sunrat Posted December 26, 2013 Share Posted December 26, 2013 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2827-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 24, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libcommons-fileupload-java Vulnerability : arbitrary file upload via deserialization Problem type : local (remote) Debian-specific: no CVE ID : CVE-2013-2186 Debian Bug : 726601 It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.2-1+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 1.2.2-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.3-2.1. For the unstable distribution (sid), this problem has been fixed in version 1.3-2.1. Link to comment Share on other sites More sharing options...
sunrat Posted December 28, 2013 Share Posted December 28, 2013 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2828-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 28, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal6 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-6385 CVE-2013-6386 Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: vulnerabilities due to optimistic cross-site request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation. In order to avoid the remote code execution vulnerability, it is recommended to create a .htaccess file (or an equivalent configuration directive in case you are not using Apache to serve your Drupal sites) in each of your sites' "files" directories (both public and private, in case you have both configured). Please refer to the NEWS file provided with this update and the upstream advisory at https://drupal.org/SA-CORE-2013-003 for further information. For the oldstable distribution (squeeze), these problems have been fixed in version 6.29-1. Link to comment Share on other sites More sharing options...
sunrat Posted December 29, 2013 Share Posted December 29, 2013 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2829-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 28, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : hplip Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427 Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled. For the oldstable distribution (squeeze), these problems have been fixed in version 3.10.6-2+squeeze2. For the stable distribution (wheezy), these problems have been fixed in version 3.12.6-3.1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 3.13.11-2. Link to comment Share on other sites More sharing options...
sunrat Posted December 30, 2013 Share Posted December 30, 2013 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2830-1 security@debian.org http://www.debian.org/security/ Florian Weiemr December 30, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-i18n Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE ID : CVE-2013-4492 Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package. The oldstable distribution (squeeze) is not affected by this problem; the libi18n-ruby package does not contain the vulnerable code. For the stable distribution (wheezy), this problem has been fixed in version 0.6.0-3+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 0.6.9-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 1, 2014 Share Posted January 1, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2831-1 security@debian.org http://www.debian.org/security/ Luciano Bello December 31, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : puppet Vulnerability : insecure temporary files Problem type : remote Debian-specific: no CVE ID : CVE-2013-4969 An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze9. For the stable distribution (wheezy), this problem has been fixed in version 2.7.23-1~deb7u2. For the testing distribution (jessie), this problem has been fixed in version 3.4.0-1. For the unstable distribution (sid), this problem has been fixed in version 3.4.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 2, 2014 Share Posted January 2, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2832-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : memcached Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-4971 CVE-2013-7239 Debian Bug : 706426 733643 Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-4971 Stefan Bucur reported that memcached could be caused to crash by sending a specially crafted packet. CVE-2013-7239 It was reported that SASL authentication could be bypassed due to a flaw related to the managment of the SASL authentication state. With a specially crafted request, a remote attacker may be able to authenticate with invalid SASL credentials. For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.5-1+deb6u1. Note that the patch for CVE-2013-7239 was not applied for the oldstable distribution as SASL support is not enabled in this version. This update also provides the fix for CVE-2013-0179 which was fixed for stable already. For the stable distribution (wheezy), these problems have been fixed in version 1.4.13-0.2+deb7u1. For the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2833-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 01, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2013-6449 CVE-2013-6450 Debian Bug : 732754 732710 Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm (which was unused anyway, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2 for further information) and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.1e-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2834-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : typo3-src Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-7073 CVE-2013-7074 CVE-2013-7075 CVE-2013-7076 CVE-2013-7078 CVE-2013-7079 CVE-2013-7080 CVE-2013-7081 Debian Bug : 731999 Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. For the oldstable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze9. For the stable distribution (wheezy), these problems have been fixed in version 4.5.19+dfsg1-5+wheezy2. For the testing distribution (jessie), these problems have been fixed in version 4.5.32+dfsg1-1. For the unstable distribution (sid), these problems have been fixed in version 4.5.32+dfsg1-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 6, 2014 Share Posted January 6, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2835-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 05, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : asterisk Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-7100 Debian Bug : 732355 Jan Juergens discovered a buffer overflow in the parser for SMS messages in Asterisk. An additional change was backported, which is fully described in http://downloads.asterisk.org/pub/security/AST-2013-007.html With the fix for AST-2013-007, a new configuration option was added in order to allow the system adminitrator to disable the expansion of "dangerous" functions (such as SHELL()) from any interface which is not the dialplan. In stable and oldstable this option is disabled by default. To enable it add the following line to the section '[options]' in /etc/asterisk/asterisk.conf (and restart asterisk) live_dangerously = no For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.6.2.9-2+squeeze12. For the stable distribution (wheezy), this problem has been fixed in version 1:1.8.13.1~dfsg1-3+deb7u3. For the testing distribution (jessie), this problem has been fixed in version 1:11.7.0~dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 1:11.7.0~dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2836-1 security@debian.org http://www.debian.org/security/ Raphael Geissert January 05, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : devscripts Vulnerability : arbitrary code execution Problem type : remote Debian-specific: no CVE ID : CVE-2013-6888 Several vulnerabilities have been discovered in uscan, a tool to scan upstream sits for new releases of packages, which is part of the devscripts package. An attacker controlling a website from which uscan would attempt to download a source tarball could execute arbitrary code with the privileges of the user running uscan. The Common Vulnerabilities and Exposures project id CVE-2013-6888 has been assigned to identify them. For the stable distribution (wheezy), these problems have been fixed in version 2.12.6+deb7u2. For the testing distribution (jessie) and the unstable distribution (sid), these problems have been fixed in version 2.13.9. Link to comment Share on other sites More sharing options...
sunrat Posted January 9, 2014 Share Posted January 9, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2837-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2013-4353 Anton Johannson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. The oldstable distribution (squeeze) is not affected. For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u3. For the unstable distribution (sid), this problem has been fixed in version 1.0.1f-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2838-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxfont Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE ID : CVE-2013-6462 It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code. For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.4.1-4. For the stable distribution (wheezy), this problem has been fixed in version 1:1.4.5-3. For the unstable distribution (sid), this problem has been fixed in version 1:1.4.7-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2839-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spice Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-4130 CVE-2013-4282 Debian Bug : 717030 728314 Multiple vulnerabilities have been found in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-4130 David Gibson of Red Hat discovered that SPICE incorrectly handled certain network errors. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. CVE-2013-4282 Tomas Jamrisko of Red Hat discovered that SPICE incorrectly handled long passwords in SPICE tickets. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. Applications acting as a SPICE server must be restarted for this update to take effect. For the stable distribution (wheezy), these problems have been fixed in version 0.11.0-1+deb7u1. For the testing distribution (jessie), these problems have been fixed in version 0.12.4-0nocelt2. For the unstable distribution (sid), these problems have been fixed in version 0.12.4-0nocelt2. Link to comment Share on other sites More sharing options...
sunrat Posted January 11, 2014 Share Posted January 11, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2840-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : srtp Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-2139 Debian Bug : 711163 Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. A remote attacker could exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.4~dfsg-6+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 1.4.4+20100615~dfsg-2+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.4.5~20130609~dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 1.4.5~20130609~dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 12, 2014 Share Posted January 12, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2841-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : movabletype-opensource Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE ID : CVE-2014-0977 Debian Bug : 734304 A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine. For the oldstable distribution (squeeze), this problem has been fixed in version 4.3.8+dfsg-0+squeeze4. For the stable distribution (wheezy), this problem has been fixed in version 5.1.4+dfsg-4+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 5.2.9+dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 14, 2014 Share Posted January 14, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2842-1 security@debian.org http://www.debian.org/security/ Markus Koschany January 13, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libspring-java Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-4152 Debian Bug : 720902 Alvaro Munoz discovered a XML External Entity (XXE) injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites. The Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. There are four possible source implementations passed to the unmarshaller: DOMSource StAXSource SAXSource StreamSource For a DOMSource, the XML has already been parsed by user code and that code is responsible for protecting against XXE. For a StAXSource, the XMLStreamReader has already been created by user code and that code is responsible for protecting against XXE. For SAXSource and StreamSource instances, Spring processed external entities by default thereby creating this vulnerability. The issue was resolved by disabling external entity processing by default and adding an option to enable it for those users that need to use this feature when processing XML from a trusted source. It was also identified that Spring MVC processed user provided XML with JAXB in combination with a StAX XMLInputFactory without disabling external entity resolution. External entity resolution has been disabled in this case. For the stable distribution (wheezy), this problem has been fixed in version 3.0.6.RELEASE-6+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 3.0.6.RELEASE-10. