sunrat Posted March 4, 2014 Share Posted March 4, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2869-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 03, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnutls26 Vulnerability : incorrect certificate verification CVE ID : CVE-2014-0092 Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported sucessfully even in cases were an error would prevent all verification steps to be performed. An attacker doing a man-in-the-middle of a TLS connection could use this vulnerability to present a carefully crafted certificate that would be accepted by GnuTLS as valid even if not signed by one of the trusted authorities. For the oldstable distribution (squeeze), this problem has been fixed in version 2.8.6-1+squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 2.12.23-13. For the unstable distribution (sid), this problem has been fixed in version 2.12.23-13. Link to comment Share on other sites More sharing options...
sunrat Posted March 8, 2014 Share Posted March 8, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2870-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml-libyaml-perl Vulnerability : heap-based buffer overflow CVE ID : CVE-2013-6393 Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. This update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package. For the oldstable distribution (squeeze), this problem has been fixed in version 0.33-1+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 0.38-3+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 0.41-4. For the unstable distribution (sid), this problem has been fixed in version 0.41-4. Link to comment Share on other sites More sharing options...
sunrat Posted March 11, 2014 Share Posted March 11, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2871-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2014-2281 CVE-2014-2283 CVE-2014-2299 Multiple vulnerabilities were discovered in Wireshark: CVE-2014-2281 Moshe Kaplan discovered that the NFS dissector could be crashed, resulting in denial of service. CVE-2014-2283 It was discovered that the RLC dissector could be crashed, resulting in denial of service. CVE-2014-2299 Wesley Neelen discovered a buffer overflow in the MPEG file parser, which could lead to the execution of arbitrary code. For the oldstable distribution (squeeze), these problems have been fixed in version 1.2.11-6+squeeze14. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy10. For the unstable distribution (sid), these problems have been fixed in version 1.10.6-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2872-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : udisks CVE ID : CVE-2014-0004 Florian Weimer discovered a buffer overflow in udisks's mount path parsing code which may result in privilege escalation. For the oldstable distribution (squeeze), this problem has been fixed in version 1.0.1+git20100614-3squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1.0.4-7wheezy1. For the unstable distribution (sid), this problem has been fixed in version 1.0.5-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 12, 2014 Share Posted March 12, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2873-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file Vulnerability : several CVE ID : CVE-2014-2270 Debian Bug : 703993 Several vulnerabilities have been found in file, a file type classification tool. Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. When processing a defective or intentionally prepared PE executable which contains invalid offset information, the file_strncmp routine will access memory that is out of bounds, causing file to crash. The Common Vulnerabilities and Exposures project ID CVE-2014-2270 has been assigned to identify this flaw. Mike Frysinger reported that file's rule for detecting AWK scripts significantly slows down file. The regular expression to detect AWK files contained two star operators, which could be exploited to cause excessive backtracking in the regex engine. For the oldstable distribution (squeeze), these problems have been fixed in version 5.04-5+squeeze4. For the stable distribution (wheezy), these problems have been fixed in version 5.11-2+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 1:5.17-1. For the unstable distribution (sid), these problems have been fixed in version 1:5.17-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 13, 2014 Share Posted March 13, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2874-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mutt CVE ID : CVE-2014-0467 Debian Bug : 708731 Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (squeeze), this problem has been fixed in version 1.5.20-9+squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 1.5.21-6.2+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.5.22-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2875-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups-filters CVE ID : CVE-2013-6474 CVE-2013-6475 CVE-2013-6476 Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed. For the stable distribution (wheezy), these problems have been fixed in version 1.0.18-2.1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.47-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2876-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups CVE ID : CVE-2013-6474 CVE-2013-6475 CVE-2013-6476 Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed. For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.4-7+squeeze4. For the stable distribution (wheezy) and the unstable distribution (sid) the filter is now part of the cups-filters source package. Link to comment Share on other sites More sharing options...
sunrat Posted March 13, 2014 Share Posted March 13, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 security@debian.org http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lighttpd CVE ID : CVE-2014-2323 CVE-2014-2324 Debian Bug : 741493 Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module (mod_mysql_vhost). This only affects installations with the lighttpd-mod-mysql-vhost binary package installed and in use. CVE-2014-2324 Jann Horn discovered that specially crafted host names can be used to traverse outside of the document root under certain situations in lighttpd servers using either the mod_mysql_vhost, mod_evhost, or mod_simple_vhost virtual hosting modules. Servers not using these modules are not affected. For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.28-2+squeeze1.6. For the stable distribution (wheezy), these problems have been fixed in version 1.4.31-4+deb7u3. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.4.33-1+nmu3. Link to comment Share on other sites More sharing options...
