sunrat Posted September 24, 2014 Share Posted September 24, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3031-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso September 23, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apt CVE ID : CVE-2014-6273 The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the 'http' apt method binary, or potentially to arbitrary code execution. Two regression fixes were included in this update: * Fix regression from the previous update in DSA-3025-1 when the custom apt configuration option for Dir::state::lists is set to a relative path (#762160). * Fix regression in the reverificaiton handling of cdrom: sources that may lead to incorrect hashsum warnings. Affected users need to run "apt-cdrom add" again after the update was applied. For the stable distribution (wheezy), this problem has been fixed in version 0.9.7.9+deb7u5. Link to comment Share on other sites More sharing options...
sunrat Posted September 25, 2014 Share Posted September 25, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3032-1 security@debian.org http://www.debian.org/security/ Florian Weimer September 24, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bash CVE ID : CVE-2014-6271 Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell. For the stable distribution (wheezy), this problem has been fixed in version 4.2+dfsg-0.1+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3033-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez September 25, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2014-1568 Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. For the stable distribution (wheezy), this problem has been fixed in version 2:3.14.5-1+deb7u2. For the testing distribution (jessie), this problem has been fixed in version 2:3.17.1. For the unstable distribution (sid), this problem has been fixed in version 2:3.17.1. Link to comment Share on other sites More sharing options...
sunrat Posted September 26, 2014 Share Posted September 26, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3034-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez September 25, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2014-1568 Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. For the stable distribution (wheezy), this problem has been fixed in version 24.8.1esr-1~deb7u1. For the testing distribution (jessie) and unstable distribution (sid), Iceweasel uses the system NSS library, handled in DSA 3033-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3035-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso September 25, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bash CVE ID : CVE-2014-7169 Debian Bug : 762760 762761 Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure. Additionally two out-of-bounds array accesses in the bash parser are fixed which were revealed in Red Hat's internal analysis for these issues and also independently reported by Todd Sabin. For the stable distribution (wheezy), these problems have been fixed in version 4.2+dfsg-0.1+deb7u3. Link to comment Share on other sites More sharing options...
sunrat Posted September 26, 2014 Share Posted September 26, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3036-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst September 26, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki Debian Bug : 762754 It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting. For the stable distribution (wheezy), this problem has been fixed in version 1:1.19.19+dfsg-0+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.19.19+dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted October 2, 2014 Share Posted October 2, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3037-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez September 26, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2014-1568 Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. For the stable distribution (wheezy), this problem has been fixed in version 24.8.1esr-1~deb7u1. For the testing distribution (jessie) and unstable distribution (sid), Icedove uses the system NSS library, handled in DSA 3033-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3038-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso September 27, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvirt CVE ID : CVE-2014-0179 CVE-2014-3633 Debian Bug : 762203 Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0179 Richard Jones and Daniel P. Berrange found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a special file that blocks on read access could use this flaw to cause libvirtd to hang indefinitely, resulting in a denial of service on the system. CVE-2014-3633 Luyao Huang of Red Hat found that the qemu implementation of virDomainGetBlockIoTune computed an index into the array of disks for the live definition, then used it as the index into the array of disks for the persistent definition, which could result into an out-of-bounds read access in qemuDomainGetBlockIoTune(). A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. For the stable distribution (wheezy), these problems have been fixed in version 0.9.12.3-1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 1.2.8-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3039-1 security@debian.org http://www.debian.org/security/ Michael Gilbert September 28, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-3160 CVE-2014-3162 CVE-2014-3165 CVE-2014-3166 CVE-2014-3167 CVE-2014-3168 CVE-2014-3169 CVE-2014-3170 CVE-2014-3171 CVE-2014-3172 CVE-2014-3173 CVE-2014-3174 CVE-2014-3175 CVE-2014-3176 CVE-2014-3177 CVE-2014-3178 CVE-2014-3179 Several vulnerabilities were discovered in the chromium web