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2843-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 13, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : graphviz Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2014-0978 CVE-2014-1236 Debian Bug : 734745 Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-0978 It was discovered that user-supplied input used in the yyerror() function in lib/cgraph/scan.l is not bound-checked before beeing copied into an insufficiently sized memory buffer. A context-dependent attacker could supply a specially crafted input file containing a long line to cause a stack-based buffer overlow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code. CVE-2014-1236 Sebastian Krahmer reported an overflow condition in the chkNum() function in lib/cgraph/scan.l that is triggered as the used regular expression accepts an arbitrary long digit list. With a specially crafted input file, a context-dependent attacker can cause a stack-based buffer overflow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code. For the oldstable distribution (squeeze), these problems have been fixed in version 2.26.3-5+squeeze2. For the stable distribution (wheezy), these problems have been fixed in version 2.26.3-14+deb7u1. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted January 17, 2014 Share Posted January 17, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2844-1 security@debian.org http://www.debian.org/security/ Raphael Geissert January 15, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : djvulibre Vulnerability : arbitrary code execution Problem type : local (remote) Debian-specific: no CVE ID : CVE-2012-6535 It was discovered that djvulibre, the Open Source DjVu implementation project, can be crashed or possibly make it execute arbitrary code when processing a specially crafted djvu file. For the oldstable distribution (squeeze), this problem has been fixed in version 3.5.23-3+squeeze1. This problem has been fixed before the release of the stable distribution (wheezy), therefore it is not affected. Link to comment Share on other sites More sharing options...
sunrat Posted January 18, 2014 Share Posted January 18, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2845-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 17, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.1 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-5908 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0437 This DSA updates the MySQL 5.1 database to 5.1.73. This fixes multiple unspecified security problems in MySQL: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html For the oldstable distribution (squeeze), these problems have been fixed in version 5.1.73-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2831-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 17, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : puppet Vulnerability : regression Debian-specific: no Debian Bug : 734444 The fix for CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource. The oldstable distribution (squeeze) is not affected by this regression. For the stable distribution (wheezy), this problem has been fixed in version 2.7.23-1~deb7u3. For the testing distribution (jessie) and the unstable distribution (sid), this problem has been fixed in version 3.4.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2846-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 17, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvirt Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-6458 CVE-2014-1447 Multiple security issues have been found in Libvirt, a virtualisation abstraction library: CVE-2013-6458 It was discovered that insecure job usage could lead to denial of service against libvirtd. CVE-2014-1447 It was discovered that a race condition in keepalive handling could lead to denial of service against libvirtd. For the stable distribution (wheezy), these problems have been fixed in version 0.9.12.3-1. This bugfix point release also addresses some additional bugfixes. For the unstable distribution (sid), these problems have been fixed in version 1.2.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 21, 2014 Share Posted January 21, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2847-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2014-1475 CVE-2014-1476 Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-1475 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts. CVE-2014-1476 Matt Vance and Damien Tournoud reported an access bypass vulnerability in the taxonomy module. Under certain circumstances, unpublished content can appear on listing pages provided by the taxonomy module and will be visible to users who should not have permission to see it. These fixes require extra updates to the database which can be done from the administration pages. Furthermore this update introduces a new security hardening element for the form API. Please refer to the upstream advisory at https://drupal.org/SA-CORE-2014-001 for further information. For the stable distribution (wheezy), these problems have been fixed in version 7.14-2+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 7.26-1. For the unstable distribution (sid), these problems have been fixed in version 7.26-1. Link to comment Share on other sites More sharing options...