sunrat Posted March 14, 2014 Share Posted March 14, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2878-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 13, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : virtualbox CVE ID : CVE-2013-5892 CVE-2014-0404 CVE-2014-0406 CVE-2014-0407 Debian Bug : 735410 Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86 virtualisation solution, resulting in denial of service, privilege escalation and an information leak. For the oldstable distribution (squeeze), these problems have been fixed in version 3.2.10-dfsg-1+squeeze2 of the virtualbox-ose source package. For the stable distribution (wheezy), these problems have been fixed in version 4.1.18-dfsg-2+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 4.3.6-dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.3.6-dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2879-1 security@debian.org http://www.debian.org/security/ Raphael Geissert March 13, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libssh CVE ID : CVE-2014-0017 It was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly the recovery of the private key. For the oldstable distribution (squeeze), this problem has been fixed in version 0.4.5-3+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 0.5.4-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 0.5.4-3. For the unstable distribution (sid), this problem has been fixed in version 0.5.4-3. Link to comment Share on other sites More sharing options...
sunrat Posted March 18, 2014 Share Posted March 18, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2880-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 17, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python2.7 CVE ID : CVE-2013-4238 CVE-2014-1912 Multiple security issues were discovered in Python: CVE-2013-4238 Ryan Sleevi that NULL charactors in the subject alternate names of SSL cerficates were parsed incorrectly. CVE-2014-1912 Ryan Smith-Roberts discovered a buffer overflow in the socket.recvfrom_into() function. For the stable distribution (wheezy), these problems have been fixed in version 2.7.3-6+deb7u2. For the unstable distribution (sid), these problems have been fixed in version 2.7.6-7. Link to comment Share on other sites More sharing options...
sunrat Posted March 20, 2014 Share Posted March 20, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2881-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 19, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure, denial of service. For the stable distribution (wheezy), these problems have been fixed in version 24.4.0esr-1~deb7u2. For the unstable distribution (sid), these problems have been fixed in version 24.4.0esr-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2859-2 security@debian.org http://www.debian.org/security/ Raphael Geissert March 19, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pidgin CVE ID : CVE-2013-6485 CVE-2013-6490 Multiple vulnerabilities have been discovered in pidgin, a multi-protocol instant messaging client. In addition to fixing the vulnerabilities, this revision specific to the oldstable distribution (squeeze), reduces the supported protocols to: IRC, Jabber/XMPP, Sametime, and SIMPLE. Users of other protocols are encouraged to either upgrade to the stable distribution (wheezy) or to use the version in backports. It must be noted, however, that the latter is not supported by the Security Team. For reference, the original description of the vulnerabilities from DSA-2859-1 is quoted below: CVE-2013-6485 Matt Jones discovered a buffer overflow in the parsing of malformed HTTP responses. CVE-2013-6490 Yves Younan discovered a buffer overflow when parsing SIMPLE headers. For the oldstable distribution (squeeze), these problems have been fixed in version 2.7.3-1+squeeze4. Link to comment Share on other sites More sharing options...
