sunrat Posted December 13, 2014 Share Posted December 13, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3100-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond December 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki CVE ID : CVE-2014-9277 Debian Bug : 772764 A flaw was discovered in mediawiki, a wiki engine: cross-domain-policy mangling allows an article editor to inject code into API consumers that deserialize PHP representations of the page from the API. For the stable distribution (wheezy), this problem has been fixed in version 1.19.20+dfsg-0+deb7u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3101-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 13, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : c-icap CVE ID : CVE-2013-7401 CVE-2013-7402 Several vulnerabilities were found in c-icap, an ICAP server implementation, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts. For the stable distribution (wheezy), these problems have been fixed in version 1:0.1.6-1.1+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 1:0.3.1-1. For the unstable distribution (sid), these problems have been fixed in version 1:0.3.1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3102-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 13, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml CVE ID : CVE-2014-9130 Debian Bug : 771366 Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. For the stable distribution (wheezy), this problem has been fixed in version 0.1.4-2+deb7u5. For the upcoming stable distribution (jessie), this problem has been fixed in version 0.1.6-3. For the unstable distribution (sid), this problem has been fixed in version 0.1.6-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3103-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 13, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml-libyaml-perl CVE ID : CVE-2014-9130 Debian Bug : 771365 Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. This update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package. For the stable distribution (wheezy), this problem has been fixed in version 0.38-3+deb7u3. For the upcoming stable distribution (jessie), this problem has been fixed in version 0.41-6. For the unstable distribution (sid), this problem has been fixed in version 0.41-6. Link to comment Share on other sites More sharing options...
sunrat Posted December 18, 2014 Share Posted December 18, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3104-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bsd-mailx CVE ID : CVE-2014-7844 It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the "expandaddr" in an appropriate mailrc file. This update also removes the obsolete -T option. An older security vulnerability, CVE-2004-2771, had already been addressed in the Debian's bsd-mailx package. Note that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the "--" separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke "mail -t" or "sendmail -i -t" instead, passing the recipient addresses as part of the mail header. For the stable distribution (wheezy), this problem has been fixed in version 8.1.2-0.20111106cvs-1+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3105-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : heirloom-mailx CVE ID : CVE-2004-2771 CVE-2014-7844 Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the "mail" command: CVE-2004-2771 mailx interprets interprets shell meta-characters in certain email addresses. CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell commands to execute. Shell command execution can be re-enabled using the "expandaddr" option. Note that this security update does not remove all mailx facilities for command execution, though. Scripts which send mail to addresses obtained from an untrusted source (such as a web form) should use the "--" separator before the email addresses (which was fixed to work properly in this update), or they should be changed to invoke "mail -t" or "sendmail -i -t" instead, passing the recipient addresses as part of the mail header. For the stable distribution (wheezy), these problems have been fixed in version 12.5-2+deb7u1. Link to comment Share on other sites More sharing options...
sunrat Posted December 21, 2014 Share Posted December 21, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3106-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2014-8137 CVE-2014-8138 Debian Bug : 773463 Jose Duart of the Google Security Team discovered a double free flaw (CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138) in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.900.1-13+deb7u2. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3107-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : subversion CVE ID : CVE-2014-3580 Debian Bug : 773263 Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service. For the stable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u7. For the unstable distribution (sid), this problem has been fixed in version 1.8.10-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3108-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ntp CVE ID : CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 Debian Bug : 773576 Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. CVE-2014-9293 ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities). CVE-2014-9294 The ntp-keygen utility generated weak MD5 keys with insufficient entropy. CVE-2014-9295 ntpd had several buffer overflows (both on the stack and in the data section), allowing remote authenticated attackers to crash ntpd or potentially execute arbitrary code. CVE-2014-9296 The general packet processing function in ntpd did not handle an error case correctly. The default ntpd configuration in Debian restricts access to localhost (and possible the adjacent network in case of IPv6). Keys explicitly generated by "ntp-keygen -M" should be regenerated. For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3107-2 security@debian.org http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : subversion Debian Bug : 773610 The previous subversion security update, DSA-3107-1, introduced a regression which causes Apache httpd to fail to start due to an undefined symbol dav_svn__new_error in configurations which used mod_dav_svn. For the stable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u8. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3109-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 21, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firebird2.5 CVE ID : CVE-2014-9323 Debian Bug : 772880 Dmitry Kovalenko discovered that the Firebird database server is prone to a denial of service vulnerability. An unauthenticated remote attacker could send a malformed network packet to a firebird server, which would cause the server to crash. For the stable distribution (wheezy), this problem has been fixed in version 2.5.2.26540.ds4-1~deb7u2. For the upcoming stable distribution (jessie), this problem has been fixed in version 2.5.3.26778.ds4-5. For the unstable distribution (sid), this problem has been fixed in version 2.5.3.26778.ds4-5. Link to comment Share on other sites More sharing options...