sunrat Posted January 25, 2014 Share Posted January 25, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2848-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 23, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-5891 CVE-2013-5908 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0420 CVE-2014-0437 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-34.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html For the stable distribution (wheezy), these problems have been fixed in version 5.5.35+dfsg-0+wheezy1. For the unstable distribution (sid), these problems have been fixed in version 5.5.35+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2826-2 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez January 23, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : denyhosts Vulnerability : regression Debian Bug : 734329 CVE ID : CVE-2013-6890 A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6-7+deb6u3. For the stable distribution (wheezy), this problem has been fixed in version 2.6-10+deb7u3. For the testing (jessie) and unstable (sid) distribution, the package denyhosts has been removed, and its users are encouraged to switch to an alternative like fail2ban. Link to comment Share on other sites More sharing options...
sunrat Posted February 1, 2014 Share Posted February 1, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2849-1 security@debian.org http://www.debian.org/security/ Florian Weimer January 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl Vulnerability : information disclosure Problem type : remote Debian-specific: no CVE ID : CVE-2014-0015 Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. For the oldstable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze7. For the stable distribution (wheezy), this problem has been fixed in version 7.26.0-1+wheezy8. For the unstable distribution (sid), this problem has been fixed in version 7.35.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2850-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml Vulnerability : heap-based buffer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2013-6393 Debian Bug : 737076 Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. For the oldstable distribution (squeeze), this problem has been fixed in version 0.1.3-1+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 0.1.4-2+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 0.1.4-3. Link to comment Share on other sites More sharing options...
sunrat Posted February 2, 2014 Share Posted February 2, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2851-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 02, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal6 Vulnerability : impersonation Problem type : remote Debian-specific: no CVE ID : CVE-2014-1475 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. These fixes require extra updates to the database which can be done from the administration pages. For the oldstable distribution (squeeze), this problem has been fixed in version 6.30-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 5, 2014 Share Posted February 5, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2853-1 security@debian.org http://www.debian.org/security/ Luciano Bello February 05, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : horde3 Vulnerability : Remote code execution Problem type : remote Debian-specific: no CVE ID : CVE-2014-1691 Debian Bug : 737149 Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-crafted one of those variables allowing her to load and execute code. For the oldstable distribution (squeeze), this problem has been fixed in version 3.3.8+debian0-3. In the testing (jessie) and unstable (sid) distributions, Horde is distributed in the php-horde-util package. This problem has been fixed in version 2.3.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 6, 2014 Share Posted February 6, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2854-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 05, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mumble Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2014-0044 CVE-2014-0045 Debian Bug : 737739 Several issues have been discovered in mumble, a low latency VoIP client. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-0044 It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malicious remote attacker could exploit this flaw to mount a denial of service attack against a mumble client by causing the application to crash. CVE-2014-0445 It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow. A malicious remote attacker could use this flaw to cause a client crash (denial of service) or potentially use it to execute arbitrary code. The oldstable distribution (squeeze) is not affected by these problems. For the stable distribution (wheezy), these problems have been fixed in version 1.2.3-349-g315b5f5-2.2+deb7u1. For the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2855-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 05, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libav Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2011-3944 CVE-2013-0845 CVE-2013-0846 CVE-2013-0849 CVE-2013-0865 CVE-2013-7010 CVE-2013-7014 CVE-2013-7015 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. The IDs mentioned above are just a portion of the security issues fixed in this update. A full list of the changes is available at http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10 For the stable distribution (wheezy), these problems have been fixed in version 6:0.8.9-1. For the unstable distribution (sid), these problems have been fixed in version 6:9.11-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 8, 2014 Share Posted February 8, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2852-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 06, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgadu Vulnerability : heap-based buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-6487 Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code. For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.9.0-2+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 1:1.11.2-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.11.3-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2856-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libcommons-fileupload-java Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2014-0050 It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition. For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.2-1+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 1.2.2-1+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.3.1-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 9, 2014 Share Posted February 9, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2857-1 security@debian.org http://www.debian.org/security/ Markus Koschany February 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libspring-java Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-6429 CVE-2013-6430 It was discovered by the Spring development team that the fix for the XML External Entity (XXE) Injection (CVE-2013-4152) in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. SourceHttpMessageConverter has been modified to provide an option to control the processing of XML external entities and that processing is now disabled by default. In addition Jon Passki discovered a possible XSS vulnerability: The JavascriptUtils.javascriptEscape() method did not escape all characters that are sensitive within either a JS single quoted string, JS double quoted string, or HTML script data context. In most cases this will result in an unexploitable parse error but in some cases it could result in an XSS vulnerability. For the stable distribution (wheezy), these problems have been fixed in version 3.0.6.RELEASE-6+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 3.0.6.RELEASE-11. For the unstable distribution (sid), these problems have been fixed in version 3.0.6.RELEASE-11. Link to comment Share on other sites More sharing options...