sunrat Posted March 20, 2014 Share Posted March 20, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2882-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano March 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : extplorer CVE ID : CVE-2013-5951 Debian Bug : 741908 Multiple cross-site scripting (XSS) vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attackers can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copy_move.php, functions.php, header.php and upload.php. For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.0b6+dfsg.2-1+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 2.1.0b6+dfsg.3-4+deb7u1. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted March 24, 2014 Share Posted March 24, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2883-1 security@debian.org http://www.debian.org/security/ Michael Gilbert March 23, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660 CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665 CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser. CVE-2013-6654 TheShow3511 discovered an issue in SVG handling. CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling. CVE-2013-6656 NeexEmil discovered an information leak in the XSS auditor. CVE-2013-6657 NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor. CVE-2013-6658 cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function. CVE-2013-6659 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation. CVE-2013-6660 bishopjeffreys discovered an information leak in the drag and drop implementation. CVE-2013-6661 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117. CVE-2013-6663 Atte Kettunen discovered a use-after-free issue in SVG handling. CVE-2013-6664 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2013-6665 cloudfuzzer discovered a buffer overflow issue in the software renderer. CVE-2013-6666 netfuzzer discovered a restriction bypass in the Pepper Flash plugin. CVE-2013-6667 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146. CVE-2013-6668 Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 javascript library. CVE-2014-1700 Chamal de Silva discovered a use-after-free issue in speech synthesis. CVE-2014-1701 aidanhs discovered a cross-site scripting issue in event handling. CVE-2014-1702 Colin Payne discovered a use-after-free issue in the web database implementation. CVE-2014-1703 VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape. CVE-2014-1704 Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 javascript library. CVE-2014-1705 A memory corruption issue was discovered in the V8 javascript library. CVE-2014-1713 A use-after-free issue was discovered in the AttributeSetter function. CVE-2014-1715 A directory traversal issue was found and fixed. For the stable distribution (wheezy), these problems have been fixed in version 33.0.1750.152-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 33.0.1750.152-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 25, 2014 Share Posted March 25, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2873-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file Debian Bug : 742262 742265 It was discovered that the recent file update, DSA-2873-1, introduced a regression in the recognition of Perl scripts containing BEGIN code blocks. For the oldstable distribution (squeeze), this problem has been fixed in version 5.04-5+squeeze5. For the stable distribution (wheezy), this problem has been fixed in version 5.11-2+deb7u3. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted March 27, 2014 Share Posted March 27, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2884-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 26, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml CVE ID : CVE-2014-2525 Debian Bug : 742732 Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. For the oldstable distribution (squeeze), this problem has been fixed in version 0.1.3-1+deb6u4. For the stable distribution (wheezy), this problem has been fixed in version 0.1.4-2+deb7u4. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2885-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 26, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml-libyaml-perl CVE ID : CVE-2014-2525 Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. This update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package. For the oldstable distribution (squeeze), this problem has been fixed in version 0.33-1+squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 0.38-3+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 0.41-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2886-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 26, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxalan2-java CVE ID : CVE-2014-0107 Debian Bug : 742577 Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution. For the oldstable distribution (squeeze), this problem has been fixed in version 2.7.1-5+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 2.7.1-7+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 2.7.1-9. Link to comment Share on other sites More sharing options...
sunrat Posted March 28, 2014 Share Posted March 28, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2887-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-actionmailer-3.2 CVE ID : CVE-2013-4389 Aaron Neyer discovered that missing input sanitising in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message. For the stable distribution (wheezy), this problem has been fixed in version 3.2.6-2+deb7u1.ruby-activesupport-3.2 was updated in a related change to version 3.2.6-6+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 3.2.16-3+0 of the rails-3.2 source package. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2888-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-actionpack-3.2 CVE ID : CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack. For the stable distribution (wheezy), these problems have been fixed in version 3.2.6-6+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 3.2.16-3+0 of the rails-3.2 source package. Link to comment Share on other sites More sharing options...
sunrat Posted March 29, 2014 Share Posted March 29, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2889-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst March 28, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postfixadmin CVE ID : CVE-2014-2655 An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database. The oldstable distribution (squeeze) does not contain postfixadmin. For the stable distribution (wheezy), this problem has been fixed in version 2.3.5-2+deb7u1. For the testing distribution (jessie), and unstable distribution (sid), this problem has been fixed in version 2.3.5-3. Link to comment Share on other sites More sharing options...
sunrat Posted March 30, 2014 Share Posted March 30, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2890-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 29, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libspring-java CVE ID : CVE-2014-0054 CVE-2014-1904 Debian Bug : 741604 Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework. CVE-2014-0054 Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities. CVE-2014-1904 Spring MVC introduces a cross-site scripting vulnerability if the action on a Spring form is not specified. For the stable distribution (wheezy), these problems have been fixed in version 3.0.6.RELEASE-6+deb7u3. For the testing distribution (jessie) and the unstable distribution (sid), these problems have been fixed in version 3.0.6.RELEASE-13. Link to comment Share on other sites More sharing options...
sunrat Posted March 31, 2014 Share Posted March 31, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2891-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst March 30, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki, mediawiki-extensions CVE ID : CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472 CVE-2014-1610 Debian Bug : 729629 706601 742857 742857 Several vulnerabilities were discovered in MediaWiki, a wiki engine. The Common Vulnerabilities and Exposures project describers the followin issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file. CVE-2013-4567 & CVE-2013-4568 Kevin Israel (Wikipedia user PleaseStand) reported two ways to inject Javascript due to an incomplete blacklist in the CSS sanitizer function. CVE-2013-4572 MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users. CVE-2013-6452 Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include Javascript. CVE-2013-6453 MediaWiki's SVG sanitization could be bypassed when the XML was considered invalid. CVE-2013-6454 MediaWiki's CSS sanitization did not filter -o-link attributes, which could be used to execute Javascript in Opera 12. CVE-2013-6472 MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists. CVE-2014-1610 A remote code execution vulnerability existed if file upload support for DjVu (natively handled) or PDF files (in combination with the PdfHandler extension) was enabled. Neither file type is enabled by default in MediaWiki. (ID assignment pending) Cross site request forgery in login form: an attacker could login a victim as the attacker. For the stable distribution (wheezy), these problems have been fixed in version 1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1 of the mediawiki-extensions package. For the unstable distribution (sid), these problems have been fixed in version 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the mediawiki-extensions package. Link to comment Share on other sites More sharing options...