sunrat Posted December 27, 2014 Share Posted December 27, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3111-1 security@debian.org http://www.debian.org/security/ Michael Gilbert December 22, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cpio CVE ID : CVE-2014-9112 Debian Bug : 772793 Michal Zalewski discovered an out of bounds write issue in cpio, a tool for creating and extracting cpio archive files. In the process of fixing that issue, the cpio developers found and fixed additional range checking and null pointer dereference issues. For the stable distribution (wheezy), this problem has been fixed in version 2.11+dfsg-0.1+deb7u1. For the upcoming stable distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.11+dfsg-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3112-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 23, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sox CVE ID : CVE-2014-8145 Debian Bug : 773720 Michele Spagnuolo of the Google Security Team dicovered two heap-based buffer overflows in SoX, the Swiss Army knife of sound processing programs. A specially crafted wav file could cause an application using SoX to crash or, possibly, execute arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 14.4.0-3+deb7u1. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3110-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond December 23, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki Debian Bug : 773654 A flaw was discovered in mediawiki, a wiki engine: thumb.php outputs wikitext messages as raw HTML, potentially leading to cross-site scripting (XSS). For the stable distribution (wheezy), this problem has been fixed in version 1.19.20+dfsg-0+deb7u3; this version additionally fixes a regression introduced in the previous release, DSA-3100-1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1:1.19.20+dfsg-2.2. Link to comment Share on other sites More sharing options...
sunrat Posted December 28, 2014 Share Posted December 28, 2014 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3113-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 28, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : unzip CVE ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Debian Bug : 773722 Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 6.0-8+deb7u1. For the upcoming stable distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 6.0-13. Link to comment Share on other sites More sharing options...
sunrat Posted January 3, 2015 Share Posted January 3, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3114-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 29, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mime-support CVE ID : CVE-2014-7209 Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 3.52-1+deb7u1. For the upcoming stable distribution (jessie) and the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3115-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 29, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pyyaml CVE ID : CVE-2014-9130 Debian Bug : 772815 Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash. For the stable distribution (wheezy), this problem has been fixed in version 3.10-4+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 3.11-2. For the unstable distribution (sid), this problem has been fixed in version 3.11-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3116-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 30, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : polarssl CVE ID : CVE-2014-8628 It was discovered that a memory leak in parsing X.509 certificates may result in denial of service. For the stable distribution (wheezy), this problem has been fixed in version 1.2.9-1~deb7u4. For the upcoming stable distribution (jessie), this problem has been fixed in version 1.3.9-1. For the unstable distribution (sid), this problem has been fixed in version 1.3.9-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3117-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2014-8142 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. As announced in DSA 3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.36, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information: http://php.net/ChangeLog-5.php#5.4.36 Two additional patches were applied on top of the imported new upstream version. An out-of-bounds read flaw was fixed which could lead php5-cgi to crash. Moreover a bug with php5-pgsql in combination with PostgreSQL 9.1 was fixed (Debian Bug #773182). For the stable distribution (wheezy), these problems have been fixed in version 5.4.36-0+deb7u1. Link to comment Share on other sites More sharing options...