sunrat Posted February 11, 2014 Share Posted February 11, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2858-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel Vulnerability : several CVE ID : CVE-2014-1477 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or information disclosure. This update also addresses security issues in the bundled version of the NSS crypto library. This update updates Iceweasel to the ESR24 series of Firefox. For the stable distribution (wheezy), these problems have been fixed in version 24.3.0esr-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 24.3.0esr-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2859-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pidgin Vulnerability : several CVE ID : CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020 Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future. CVE-2013-6478 Pidgin could be crashed through overly wide tooltip windows. CVE-2013-6479 Jacob Appelbaum discovered that a malicious server or a "man in the middle" could send a malformed HTTP header resulting in denial of service. CVE-2013-6481 Daniel Atallah discovered that Pidgin could be crashed through malformed Yahoo! P2P messages. CVE-2013-6482 Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be crashed through malformed MSN messages. CVE-2013-6483 Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be crashed through malformed XMPP messages. CVE-2013-6484 It was discovered that incorrect error handling when reading the response from a STUN server could result in a crash. CVE-2013-6485 Matt Jones discovered a buffer overflow in the parsing of malformed HTTP responses. CVE-2013-6487 Yves Younan and Ryan Pentney discovered a buffer overflow when parsing Gadu-Gadu messages. CVE-2013-6489 Yves Younan and Pawel Janic discovered an integer overflow when parsing MXit emoticons. CVE-2013-6490 Yves Younan discovered a buffer overflow when parsing SIMPLE headers. CVE-2014-0020 Daniel Atallah discovered that Pidgin could be crashed via malformed IRC arguments. For the oldstable distribution (squeeze), no direct backport is provided. A fixed packages will be provided through backports.debian.org shortly For the stable distribution (wheezy), these problems have been fixed in version 2.10.9-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 2.10.9-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 12, 2014 Share Posted February 12, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2860-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : parcimonie Vulnerability : information disclosure CVE ID : CVE-2014-1921 Debian Bug : 738134 Holger Levsen discovered that parcimonie, a privacy-friendly helper to refresh a GnuPG keyring, is affected by a design problem that undermines the usefulness of this piece of software in the intended threat model. When using parcimonie with a large keyring (1000 public keys or more), it would always sleep exactly ten minutes between two key fetches. This can probably be used by an adversary who can watch enough key fetches to correlate multiple key fetches with each other, which is what parcimonie aims at protecting against. Smaller keyrings are affected to a smaller degree. This problem is slightly mitigated when using a HKP(s) pool as the configured GnuPG keyserver. For the stable distribution (wheezy), this problem has been fixed in version 0.7.1-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 0.8.1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2850-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml Vulnerability : regression Debian Bug : 738587 The security update released in DSA-2850-1 for libyaml introduced a regression in libyaml failing to parse a subset of valid yaml documents. For reference the original advisory text follows. Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. For the oldstable distribution (squeeze), this problem has been fixed in version 0.1.3-1+deb6u3. For the stable distribution (wheezy), this problem has been fixed in version 0.1.4-2+deb7u3. Link to comment Share on other sites More sharing options...