sunrat Posted April 1, 2014 Share Posted April 1, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2891-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst March 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki, mediawiki-extensions CVE ID : CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472 CVE-2014-1610 Debian Bug : 729629 706601 742857 742857 In the Mediawiki update issued as DSA 2891-1, a few files were missing from the package. This update corrects that problem. For reference, the original advisory text follows. Several vulnerabilities were discovered in MediaWiki, a wiki engine. The Common Vulnerabilities and Exposures project describers the followin issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file. CVE-2013-4567 & CVE-2013-4568 Kevin Israel (Wikipedia user PleaseStand) reported two ways to inject Javascript due to an incomplete blacklist in the CSS sanitizer function. CVE-2013-4572 MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users. CVE-2013-6452 Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include Javascript. CVE-2013-6453 MediaWiki's SVG sanitization could be bypassed when the XML was considered invalid. CVE-2013-6454 MediaWiki's CSS sanitization did not filter -o-link attributes, which could be used to execute Javascript in Opera 12. CVE-2013-6472 MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists. CVE-2014-1610 A remote code execution vulnerability existed if file upload support for DjVu (natively handled) or PDF files (in combination with the PdfHandler extension) was enabled. Neither file type is enabled by default in MediaWiki. (ID assignment pending) Cross site request forgery in login form: an attacker could login a victim as the attacker. For the stable distribution (wheezy), these problems have been fixed in version 1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1 of the mediawiki-extensions package. For the unstable distribution (sid), these problems have been fixed in version 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the mediawiki-extensions package. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2892-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : a2ps CVE ID : CVE-2001-1593 CVE-2014-0466 Debian Bug : 737385 742902 Several vulnerabilities have been found in a2ps, an 'Anything to PostScript' converter and pretty-printer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2001-1593 The spy_user function which is called when a2ps is invoked with the --debug flag insecurely used temporary files. CVE-2014-0466 Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges of the user running fixps. For the oldstable distribution (squeeze), these problems have been fixed in version 1:4.14-1.1+deb6u1. For the stable distribution (wheezy), these problems have been fixed in version 1:4.14-1.1+deb7u1. For the testing distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2893-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openswan CVE ID : CVE-2013-2053 CVE-2013-6466 Two vulnerabilities were fixed in Openswan, an IKE/IPsec implementation for Linux. CVE-2013-2053 During an audit of Libreswan (with which Openswan shares some code), Florian Weimer found a remote buffer overflow in the atodn() function. This vulnerability can be triggered when Opportunistic Encryption (OE) is enabled and an attacker controls the PTR record of a peer IP address. Authentication is not needed to trigger the vulnerability. CVE-2013-6466 Iustina Melinte found a vulnerability in Libreswan which also applies to the Openswan code. By carefuly crafting IKEv2 packets, an attacker can make the pluto daemon derefeences non-received IKEv2 payload, leading to the daemon crash. Authentication is not needed to trigger the vulnerability. Patches were originally written to fix the vulnerabilities in Libreswan, and have been ported to Openswan by Paul Wouters from the Libreswan Project. Since the Openswan package is not maintained anymore in the Debian distribution and is not available in testing and unstable suites, it is recommended for IKE/IPsec users to switch to a supported implementation like strongSwan. For the oldstable distribution (squeeze), these problems have been fixed in version 2.6.28+dfsg-5+squeeze2. For the stable distribution (wheezy), these problems have been fixed in version 2.6.37-3.1. Link to comment Share on other sites More sharing options...