sunrat Posted January 8, 2015 Share Posted January 8, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3118-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez January 05, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : strongswan CVE ID : CVE-2014-9221 Mike Daskalakis reported a denial of service vulnerability in charon, the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish IPsec protected links. The bug can be triggered by an IKEv2 Key Exchange (KE) payload that contains the Diffie-Hellman (DH) group 1025. This identifier is from the private-use range and only used internally by libtls for DH groups with custom generator and prime (MODP_CUSTOM). As such the instantiated method expects that these two values are passed to the constructor. This is not the case when a DH object is created based on the group in the KE payload. Therefore, an invalid pointer is dereferenced later, which causes a segmentation fault. This means that the charon daemon can be crashed with a single IKE_SA_INIT message containing such a KE payload. The starter process should restart the daemon after that, but this might increase load on the system. Remote code execution is not possible due to this issue, nor is IKEv1 affected in charon or pluto. For the stable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u6. For the upcoming stable distribution (jessie), this problem has been fixed in version 5.2.1-5. For the unstable distribution (sid), this problem has been fixed in version 5.2.1-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3119-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 06, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libevent CVE ID : CVE-2014-6272 Debian Bug : 774645 Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t. For the stable distribution (wheezy), this problem has been fixed in version 2.0.19-stable-3+deb7u1. For the upcoming stable distribution (jessie) and the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3120-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 06, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mantis CVE ID : CVE-2014-6316 CVE-2014-7146 CVE-2014-8553 CVE-2014-8554 CVE-2014-8598 CVE-2014-8986 CVE-2014-8988 CVE-2014-9089 CVE-2014-9117 CVE-2014-9269 CVE-2014-9270 CVE-2014-9271 CVE-2014-9272 CVE-2014-9280 CVE-2014-9281 CVE-2014-9388 Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. For the stable distribution (wheezy), these problems have been fixed in version 1.2.18-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3121-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 08, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file CVE ID : CVE-2014-8116 CVE-2014-8117 Debian Bug : 773148 Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files. As part of the fixes, several limits on aspects of the detection were added or tightened, sometimes resulting in messages like "recursion limit exceeded" or "too many program header sections". To mitigate such shortcomings, these limits are controllable by a new - -P, --parameter option in the file program. For the stable distribution (wheezy), these problems have been fixed in version 5.11-2+deb7u7. For the upcoming stable distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1:5.21+15-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3122-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 08, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2014-8150 Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in a way that was not intended, or insert additional request headers into the request. For the stable distribution (wheezy), this problem has been fixed in version 7.26.0-1+wheezy12. For the upcoming stable distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 7.38.0-4. Link to comment Share on other sites More sharing options...
sunrat Posted January 12, 2015 Share Posted January 12, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3123-1 security@debian.org http://www.debian.org/security/ Luciano Bello January 09, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : binutils CVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 2.22-8+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 2.25-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3124-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : otrs2 CVE ID : CVE-2014-9324 Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered a privilege escalation vulnerability in otrs2, the Open Ticket Request System. An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured. For the stable distribution (wheezy), this problem has been fixed in version 3.1.7+dfsg1-8+deb7u5. For the upcoming stable distribution (jessie), this problem has been fixed in version 3.3.9-3. For the unstable distribution (sid), this problem has been fixed in version 3.3.9-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3125-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 11, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to use unsupported protocols. When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received, the ssl method would be set to NULL which could later result in a NULL pointer dereference and daemon crash. CVE-2014-3570 Pieter Wuille of Blockstream reported that the bignum squaring (BN_sqr) may produce incorrect results on some platforms, which might make it easier for remote attackers to defeat cryptographic protection mechanisms. CVE-2014-3571 Markus Stenberg of Cisco Systems, Inc. reported that a carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. A remote attacker could use this flaw to mount a denial of service attack. CVE-2014-3572 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuite if the server key exchange message is omitted. This allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy. CVE-2014-8275 Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project and Konrad Kraszewski of Google reported various certificate fingerprint issues, which allow remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism. CVE-2015-0204 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client will accept the use of an ephemeral RSA key in a non-export RSA key exchange ciphersuite, violating the TLS standard. This allows remote SSL servers to downgrade the security of the session. CVE-2015-0205 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This flaw effectively allows a client to authenticate without the use of a private key via crafted TLS handshake protocol traffic to a server that recognizes a certification authority with DH support. CVE-2015-0206 Chris Mueller discovered a memory leak in the dtls1_buffer_record function. A remote attacker could exploit this flaw to mount a denial of service through memory exhaustion by repeatedly sending specially crafted DTLS records. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u14. For the upcoming stable distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.0.1k-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3126-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 It was discovered that libmagic as used by PHP, would trigger an out of bounds memory access when trying to identify a crafted file. Additionally, this updates fixes a potential dependency loop in dpkg trigger handling. For the stable distribution (wheezy), this problem has been fixed in version 5.4.36-0+deb7u3. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted January 16, 2015 Share Posted January 16, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3123-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 13, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : binutils-mingw-w64 CVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 Debian Bug : 775165 In DSA 3123 the binutils package was updated for several security issues. This update adds rebuilt packages for binutils-mingw-w64, so these will take advantage of the fixes. For reference the original advisory text follows. Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 2+deb7u1. For the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3127-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 14, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2014-8634 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 31.4.0esr-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.4.0esr-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3128-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2013-6885 CVE-2014-8133 CVE-2014-9419 CVE-2014-9529 CVE-2014-9584 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks. CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application. For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism. CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs. CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic). CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. For the stable distribution (wheezy), these problems have been fixed in version 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume regression introduced with 3.2.65. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3129-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rpm CVE ID : CVE-2013-6435 CVE-2014-8118 Two vulnerabilities have been discovered in the RPM package manager. CVE-2013-6435 Florian Weimer discovered a race condition in package signature validation. CVE-2014-8118 Florian Weimer discovered an integer overflow in parsing CPIO headers which might result in the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 4.10.0-5+deb7u2. For the upcoming stable distribution (jessie), these problems have been fixed in version 4.11.3-1.1. For the unstable distribution (sid), these problems have been fixed in version 4.11.3-1.1. Link to comment Share on other sites More sharing options...
