 

It was possible to trigger hash collisions predictably when parsing

form parameters, which allows remote attackers to cause a denial of

service by sending many crafted parameters.

 

CVE-2012-0057

 

When applying a crafted XSLT transform, an attacker could write files

to arbitrary places in the filesystem.

 

NOTE: the fix for CVE-2011-2483 required changing the behaviour of this

function: it is now incompatible with some old (wrongly) generated hashes

for passwords containing 8-bit characters. See the package NEWS entry

for details. This change has not been applied to the Lenny version of PHP.

 

NOTE: at the time of release packages for some architectures are still

being built. They will be installed into the archive as soon as they

arrive.

 

For the oldstable distribution (lenny), these problems have been fixed

in version 5.2.6.dfsg.1-1+lenny15.

 

For the stable distribution (squeeze), these problems have been fixed

in version 5.3.3-7+squeeze6.

 

For the testing distribution (wheezy) and unstable distribution (sid),

these problems have been fixed in version 5.3.9-1.

 

We recommend that you upgrade your php5 packages.

 

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2401-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 02, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat6

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190

CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063

CVE-2011-5064 CVE-2012-0022

 

Several vulnerabilities have been found in Tomcat, a servlet and JSP

engine:

 

CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064

 

The HTTP Digest Access Authentication implementation performed

insufficient countermeasures against replay attacks.

 

CVE-2011-2204

 

In rare setups passwords were written into a logfile.

 

CVE-2011-2526

 

Missing input sanisiting in the HTTP APR or HTTP NIO connectors

could lead to denial of service.

 

CVE-2011-3190

 

AJP requests could be spoofed in some setups.

 

CVE-2011-3375

 

Incorrect request caching could lead to information disclosure.

 

CVE-2011-4858 CVE-2012-0022

 

This update adds countermeasures against a collision denial of

service vulnerability in the Java hashtable implementation and

addresses denial of service potentials when processing large

amounts of requests.

 

Additional information can be

found at http://tomcat.apache.org/security-6.html

 

For the stable distribution (squeeze), this problem has been fixed in

version 6.0.35-1+squeeze2.

 

For the unstable distribution (sid), this problem has been fixed in

version 6.0.35-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2400-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 02, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449

 

Several vulnerabilities have been discovered in Iceweasel, a web browser

based on Firefox. The included XULRunner library provides rendering

services for several other applications included in Debian.

 

CVE-2011-3670

 

Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,

resulting in potential information disclosure.

 

CVE-2012-0442

 

Jesse Ruderman and Bob Clary discovered memory corruption bugs, which

may lead to the execution of arbitrary code.

 

CVE-2012-0444

 

"regenrecht" discovered that missing input sanisiting in the Ogg Vorbis

parser may lead to the execution of arbitrary code.

 

CVE-2012-0449

 

Nicolas Gregoire and Aki Helin discovered that missing input

sanisiting in XSLT processing may lead to the execution of arbitrary

code.

 

For the oldstable distribution (lenny), this problem has been fixed in

version 1.9.0.19-13 of the xulrunner source package.

 

For the stable distribution (squeeze), this problem has been fixed in

version 3.5.16-12.

 

For the unstable distribution (sid), this problem has been fixed in

version 10.0-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2402-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 02, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceape

Vulnerability : several

Problem type : remote

Debian-specific: no

CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449

 

Several vulnerabilities have been found in the Iceape internet suite, an

unbranded version of Seamonkey:

 

CVE-2011-3670

 

Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,

resulting in potential information disclosure.

 

CVE-2012-0442

 

Jesse Ruderman and Bob Clary discovered memory corruption bugs, which

may lead to the execution of arbitrary code.

 

CVE-2012-0444

 

"regenrecht" discovered that missing input sanisiting in the Ogg Vorbis

parser may lead to the execution of arbitrary code.

 

CVE-2012-0449

 

Nicolas Gregoire and Aki Helin discovered that missing input

sanisiting in XSLT processing may lead to the execution of arbitrary

code.

 

For the stable distribution (squeeze), this problem has been fixed in

version 2.0.11-10.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.0.14-10.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2403-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

February 02, 2012 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

Vulnerability : code injection

Problem type : remote

Debian-specific: no

CVE ID : CVE-2012-0830

 

Stefan Esser discovered that the implementation of the max_input_vars

configuration variable in a recent PHP security update was flawed such

that it allows remote attackers to crash PHP or potentially execute

code.

 

For the oldstable distribution (lenny), no fix is available at this time.

 

For the stable distribution (squeeze), this problem has been fixed in

version 5.3.3-7+squeeze7.

 

The testing distribution (wheezy) and unstable distribution (sid)

will be fixed soon.

Link to comment
Share on other sites

×
×
  • Create New...