sunrat Posted April 5, 2014 Share Posted April 5, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2891-3 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst March 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki, mediawiki-extensions CVE ID : CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572 CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472 CVE-2014-1610 CVE-2014-2665 Debian Bug : 729629 706601 742857 742857 The Mediawiki update issued as DSA 2891-1 caused regressions. This update fixes those problems. For reference the original advisory text follows. Several vulnerabilities were discovered in MediaWiki, a wiki engine. The Common Vulnerabilities and Exposures project describers the followin issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file. CVE-2013-4567 & CVE-2013-4568 Kevin Israel (Wikipedia user PleaseStand) reported two ways to inject Javascript due to an incomplete blacklist in the CSS sanitizer function. CVE-2013-4572 MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users. CVE-2013-6452 Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include Javascript. CVE-2013-6453 MediaWiki's SVG sanitization could be bypassed when the XML was considered invalid. CVE-2013-6454 MediaWiki's CSS sanitization did not filter -o-link attributes, which could be used to execute Javascript in Opera 12. CVE-2013-6472 MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists. CVE-2014-1610 A remote code execution vulnerability existed if file upload support for DjVu (natively handled) or PDF files (in combination with the PdfHandler extension) was enabled. Neither file type is enabled by default in MediaWiki. CVE-2014-2665 Cross site request forgery in login form: an attacker could login a victim as the attacker. For the stable distribution (wheezy), these problems have been fixed in version 1.19.15+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u2 of the mediawiki-extensions package. For the unstable distribution (sid), these problems have been fixed in version 1:1.19.15+dfsg-1 of the mediawiki package and 3.5 of the mediawiki-extensions package. Link to comment Share on other sites More sharing options...
sunrat Posted April 6, 2014 Share Posted April 6, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2894-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 05, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssh CVE ID : CVE-2014-2532 CVE-2014-2653 Debian Bug : 742513 Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-2532 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to trick OpenSSH into accepting any environment variable that contains the characters before the wildcard character. CVE-2014-2653 Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate. Note that a host verification prompt is still displayed before connecting. For the oldstable distribution (squeeze), these problems have been fixed in version 1:5.5p1-6+squeeze5. For the stable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 1:6.6p1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2895-1 security@debian.org http://www.debian.org/security/ Luciano Bello April 06, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : prosody A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-com- pressed XML elements (attack known as "zip bomb") over XMPP streams and consume all the resources of the server. The SAX XML parser lua-expat is also affected by this issues. For the stable distribution (wheezy), this problem has been fixed in version 0.8.2-4+deb7u1 of prosody. For the unstable distribution (sid), this problem has been fixed in version 0.9.4-1 of prosody. For the stable distribution (wheezy), this problem has been fixed in version 1.2.0-5+deb7u1 of lua-expat. For the unstable distribution (sid), this problem has been fixed in version 1.3.0-1 lua-expat. Link to comment Share on other sites More sharing options...
sunrat Posted April 8, 2014 Share Posted April 8, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2896-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2014-0160 Debian Bug : 743883 A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory. All users are urged to upgrade their openssl packages (especially libssl1.0.0) and restart applications as soon as possible. According to the currently available information, private keys should be considered as compromised and regenerated as soon as possible. More details will be communicated at a later time. The oldstable distribution (squeeze) is not affected by this vulnerability. For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u5. For the testing distribution (jessie), this problem has been fixed in version 1.0.1g-1. For the unstable distribution (sid), this problem has been fixed in version 1.0.1g-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 9, 2014 Share Posted April 9, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2896-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2014-0160 This revision to the recent OpenSSL update, DSA-2896-1, checks for some services that may use OpenSSL in a way that they expose the vulnerability. Such services are proposed to be restarted during the upgrade to help in the actual deployment of the fix. The list of services that are checked is not comprehensive. For a more detailed check, it is recommended to use the checkrestart tool from the debian-goodies package. Note that client applications also need to be restarted. In case of doubt a full system restart is recommended. For reference, the original advisory text follows. A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker. This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory. All users are urged to upgrade their openssl packages (especially libssl1.0.0) and restart applications as soon as possible. According to the currently available information, private keys should be considered as compromised and regenerated as soon as possible. More details will be communicated at a later time. The oldstable distribution (squeeze) is not affected by this vulnerability. For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u6. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2897-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 CVE ID : CVE-2013-2067 CVE-2013-2071 CVE-2013-4286 CVE-2013-4322 CVE-2014-0050 Multiple security issues were found in the Tomcat servlet and JSP engine: CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials. CVE-2013-2071 A runtime exception in AsyncListener.onComplete() prevents the request from being recycled. This may expose elements of a previous request to a current request. CVE-2013-4286 Reject requests with multiple content-length headers or with a content-length header when chunked encoding is being used. CVE-2013-4322 When processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited denial of service. by streaming an unlimited amount of data to the server. CVE-2014-0050 Multipart requests with a malformed Content-Type header could trigger an infinite loop causing a denial of service. For the stable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u1. For the testing distribution (jessie), these problems have been fixed in version 7.0.52-1. For the unstable distribution (sid), these problems have been fixed in version 7.0.52-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 10, 2014 Share Posted April 10, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2897-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 09, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2014-1947 CVE-2014-1958 CVE-2014-2030 Several buffer overflows were found in Imagemagick, a suite of image manipulation programs. Processing malformed PSD files could lead to the execution of arbitrary code. For the oldstable distribution (squeeze), these problems have been fixed in version 8:6.6.0.4-3+squeeze4. For the stable distribution (wheezy), these problems have been fixed in version 8:6.7.7.10-5+deb7u3. For the testing distribution (jessie), these problems have been fixed in version 8:6.7.7.10+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 8:6.7.7.10+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2899-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst April 09, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openafs CVE ID : CVE-2014-0159 Michael Meffie discovered that in OpenAFS, a distributed filesystem, an attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the fileserver, and potentially permitting the execution of arbitrary code. In addition, this update addresses a minor denial of service issue: the listerer thread of the server will hang for about one second when receiving an invalid packet, giving the opportunity to slow down the server to an unusable state by sending such packets. For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.12.1+dfsg-4+squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 1.6.1-3+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.6.7-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 11, 2014 Share Posted April 11, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2900-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jbigkit CVE ID : CVE-2013-6369 Florian Weimer of the Red Hat product security team discovered multiple buffer overflows in jbigkit, which could lead to the execution of arbitrary code when processing malformed images. For the stable distribution (wheezy), this problem has been fixed in version 2.0-2+deb7u1. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted April 13, 2014 Share Posted April 13, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2901-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2014-0165 CVE-2014-0166 Debian Bug : 744018 Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0165 A user with a contributor role, using a specially crafted request, can publish posts, which is reserved for users of the next-higher role. CVE-2014-0166 Jon Cave of the WordPress security team discovered that the wp_validate_auth_cookie function in wp-includes/pluggable.php does not properly determine the validity of authentication cookies, allowing a remote attacker to obtain access via a forged cookie. For the oldstable distribution (squeeze), these problems have been fixed in version 3.6.1+dfsg-1~deb6u2. For the stable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u2. For the testing distribution (jessie), these problems have been fixed in version 3.8.2+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 3.8.2+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2902-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 13, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2014-0138 CVE-2014-0139 Debian Bug : 742728 Two vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0138 Steve Holme discovered that libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP. CVE-2014-0139 Richard Moore from Westpoint Ltd. reported that libcurl does not behave compliant to RFC 2828 under certain conditions and incorrectly validates wildcard SSL certificates containing literal IP addresses. For the oldstable distribution (squeeze), these problems have been fixed in version 7.21.0-2.1+squeeze8. For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy9. For the testing distribution (jessie), these problems have been fixed in version 7.36.0-1. For the unstable distribution (sid), these problems have been fixed in version 7.36.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 15, 2014 Share Posted April 15, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2903-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez April 14, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : strongswan CVE ID : CVE-2014-2338 An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association (IKE_SA) handled some state transitions incorrectly. An attacker can trigger the vulnerability by rekeying an unestablished IKE_SA during the initiation itself. This will trick the IKE_SA state to 'established' without the need to provide any valid credential. Vulnerable setups include those actively initiating IKEv2 IKE_SA (like ”clients” or “roadwarriors”) but also during re-authentication (which can be initiated by the responder). Installations using IKEv1 (pluto daemon in strongSwan 4 and earlier, and IKEv1 code in charon 5.x) is not affected. For the oldstable distribution (squeeze), this problem has been fixed in version 4.4.1-5.5. For the stable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u3. For the unstable distribution (sid), this problem has been fixed in version 5.1.2-4. Link to comment Share on other sites More sharing options...