sunrat Posted January 16, 2015 Share Posted January 16, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3130-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 16, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lsyncd CVE ID : CVE-2014-8990 It was discovered that lsyncd, a daemon to synchronize local directories using rsync, performed insufficient sanitising of filenames which might result in the execution of arbitrary commands. For the stable distribution (wheezy), this problem has been fixed in version 2.0.7-3+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 2.1.5-2. For the unstable distribution (sid), this problem has been fixed in version 2.1.5-2. Link to comment Share on other sites More sharing options...
sunrat Posted January 28, 2015 Share Posted January 28, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3131-1 security@debian.org http://www.debian.org/security/ Michael Gilbert January 18, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xdg-utils CVE ID : CVE-2014-9622 Debian Bug : 773085 John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely. For the stable distribution (wheezy), this problem has been fixed in version 1.1.0~rc1+git20111210-6+deb7u2. For the upcoming stable (jessie) and unstable (sid) distributions, this problem has been fixed in version 1.1.0~rc1+git20111210-7.3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3132-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 19, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2014-8634 CVE-2014-8638 CVE-2014-8639 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 31.4.0-1~deb7u1. For the upcoming stable distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 31.4.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3133-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : privoxy CVE ID : CVE-2015-1031 Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy. For the stable distribution (wheezy), this problem has been fixed in version 3.0.19-2+deb7u1. For the upcoming stable distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 3.0.21-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3134-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sympa A vulnerability has been discovered in the web interface of sympa, a mailing list manager. An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file located on the server filesystem and readable by the sympa user. For the stable distribution (wheezy), this problem has been fixed in version 6.1.11~dfsg-5+deb7u2. For the upcoming stable distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 6.1.23~dfsg-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3135-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 23, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0411 CVE-2015-0432 Debian Bug : 775881 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html For the stable distribution (wheezy), these problems have been fixed in version 5.5.41-0+wheezy1. For the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3136-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 24, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : polarssl CVE ID : CVE-2015-1182 Debian Bug : 775776 A vulnerability was discovered in PolarSSL, a lightweight crypto and SSL/TLS library. A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library (application crash), or potentially, to execute arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 1.2.9-1~deb7u5. For the upcoming stable distribution (jessie) and the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3137-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 24, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : websvn CVE ID : CVE-2013-6892 Debian Bug : 775682 James Clawson discovered that websvn, a web viewer for Subversion repositories, would follow symlinks in a repository when presenting a file for download. An attacker with repository write access could thereby access any file on disk readable by the user the webserver runs as. For the stable distribution (wheezy), this problem has been fixed in version 2.3.3-1.1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 2.3.3-1.2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3138-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 25, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2014-8157 CVE-2014-8158 Debian Bug : 775970 An off-by-one flaw, leading to a heap-based buffer overflow (CVE-2014-8157), and an unrestricted stack memory use flaw (CVE-2014-8158) were found in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.900.1-13+deb7u3. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted January 31, 2015 Share Posted January 31, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3139-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond January 25, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : squid CVE ID : CVE-2014-3609 Debian Bug : 776194 Matthew Daley discovered that squid, a web proxy cache, does not properly perform input validation when parsing requests. A remote attacker could use this flaw to mount a denial of service attack, by sending specially crafted Range requests. For the stable distribution (wheezy), this problem has been fixed in version 2.7.STABLE9-4.1+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3140-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in privilege escalation. CVE-2014-8595 Jan Beulich discovered that missing privilege level checks in the x86 emulation of far branches may result in privilege escalation. CVE-2014-8866 Jan Beulich discovered that an error in compatibility mode hypercall argument translation may result in denial of service. CVE-2014-8867 Jan Beulich discovered that an insufficient restriction in acceleration support for the "REP MOVS" instruction may result in denial of service. CVE-2014-9030 Andrew Cooper discovered a page reference leak in MMU_MACHPHYS_UPDATE handling, resulting in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u4. For the upcoming stable distribution (jessie), these problems have been fixed in version 4.4.1-4. For the unstable distribution (sid), these problems have been fixed in version 4.4.1-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3141-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2015-0562 CVE-2015-0564 Multiple vulnerabilities were discovered in the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy14. For the upcoming stable distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-3. For the unstable distribution (sid), these problems have been fixed in version 1.12.1+g01b65bf-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3142-1 security@debian.org http://www.debian.org/security/ Florian Weimer January 27, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : eglibc CVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2015-0235 Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library: CVE-2015-0235 Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute arbitrary code in processes which called the affected functions. The original glibc bug was reported by Peter Klotz. CVE-2014-7817 Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the wordexp function did not suppress command execution in all cases. This allows a context-dependent attacker to execute shell commands. CVE-2012-6656 CVE-2014-6040 The charset conversion code for certain IBM multi-byte code pages could perform an out-of-bounds array access, causing the process to crash. In some scenarios, this allows a remote attacker to cause a persistent denial of service. For the stable distribution (wheezy), these problems have been fixed in version 2.13-38+deb7u7. For the upcoming stable distribution (jessie) and the unstable distribution (sid), the CVE-2015-0235 issue has been fixed in version 2.18-1 of the glibc package. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3143-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 28, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : virtualbox CVE ID : CVE-2015-0377 CVE-2015-0418 Two vulnerabilities have been discovered in VirtualBox, a x86 virtualisation solution, which might result in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 4.1.18-dfsg-2+deb7u4. For the unstable distribution (sid), these problems have been fixed in version 4.3.18-dfsg-2. Link to comment Share on other sites More sharing options...
sunrat Posted February 1, 2015 Share Posted February 1, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3144-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 29, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 7u75-2.5.4-1~deb7u1. For the upcoming stable distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 7u75-2.5.4-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3145-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 30, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : privoxy CVE ID : CVE-2015-1381 CVE-2015-1382 Debian Bug : 776490 Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 3.0.19-2+deb7u2. For the upcoming stable distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 3.0.21-7. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3146-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond January 30, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : requests CVE ID : CVE-2014-1829 CVE-2014-1830 Debian Bug : 733108 Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occured. This would allow remote servers to obtain two different types of sensitive information: proxy passwords from the Proxy-Authorization header (CVE-2014-1830), or netrc passwords from the Authorization header (CVE-2014-1829). For the stable distribution (wheezy), this problem has been fixed in version 0.12.1-1+deb7u1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 2.3.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3147-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 30, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-6 CVE ID : CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 6b34-1.13.6-1~deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3148-1 security@debian.org http://www.debian.org/security/ Michael Gilbert January 31, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Security support for the chromium web browser is now discontinued for the stable distribution (wheezy). Chromium upstream stopped supporting wheezy's build environment (gcc 4.7, make, etc.), so there is no longer any practical way to continue building security updates. Chromium users that desire continued security updates are encouraged to upgrade early to the upcoming stable release (jessie), Debian 8. An alternative is to switch to the iceweasel web browser, which will continue to recieve security updates in wheezy for some time. Note that until the official release happens, chromium package updates for jessie may have a larger than usual delay due to possible bugs and testing migration rules. Also, there will be no more DSAs announcing chromium package updates until jessie becomes officially released. Link to comment Share on other sites More sharing options...
sunrat Posted February 2, 2015 Share Posted February 2, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3150-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini February 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : vlc CVE ID : CVE-2014-9626 CVE-2014-9627 CVE-2014-9628 CVE-2014-9629 CVE-2014-9630 Fabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia player and streamer: CVE-2014-9626 The MP4 demuxer, when parsing string boxes, did not properly check the length of the box, leading to a possible integer underflow when using this length value in a call to memcpy(). This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted MP4 files. CVE-2014-9627 The MP4 demuxer, when parsing string boxes, did not properly check that the conversion of the box length from 64bit integer to 32bit integer on 32bit platforms did not cause a truncation, leading to a possible buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted MP4 files. CVE-2014-9628 The MP4 demuxer, when parsing string boxes, did not properly check the length of the box, leading to a possible buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted MP4 files. CVE-2014-9629 The Dirac and Schroedinger encoders did not properly check for an integer overflow on 32bit platforms, leading to a possible buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution. For the stable distribution (wheezy), these problems have been fixed in version 2.0.3-5+deb7u2. For the upcoming stable distribution (jessie), these problems have been fixed in version 2.2.0~rc2-2. For the unstable distribution (sid), these problems have been fixed in version 2.2.0~rc2-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3149-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond February 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : condor CVE ID : CVE-2014-8126 Debian Bug : 775276 Florian Weimer, of Red Hat Product Security, discovered an issue in condor, a distributed workload management system. Upon job completion, it can optionally notify a user by sending an email; the mailx invocation used in that process allowed for any authenticated user able to submit jobs, to execute arbitrary code with the privileges of the condor user. For the stable distribution (wheezy), this problem has been fixed in version 7.8.2~dfsg.1-1+deb7u3. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 8.2.3~dfsg.1-6. Link to comment Share on other sites More sharing options...