browser. CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.125. CVE-2014-3165 Colin Payne discovered a use-after-free issue in the Web Sockets implementation. CVE-2014-3166 Antoine Delignat-Lavaud discovered an information leak in the SPDY protocol implementation. CVE-2014-3167 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.143. CVE-2014-3168 cloudfuzzer discovered a use-after-free issue in SVG image file handling. CVE-2014-3169 Andrzej Dyjak discovered a use-after-free issue in the Webkit/Blink Document Object Model implementation. CVE-2014-3170 Rob Wu discovered a way to spoof the url of chromium extensions. CVE-2014-3171 cloudfuzzer discovered a use-after-free issue in chromium's v8 bindings. CVE-2014-3172 Eli Grey discovered a way to bypass access restrictions using chromium's Debugger extension API. CVE-2014-3173 jmuizelaar discovered an uninitialized read issue in WebGL. CVE-2014-3174 Atte Kettunen discovered an uninitialized read issue in Web Audio. CVE-2014-3175 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.94. CVE-2014-3176 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3177 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3178 miaubiz discovered a use-after-free issue in the Document Object Model implementation in Blink/Webkit. CVE-2014-3179 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.120. For the stable distribution (wheezy), these problems have been fixed in version 37.0.2062.120-1~deb7u1. For the testing (jessie) and unstable (sid) distributions, these problems have been fixed in version 37.0.2062.120-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3040-1 security@debian.org http://www.debian.org/security/ September 30, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rsyslog CVE ID : CVE-2014-3634 Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack. For the stable distribution (wheezy), this problem has been fixed in version 5.8.11-3+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 8.4.1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3041-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 01, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2013-2072 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u3. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted October 7, 2014 Share Posted October 7, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3042-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : exuberant-ctags CVE ID : CVE-2014-7204 Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool to build tag file indexes of source code definitions: Certain Javascript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service. For the stable distribution (wheezy), this problem has been fixed in version 1:5.9~svn20110310-4+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1:5.9~svn20110310-8. For the unstable distribution (sid), this problem has been fixed in version 1:5.9~svn20110310-8. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3044-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu-kvm CVE ID : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 CVE-2014-3615 CVE-2014-3640 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial of service * An information leak was discovered in the VGA emulation For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u4. For the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3045-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 CVE-2014-3615 CVE-2014-3640 Several vulnerabilities were discovered in qemu, a fast processor emulator: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial of service * An information leak was discovered in the VGA emulation For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u4. For the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3046-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso October 05, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki CVE ID : CVE-2014-7295 It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created Javascript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or Javascript code being executed from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and Javascript module allowance. For the stable distribution (wheezy), this problem has been fixed in version 1:1.19.20+dfsg-0+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.19.20+dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted October 9, 2014 Share Posted October 9, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3047-1 security@debian.org http://www.debian.org/security/ Luciano Bello October 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rsyslog CVE ID : CVE-2014-3683 Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss. This vulnerability can be seen as an incomplete fix of CVE-2014-3634 (DSA 3040-1). For the stable distribution (wheezy), this problem has been fixed in version 5.8.11-3+deb7u2. For the testing distribution (jessie), this problem has been fixed in version 8.4.2-1. For the unstable distribution (sid), this problem has been fixed in version 8.4.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3048-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apt CVE ID : CVE-2014-7206 Debian Bug : 763780 Guillem Jover discovered that the changelog retrieval functionality in apt-get used temporary files in an insecure way, allowing a local user to cause arbitrary files to be overwritten. This vulnerability is neutralized by the fs.protected_symlinks setting in the Linux kernel, which is enabled by default in Debian 7 Wheezy and up. For the stable distribution (wheezy), this problem has been fixed in version 0.9.7.9+deb7u6. For the unstable distribution (sid), this problem has been fixed in version 1.0.9.2. Link to comment Share on other sites More sharing options...