sunrat Posted April 16, 2014 Share Posted April 16, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2904-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 15, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : virtualbox CVE ID : CVE-2014-0981 CVE-2014-0983 Francisco Falcon discovered that missing input sanisiting in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system. For the oldstable distribution (squeeze), these problems have been fixed in version 3.2.10-dfsg-1+squeeze3. For the stable distribution (wheezy), these problems have been fixed in version 4.1.18-dfsg-2+deb7u3. For the testing distribution (jessie), these problems have been fixed in version 4.3.10-dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.3.10-dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2905-1 security@debian.org http://www.debian.org/security/ Michael Gilbert April 15, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-1716 CVE-2014-1717 CVE-2014-1718 CVE-2014-1719 CVE-2014-1720 CVE-2014-1721 CVE-2014-1722 CVE-2014-1723 CVE-2014-1724 CVE-2014-1725 CVE-2014-1726 CVE-2014-1727 CVE-2014-1728 CVE-2014-1729 Several vulnerabilities were discovered in the chromium web browser. CVE-2014-1716 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2014-1717 An out-of-bounds read issue was discovered in the v8 javascript library. CVE-2014-1718 Aaron Staple discovered an integer overflow issue in chromium's software compositor. CVE-2014-1719 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2014-1720 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. CVE-2014-1721 Christian Holler discovered a memory corruption issue in the v8 javascript library. CVE-2014-1722 miaubiz discovered a use-after-free issue in block rendering. CVE-2014-1723 George McBay discovered a url spoofing issue. CVE-2014-1724 Atte Kettunen discovered a use-after-free issue in freebsoft's libspeechd library. Because of this issue, the text-to-speech feature is now disabled by default ("--enable-speech-dispatcher" at the command-line can re-enable it). CVE-2014-1725 An out-of-bounds read was discovered in the base64 implementation. CVE-2014-1726 Jann Horn discovered a way to bypass the same origin policy. CVE-2014-1727 Khalil Zhani discovered a use-after-free issue in the web color chooser implementation. CVE-2014-1728 The Google Chrome development team discovered and fixed multiple issues with potential security impact. CVE-2014-1729 The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.22 of the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.116-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.116-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 17, 2014 Share Posted April 17, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2907-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- This is an advance notice that regular security support for Debian GNU/Linux 6.0 (code name "squeeze") will be terminated on the 31st of May. However, we're happy to announce that security support for squeeze is going to be extended until February 2016, i.e. five years after the initial release. This effort is driven by various interested parties / companies which require longer security support. See the "LTS" section of https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html for the initial announcement. The details are currently being sorted out and a more detailed announcement will be made soon. Brief advance FAQ (but you should really wait for the more detailed announcement): Q: What's the difference between regular security support and the LTS support? A: squeeze-lts is only going to support i386 and amd64. If you're running a different architecture you need to upgrade to Debian 7 (wheezy). Also there are going to be a few packages which will not be supported in squeeze-lts (e.g. a few web-based applications which cannot be supported for five years). There will be a tool to detect such unsupported packages. Q: Does this mean that Debian 7 (wheezy) and/or Debian 8 (jessie) will have five years security support as well? A: Likely, we'll see how squeeze-lts turns out. If there's sufficient support it will be continued for later releases as well. Also, see below. Q: Is additional help needed? A: Absolutely. squeeze-lts is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success (with some overlap in people involved). So, if you're a company using Debian and seeing a benefit in security support for five years, get in touch with team@security.debian.org and we'll see how you can help (if you e.g. don't have the manpower / know how but are willing to contribute, we can point you to a list of Debian consultants) Mailing list: debian-security-announce@lists.debian.org Link to comment Share on other sites More sharing options...
sunrat Posted April 18, 2014 Share Posted April 18, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2908-1 security@debian.org http://www.debian.org/security/ Raphael Geissert April 17, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2010-5298 CVE-2014-0076 Debian Bug : 742923 Multiple vulnerabilities have been discovered in OpenSSL. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-5298 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service. CVE-2014-0076 ECDSA nonces can be recovered through the Yarom/Benger FLUSH+RELOAD cache side-channel attack. A third issue, with no CVE id, is the missing detection of the "critical" flag for the TSA extended key usage under certain cases. Additionally, this update checks for more services that might need to be restarted after upgrades of libssl, corrects the detection of apache2 and postgresql, and adds support for the 'libraries/restart-without-asking' debconf configuration. This allows services to be restarted on upgrade without prompting. The oldstable distribution (squeeze) is not affected by CVE-2010-5298 and it might be updated at a later time to address the remaining vulnerabilities. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u7. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.0.1g-3. Link to comment Share on other sites More sharing options...