sunrat Posted February 17, 2014 Share Posted February 17, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2861-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file Vulnerability : denial of service CVE ID : CVE-2014-1943 Debian Bug : 738832 It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results. For the oldstable distribution (squeeze), this problem has been fixed in version 5.04-5+squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 5.11-2+deb7u1. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2862-1 security@debian.org http://www.debian.org/security/ Michael Gilbert February 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several CVE ID : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on feature. CVE-2013-6644 The chrome development team discovered and fixed multiple issues with potential security impact. CVE-2013-6645 Khalil Zhani discovered a use-after-free issue related to speech input. CVE-2013-6646 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2013-6649 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit SVG implementation. CVE-2013-6650 Christian Holler discovered a memory corruption in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 32.0.1700.123-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 32.0.1700.123-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 19, 2014 Share Posted February 19, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2863-1 security@debian.org http://www.debian.org/security/ Luciano Bello February 18, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtar Vulnerability : directory traversal CVE ID : CVE-2013-4420 Debian Bug : 731860 A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter. For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.11-6+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 1.2.16-1+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.2.20-2. Link to comment Share on other sites More sharing options...
sunrat Posted February 20, 2014 Share Posted February 20, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2864-1 security@debian.org http://www.debian.org/security/ Christoph Berg February 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-8.4 Vulnerability : several CVE ID : CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) * Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) * Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) * Prevent buffer overrun with long datetime strings (Noah Misch) The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) * Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) * Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) * Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., "FIPS mode"). (CVE-2014-0066) * Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane) Since the temporary server started by make check uses "trust" authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine. (CVE-2014-0067) For the oldstable distribution (squeeze), these problems have been fixed in version 8.4.20-0squeeze1. For the unstable distribution (sid), these problems have been fixed in version 9.3.3-1 of the postgresql-9.3 package. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2865-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.1 Vulnerability : several CVE ID : CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) * Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) * Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) * Prevent buffer overrun with long datetime strings (Noah Misch) The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) * Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) * Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) * Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., "FIPS mode"). (CVE-2014-0066) * Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane) Since the temporary server started by make check uses "trust" authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine. (CVE-2014-0067) For the stable distribution (wheezy), these problems have been fixed in version 9.1_9.1.12-0wheezy1. For the unstable distribution (sid), these problems have been fixed in version 9.3.3-1 of the postgresql-9.3 package. Link to comment Share on other sites More sharing options...
Guest LilBambi Posted February 20, 2014 Share Posted February 20, 2014 Thanks as always! Link to comment Share on other sites More sharing options...
sunrat Posted February 23, 2014 Share Posted February 23, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2866-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnutls26 Vulnerability : certificate verification flaw CVE ID : CVE-2014-1959 Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default. The oldstable distribution (squeeze) is not affected by this problem as X.509 version 1 trusted CA certificates are not allowed by default. For the stable distribution (wheezy), this problem has been fixed in version 2.12.20-8. For the testing distribution (jessie) and the unstable distribution (sid), this problem has been fixed in version 2.12.23-12. Link to comment Share on other sites More sharing options...
sunrat Posted February 23, 2014 Share Posted February 23, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2867-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 23, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : otrs2 Vulnerability : several CVE ID : CVE-2014-1471 CVE-2014-1694 Several vulnerabilities were discovered in otrs2, the Open Ticket Request System. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-1471 Norihiro Tanaka reported missing challenge token checks. An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to these missing checks. CVE-2014-1694 Karsten Nielsen from Vasgard GmbH discovered that an attacker with a valid customer or agent login could inject SQL code through the ticket search URL. For the oldstable distribution (squeeze), these problems have been fixed in version 2.4.9+dfsg1-3+squeeze5. For the stable distribution (wheezy), these problems have been fixed in version 3.1.7+dfsg1-8+deb7u4. For the testing distribution (jessie) and the unstable distribution (sid), these problems have been fixed in version 3.3.4-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 3, 2014 Share Posted March 3, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2868-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 02, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Vulnerability : denial of service CVE ID : CVE-2014-1943 Debian Bug : 739012 It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results. This update corrects this flaw in the copy that is embedded in the php5 package. For the oldstable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze19. For the stable distribution (wheezy), this problem has been fixed in version 5.4.4-14+deb7u8. For the testing distribution (jessie) and the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
Recommended Posts