sunrat Posted October 17, 2014 Share Posted October 17, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3049-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 14, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 Multiple vulnerabilities were discovered in the dissectors/parsers for RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy12. For the testing distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-1. For the unstable distribution (sid), these problems have been fixed in version 1.12.1+g01b65bf-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3051-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 15, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : CVE-2014-3704 Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection. For the stable distribution (wheezy), this problem has been fixed in version 7.14-2+deb7u7. For the unstable distribution (sid), this problem has been fixed in version 7.32-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3052-1 security@debian.org http://www.debian.org/security/ Michael Gilbert October 15, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wpa CVE ID : CVE-2014-3686 Debian Bug : 765352 Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process. For the stable distribution (wheezy), this problem has been fixed in version 1.0-3+deb7u1. For the testing distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.3-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3053-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. CVE-2014-3566 ("POODLE") A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This update adds support for Fallback SCSV to mitigate this issue. CVE-2014-3567 A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. CVE-2014-3568 When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u13. For the unstable distribution (sid), these problems have been fixed in version 1.0.1j-1. Link to comment Share on other sites More sharing options...
sunrat Posted October 19, 2014 Share Posted October 19, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3050-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 15, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origin policy or a loss of privacy. This update updates Iceweasel to the ESR31 series of Firefox. The new release introduces a new user interface. In addition, this update also disables SSLv3. For the stable distribution (wheezy), these problems have been fixed in version 31.2.0esr-2~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.2.0esr-1. For the experimental distribution, these problems have been fixed in version 33.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted October 20, 2014 Share Posted October 20, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3054-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso October 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 Debian Bug : 765663 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html For the stable distribution (wheezy), these problems have been fixed in version 5.5.40-0+wheezy1. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted October 24, 2014 Share Posted October 24, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3055-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 23, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pidgin CVE ID : CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2014-3694 It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates. CVE-2014-3695 Yves Younan and Richard Johnson discovered that emotictons with overly large length values could crash Pidgin. CVE-2014-3696 Yves Younan and Richard Johnson discovered that malformed Groupwise messages could crash Pidgin. CVE-2014-3698 Thijs Alkemade and Paul Aurich discovered that malformed XMPP messages could result in memory disclosure. For the stable distribution (wheezy), these problems have been fixed in version 2.10.10-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 2.10.10-1. Link to comment Share on other sites More sharing options...
sunrat Posted October 28, 2014 Share Posted October 28, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3056-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond October 26, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtasn1-3 CVE ID : CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 (Abstract Syntax Notation One) structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference. For the stable distribution (wheezy), these problems have been fixed in version 2.13-2+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3057-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 26, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 CVE ID : CVE-2014-3660 Debian Bug : 762864 765722 765770 Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) In addition, this update addresses a misapplied chunk for a patch released in version 2.8.0+dfsg1-7+wheezy1 (#762864), and a memory leak regression (#765770) introduced in version 2.8.0+dfsg1-7+nmu3. For the stable distribution (wheezy), this problem has been fixed in version 2.8.0+dfsg1-7+wheezy2. For the unstable distribution (sid), this problem has been fixed in version 2.9.2+dfsg1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3058-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso October 27, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : torque CVE ID : CVE-2014-3684 Debian Bug : 763922 Chad Vizino reported a vulnerability in torque, a PBS-derived batch processing queueing system. A non-root user could exploit the flaw in the tm_adopt() library call to kill any process, including root-owned ones on any node in a job. For the stable distribution (wheezy), this problem has been fixed in version 2.4.16+dfsg-1+deb7u4. For the unstable distribution (sid), this problem has been fixed in version 2.4.16+dfsg-1.5. Link to comment Share on other sites More sharing options...
sunrat Posted October 29, 2014 Share Posted October 29, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3050-2 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 28, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 DSA-3050-1 updated the Iceweasel browser to the new ESR31 series of Firefox. In that version the xulrunner library is no longer included. This followup update provides xulrunner 24.8.1esr-2~deb7u1 in a separate source package to ensure that packages build-depending on xulrunner remain buildable. Link to comment Share on other sites More sharing options...