sunrat Posted April 25, 2014 Share Posted April 25, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2909-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 18, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2014-0150 Debian Bug : 744221 Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process. For the oldstable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-3squeeze4. For the stable distribution (wheezy), this problem has been fixed in version 1.1.2+dfsg-6a+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.7.0+dfsg-8. For the unstable distribution (sid), this problem has been fixed in version 1.7.0+dfsg-8. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2910-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 18, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu-kvm CVE ID : CVE-2014-0150 Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process. For the oldstable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze11. For the stable distribution (wheezy), this problem has been fixed in version 1.1.2+dfsg-6+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2901-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst April 18, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2014-0165 CVE-2014-0166 Debian Bug : 744018 The update for wordpress in DSA 2901 caused a regression in the Quick Drafts functionality. This update corrects that problem. For reference, the original advisory text follows. Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0165 A user with a contributor role, using a specially crafted request, can publish posts, which is reserved for users of the next-higher role. CVE-2014-0166 Jon Cave of the WordPress security team discovered that the wp_validate_auth_cookie function in wp-includes/pluggable.php does not properly determine the validity of authentication cookies, allowing a remote attacker to obtain access via a forged cookie. For the oldstable distribution (squeeze), these problems have been fixed in version 3.6.1+dfsg-1~deb6u3. For the stable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u3. For the unstable distribution (sid), these problems have been fixed in version 3.8.3+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2895-2 security@debian.org http://www.debian.org/security/ Luciano Bello April 21, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : prosody CVE ID : CVE-2014-2744 CVE-2014-2745 Debian Bug : 743836 The update for prosody in DSA 2895 caused a regression when a client logins with the compression functionality activated. This update corrects that problem. For reference, the original advisory text follows. A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-com- pressed XML elements (attack known as "zip bomb") over XMPP streams and consume all the resources of the server. For the stable distribution (wheezy), this problem has been fixed in version 0.8.2-4+deb7u2 of prosody. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2901-3 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 21, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2014-0165 CVE-2014-0166 Debian Bug : 744018 The update of wordpress in DSA-2901-2 introduced a wrong versioned dependency on libjs-cropper, making the package uninstallable in the oldstable distribution (squeeze). This update corrects that problem. For reference the original advisory text follows. Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0165 A user with a contributor role, using a specially crafted request, can publish posts, which is reserved for users of the next-higher role. CVE-2014-0166 Jon Cave of the WordPress security team discovered that the wp_validate_auth_cookie function in wp-includes/pluggable.php does not properly determine the validity of authentication cookies, allowing a remote attacker to obtain access via a forged cookie. For the oldstable distribution (squeeze), this problem has been fixed in version 3.6.1+dfsg-1~deb6u4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2911-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 22, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 24.4.0-1~deb7u1. This updates Icedove to the Extended Support Release (ESR) branch 24. An updated and compatible version of Enigmail is included with this update. For the testing distribution (jessie), these problems have been fixed in version 24.4.0esr-1. For the unstable distribution (sid), these problems have been fixed in version 24.4.0esr-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2808-2 security@debian.org http://www.debian.org/security/ Raphael Geissert April 22, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjpeg A regression in the decoding of chroma-subsampled images in OpenJPEG was introduced by one of the patches for CVE-2013-6045. This update fixes the regression. For reference, the original text of DSA-2808-1 is reproduced below: Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service (CVE-2013-1447) via application crash or high memory consumption, possible code execution through heap buffer overflows (CVE-2013-6045), information disclosure (CVE-2013-6052), or yet another heap buffer overflow that only appears to affect OpenJPEG 1.3 (CVE-2013-6054). For the oldstable distribution (squeeze), this problem has been fixed in version 1.3+dfsg-4+squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 1.3+dfsg-4.8. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2912-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-6 CVE ID : CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0462 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. For the oldstable distribution (squeeze), these problems have been fixed in version 6b31-1.13.3-1~deb6u1. For the stable distribution (wheezy), these problems have been fixed in version 6b31-1.13.3-1~deb7u1. For the testing distribution (jessie), these problems have been fixed in version 6b31-1.13.3-1. For the unstable distribution (sid), these problems have been fixed in version 6b31-1.13.3-1. - ---------------------------------------------------------------------- Debian Security Advisory DSA-2906-1 security@debian.org http://www.debian.org/security/ Dann Frazier April 24, 2014 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893 CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4512 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6381 CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2039 CVE-2014-2523 CVE-2103-2929 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled. CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory. CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service. CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service. CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable. CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service. CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory. CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected. CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges. CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter. CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash). CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges. CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl. CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges. CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function. CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory. CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition. CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference). CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory. CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory. CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory. CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file. CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction. CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze5. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+48squeeze5 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Link to comment Share on other sites More sharing options...
Recommended Posts