sunrat Posted November 2, 2014 Share Posted November 2, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3059-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 29, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dokuwiki CVE ID : CVE-2014-8761 CVE-2014-8762 CVE-2014-8763 CVE-2014-8764 Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication. For the stable distribution (wheezy), these problems have been fixed in version 0.0.20120125b-2+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 0.0.20140929.a-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3060-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso October 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2014-3610 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-3690 CVE-2014-7207 Debian Bug : 766195 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service: CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. CVE-2014-3611 Lars Bull of Google reported a race condition in in the PIT emulation code in KVM. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. CVE-2014-3645 / CVE-2014-3646 The Advanced Threat Research team at Intel Security discovered that the KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. CVE-2014-3647 Nadav Amit reported that KVM mishandles noncanonical addresses when emulating instructions that change rip, potentially causing a failed VM-entry. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. CVE-2014-3673 Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to a kernel panic when receiving malformed ASCONF chunks. A remote attacker could use this flaw to crash the system. CVE-2014-3687 A flaw in the sctp stack was discovered leading to a kernel panic when receiving duplicate ASCONF chunks. A remote attacker could use this flaw to crash the system. CVE-2014-3688 It was found that the sctp stack is prone to a remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system. CVE-2014-3690 Andy Lutomirski discovered that incorrect register handling in KVM may lead to denial of service. CVE-2014-7207 Several Debian developers reported an issue in the IPv6 networking subsystem. A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash). This update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers. This will cause migration of a running VM from a host running an earlier kernel version to a host running this kernel version to fail, if the VM has been assigned a virtio network device. In order to migrate such a VM, it must be shut down first. For the stable distribution (wheezy), these problems have been fixed in version 3.2.63-2+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3061-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update updates Iceweasel to the ESR31 series of Thunderbird. In addition Enigmail was updated to version 1.7.2-1~deb7u1 to ensure compatibility with the new upstream release. For the stable distribution (wheezy), these problems have been fixed in version 31.2.0-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.2.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted November 2, 2014 Share Posted November 2, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3062-1 security@debian.org http://www.debian.org/security/ Luciano Bello November 01, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wget CVE ID : CVE-2014-4877 Debian Bug : 766981 HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override content of user's files or permit remote code execution with the user privilege. This update changes the default setting in Wget such that it no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. For the stable distribution (wheezy), this problem has been fixed in version 1.13.4-3+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.16-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3063-1 security@debian.org http://www.debian.org/security/ Luciano Bello November 02, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : quassel CVE ID : CVE-2014-8483 Debian Bug : 766962 An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted message that crash to component causing a denial of services or disclosure of information from process memory. For the stable distribution (wheezy), this problem has been fixed in version 0.8.0-1+deb7u3. For the unstable distribution (sid), this problem has been fixed in version 0.10.0-2.1 (will be available soon). Link to comment Share on other sites More sharing options...
sunrat Posted November 5, 2014 Share Posted November 5, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3064-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.34, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information: http://php.net/ChangeLog-5.php#5.4.34 For the stable distribution (wheezy), these problems have been fixed in version 5.4.34-0+deb7u1. Link to comment Share on other sites More sharing options...
sunrat Posted November 7, 2014 Share Posted November 7, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3065-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond November 06, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml-security-java CVE ID : CVE-2013-2172 Debian Bug : 720375 James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. For the stable distribution (wheezy), this problem has been fixed in version 1.4.5-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.5.5-2. For the unstable distribution (sid), this problem has been fixed in version 1.5.5-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3066-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 06, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2014-3689 CVE-2014-7815 Debian Bug : 765496 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. CVE-2014-7815 James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest. For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u5. For the unstable distribution (sid), these problems have been fixed in version 2.1+dfsg-7. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3067-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 06, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu-kvm CVE ID : CVE-2014-3689 CVE-2014-7815 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. CVE-2014-7815 James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest. For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u5. Link to comment Share on other sites More sharing options...
sunrat Posted November 8, 2014 Share Posted November 8, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3068-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : konversation CVE ID : CVE-2014-8483 It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption. For the stable distribution (wheezy), this problem has been fixed in version 1.4-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1.5-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3069-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2014-3707 Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be used in that order, and then the duplicate handle must be used to perform the HTTP POST. The curl command line tool is not affected by this problem as it does not use this sequence. For the stable distribution (wheezy), this problem has been fixed in version 7.26.0-1+wheezy11. For the upcoming stable distribution (jessie), this problem will be fixed in version 7.38.0-3. For the unstable distribution (sid), this problem has been fixed in version 7.38.0-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3070-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : kfreebsd-9 CVE ID : CVE-2014-3711 CVE-2014-3952 CVE-2014-3953 CVE-2014-8476 Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure. CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups. CVE-2014-3952 Kernel memory disclosure in sockbuf control messages. CVE-2014-3953 Kernel memory disclosure in SCTP. This update disables SCTP, since the userspace tools shipped in Wheezy didn't support SCTP anyway. CVE-2014-8476 Kernel stack disclosure in setlogin() and getlogin(). For the stable distribution (wheezy), these problems have been fixed in version 9.0-10+deb70.8. Link to comment Share on other sites More sharing options...
sunrat Posted November 12, 2014 Share Posted November 12, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3071-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond November 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2014-1544 In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain. For the stable distribution (wheezy), this problem has been fixed in version 2:3.14.5-1+deb7u3. For the upcoming stable distribution (jessie), this problem has been fixed in version 2:3.16.3-1. For the unstable distribution (sid), this problem has been fixed in version 2:3.16.3-1. Link to comment Share on other sites More sharing options...
sunrat Posted November 14, 2014 Share Posted November 14, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3072-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file CVE ID : CVE-2014-3710 Debian Bug : 768806 Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file. For the stable distribution (wheezy), this problem has been fixed in version 5.11-2+deb7u6. For the upcoming stable distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1:5.20-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3050-3 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 The previous update for iceweasel in DSA-3050-1 did not contain builds for the armhf architecture due to an error in the Debian packaging specific to the armhf build. This update corrects that problem. For reference, the original advisory text follows. Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origin policy or a loss of privacy. This update updates Iceweasel to the ESR31 series of Firefox. The new release introduces a new user interface. In addition, this update also disables SSLv3. For the stable distribution (wheezy), this problem has been fixed in version 31.2.0esr-3~deb7u1. Link to comment Share on other sites More sharing options...
sunrat Posted November 22, 2014 Share Posted November 22, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3073-1 security@debian.org http://www.debian.or... Salvatore Bonaccorso November 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt11 CVE ID : CVE-2014-5270 Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack. For the stable distribution (wheezy), this problem has been fixed in version 1.5.0-5+deb7u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3074-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 18, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2014-3710 Debian Bug : 68283 Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file. As announced in DSA-3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerability is addressed by upgrading PHP to a new upstream version 5.4.35, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information: http://php.net/ChangeLog-5.php#5.4.35 For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3074-2 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 19, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 The previous update for php5, DSA-3074-1, introduced regression in the sessionclean cron script. The change was intended to fix a potential symlink attack using filenames including the NULL character (Debian bug #766147), but depended on sed package version too recent, not in Wheezy. This update reverts the fix, so people are advised to keep kernel symlink protection (sysctl fs.protected_symlinks=1) enabled as it is by default on Wheezy, which is enough to prevent successful exploitation. For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3075-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : CVE-2014-9015 CVE-2014-9016 Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-9015 Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session. CVE-2014-9016 Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service). Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to these vulnerabilities. More information can be found in the upstream advisory at https://www.drupal.org/SA-CORE-2014-006 For the stable distribution (wheezy), these problems have been fixed in version 7.14-2+deb7u8. Link to comment Share on other sites More sharing options...
sunrat Posted November 26, 2014 Share Posted November 26, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3076-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 25, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy13. For the upcoming stable distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-2. For the unstable distribution (sid), these problems have been fixed in version 1.12.1+g01b65bf-2. Link to comment Share on other sites More sharing options...
sunrat Posted December 1, 2014 Share Posted December 1, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3077-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 26, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-6 CVE ID : CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 6b33-1.13.5-2~deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3078-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 27, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libksba CVE ID : CVE-2014-9087 Debian Bug : 770972 An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X.509 and CMS (PKCS#7) library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of service), or potentially, execute arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 1.2.0-2+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 1.3.2-1. For the unstable distribution (sid), this problem has been fixed in version 1.3.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3079-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond November 28, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ppp CVE ID : CVE-2014-3158 Debian Bug : 762789 A vulnerability was discovered in ppp, an implementation of the Point-to-Point Protocol: an integer overflow in the routine responsible for parsing user-supplied options potentially allows a local attacker to gain root privileges. For the stable distribution (wheezy), this problem has been fixed in version 2.4.5-5.1+deb7u1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 2.4.6-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3080-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 29, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 7u71-2.5.3-2~deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 7u71-2.5.3-1. For the unstable distribution (sid), these problems have been fixed in version 7u71-2.5.3-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3081-1 security@debian.org http://www.debian.org/security/ Luciano Bello November 29, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvncserver CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 Debian Bug : 762745 Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side. For the stable distribution (wheezy), these problems have been fixed in version 0.9.9+dfsg-1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 0.9.9+dfsg-6.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3082-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond November 30, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : flac CVE ID : CVE-2014-8962 CVE-2014-9028 Debian Bug : 770918 Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library handling Free Lossless Audio Codec media: by providing a specially crafted FLAC file, an attacker could execute arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.2.1-6+deb7u1. For the testing distribution (jessie) and unstable distribution (sid), these problems have been fixed in version 1.3.0-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3083-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 30, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mutt CVE ID : CVE-2014-9116 Debian Bug : 771125 A flaw was discovered in mutt, a text-based mailreader. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition. For the stable distribution (wheezy), this problem has been fixed in version 1.5.21-6.2+deb7u3. For the unstable distribution (sid), this problem has been fixed in version 1.5.23-2. Link to comment Share on other sites More sharing options...
sunrat Posted December 1, 2014 Share Posted December 1, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3084-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 01, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openvpn CVE ID : CVE-2014-8104 Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload. For the stable distribution (wheezy), this problem has been fixed in version 2.2.1-8+deb7u3. For the unstable distribution (sid), this problem has been fixed in version 2.3.4-5. Link to comment Share on other sites More sharing options...
sunrat Posted December 3, 2014 Share Posted December 3, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3085-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 03, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 Debian Bug : 770425 Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9031 Jouko Pynnonen discovered an unauthenticated cross site scripting vulnerability (XSS) in wptexturize(), exploitable via comments or posts. CVE-2014-9033 Cross site request forgery (CSRF) vulnerability in the password changing process, which could be used by an attacker to trick an user into changing her password. CVE-2014-9034 Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential denial of service in the way the phpass library is used to handle passwords, since no maximum password length was set. CVE-2014-9035 John Blackbourn reported an XSS in the "Press This" function (used for quick publishing using a browser "bookmarklet"). CVE-2014-9036 Robert Chapin reported an XSS in the HTML filtering of CSS in posts. CVE-2014-9037 David Anderson reported a hash comparison vulnerability for passwords stored using the old-style MD5 scheme. While unlikely, this could be exploited to compromise an account, if the user had not logged in after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and the password MD5 hash could be collided with due to PHP dynamic comparison. CVE-2014-9038 Ben Bidner reported a server side request forgery (SSRF) in the core HTTP layer which unsufficiently blocked the loopback IP address space. CVE-2014-9039 Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a vulnerability in the password reset process: an email address change would not invalidate a previous password reset email. For the stable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u5. For the upcoming stable distribution (jessie), these problems have been fixed in version 4.0.1+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.0.1+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3086-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 03, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tcpdump CVE ID : CVE-2014-8767 CVE-2014-8769 CVE-2014-9140 Debian Bug : 770424 770434 Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 4.3.0-1+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 4.6.2-3. For the unstable distribution (sid), these problems have been fixed in version 4.6.2-3. Link to comment Share on other sites More sharing options...
sunrat Posted December 4, 2014 Share Posted December 4, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3087-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2014-8106 Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast processor emulator. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. For the stable distribution (wheezy), this problem has been fixed in version 1.1.2+dfsg-6a+deb7u6. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3088-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu-kvm CVE ID : CVE-2014-8106 Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu-kvm, a full virtualization solution on x86 hardware. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. For the stable distribution (wheezy), this problem has been fixed in version 1.1.2+dfsg-6+deb7u6. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3089-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2014-9029 Debian Bug : 772036 Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.900.1-13+deb7u1. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3090-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 31.3.0esr-1~deb7u1. For the upcoming stable distribution (jessie), these problems will be fixe soon. For the unstable distribution (sid), these problems have been fixed in version 31.3.0esr-1. Link to comment Share on other sites More sharing options...
sunrat Posted December 7, 2014 Share Posted December 7, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3091-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano December 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : getmail4 CVE ID : CVE-2014-7273 CVE-2014-7274 CVE-2014-7275 Debian Bug : 766670 Several vulnerabilities have been discovered in getmail4, a mail retriever with support for POP3, IMAP4 and SDPS, that could allow man-in-the-middle attacks. CVE-2014-7273 The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate. CVE-2014-7274 The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority. CVE-2014-7275 The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate. For the stable distribution (wheezy), these problems have been fixed in version 4.46.0-1~deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 4.46.0-1. For the unstable distribution (sid), these problems have been fixed in version 4.46.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3092-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 31.3.0-1~deb7u1. For the upcoming stable distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 31.3.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted December 8, 2014 Share Posted December 8, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2014-7841 CVE-2014-8369 CVE-2014-8884 CVE-2014-9090 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-7841 Liu Wei of Red Hat discovered that a SCTP server doing ASCONF will panic on malformed INIT chunks by triggering a NULL pointer dereference. CVE-2014-8369 A flaw was discovered in the way iommu mapping failures were handled in the kvm_iommu_map_pages() function in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. CVE-2014-8884 A stack-based buffer overflow flaw was discovered in the TechnoTrend/Hauppauge DEC USB driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges. CVE-2014-9090 Andy Lutomirski discovered that the do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic). For the stable distribution (wheezy), these problems have been fixed in version 3.2.63-2+deb7u2. This update also includes fixes for regressions introduced by previous updates. For the unstable distribution (sid), these problems will be fixed soon in version 3.16.7-ckt2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3094-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano December 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2014-8500 It was discovered that BIND, a DNS server, is prone to a denial of service vulnerability. By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service (up to and including termination of the named server process.) For the stable distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u3. For the upcoming stable distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem will be fixed soon. 1 Link to comment Share on other sites More sharing options...
sunrat Posted December 11, 2014 Share Posted December 11, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3095-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xorg-server CVE ID : CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 1.12.4-6+deb7u5. For the upcoming stable distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 2:1.16.2.901-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3097-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : unbound CVE ID : CVE-2014-8602 Debian Bug : 772622 Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit (or make emit) queries to the server can trick the resolver into following an endless series of delegations, leading to ressource exhaustion and huge network usage. For the stable distribution (wheezy), this problem has been fixed in version 1.4.17-3+deb7u2. For the upcoming stable distribution (jessie), this problem has been fixed in version 1.4.22-3. For the unstable distribution (sid), this problem has been fixed in version 1.4.22-3. Link to comment Share on other sites More sharing options...
sunrat Posted December 11, 2014 Share Posted December 11, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3096-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond December 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pdns-recursor CVE ID : CVE-2014-8601 Florian Maury from ANSSI discovered a flaw in pdns-recursor, a recursive DNS server : a remote attacker controlling maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial-of-service. For the stable distribution (wheezy), this problem has been fixed in version 3.3-3+deb7u1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 3.6.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3098-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : graphviz CVE ID : CVE-2014-9157 Debian Bug : 772648 Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 2.26.3-14+deb7u2. For the upcoming stable distribution (jessie), this problem will be fixed soon in version 2.38.0-7. For the unstable distribution (sid), this problem has been fixed in version 2.38.0-7. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3099-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dbus CVE ID : CVE-2014-7824 Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the auth_timeout change in the previous security update to its old value because the new value causes boot failures on some systems. See the README.Debian file for details how to harden the D-Bus daemon against malicious local users. For the stable distribution (wheezy), these problem have been fixed in version 1.6.8-1+deb7u5. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problem have been fixed in version 1.8.10-1. Link to comment Share on other sites More sharing options...
Recommended Posts