sunrat Posted February 4, 2015 Share Posted February 4, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3151-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 03, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django CVE ID : CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 Debian Bug : 775375 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0219 Jedediah Smith reported that the WSGI environ in Django does not distinguish between headers containing dashes and headers containing underscores. A remote attacker could use this flaw to spoof WSGI headers. CVE-2015-0220 Mikko Ohtamaa discovered that the django.util.http.is_safe_url() function in Django does not properly handle leading whitespaces in user-supplied redirect URLs. A remote attacker could potentially use this flaw to perform a cross-site scripting attack. CVE-2015-0221 Alex Gaynor reported a flaw in the way Django handles reading files in the django.views.static.serve() view. A remote attacker could possibly use this flaw to mount a denial of service via resource consumption. For the stable distribution (wheezy), these problems have been fixed in version 1.4.5-1+deb7u9. For the upcoming stable distribution (jessie), these problems have been fixed in version 1.7.1-1.1. For the unstable distribution (sid), these problems have been fixed in version 1.7.1-1.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3152-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 03, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : unzip CVE ID : CVE-2014-9636 Debian Bug : 776589 A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact. For the stable distribution (wheezy), this problem has been fixed in version 6.0-8+deb7u2. Additionally this update corrects a defective patch applied to address CVE-2014-8139, which caused a regression with executable jar files. For the unstable distribution (sid), this problem has been fixed in version 6.0-15. The defective patch applied to address CVE-2014-8139 was corrected in version 6.0-16. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3153-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 03, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : krb5 CVE ID : CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos: CVE-2014-5352 Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code. CVE-2014-9421 Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code. CVE-2014-9422 Incorrect processing of two-component server principals might result in impersonation attacks. CVE-2014-9423 An information leak in the libgssrpc library. For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u3. For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-17. Link to comment Share on other sites More sharing options...
sunrat Posted February 16, 2015 Share Posted February 16, 2015 Sorry, got a bit behind on these. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3154-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 05, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ntp CVE ID : CVE-2014-9297 CVE-2014-9298 Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9297 Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service (ntpd crash). CVE-2014-9298 Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u2. For the unstable distribution (sid), these problems have been fixed in version 1:4.2.6.p5+dfsg-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3155-1 security@debian.org http://www.debian.org/security/ Luciano Bello February 06, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.1 CVE ID : CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages. CVE-2015-0241: Out of boundaries read/write The function to_char() might read/write past the end of a buffer. This might crash the server when a formatting template is processed. CVE-2015-0243: Buffer overruns in contrib/pgcrypto The pgcrypto module is vulnerable to stack buffer overrun that might crash the server. CVE-2015-0244: SQL command injection Emil Lenngren reported that an attacker can inject SQL commands when the synchronization between client and server is lost. For the stable distribution (wheezy), these problems have been fixed in version 9.1.15-0+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 9.1.14-0+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 9.1.15-0+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2978-2 security@debian.org http://www.debian.org/security/ Alessandro Ghedini February 06, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 CVE ID : CVE-2014-0191 CVE-2014-3660 Debian Bug : 768089 It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled. In addition, this update addresses a regression introduced in DSA 3057 by the patch fixing CVE-2014-3660. This caused libxml2 to not parse an entity when it's used first in another entity referenced from an attribute value. For the stable distribution (wheezy), these problems have been fixed in version 2.8.0+dfsg1-7+wheezy3. For the upcoming stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-4. For the unstable distribution (sid), these problems have been fixed in version 2.9.1+dfsg1-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3154-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 07, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ntp CVE ID : CVE-2014-9297 Marc Deslauriers reported that the patch applied to ntp for CVE-2014-9297 in DSA 3154-1 was incomplete. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9297 Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service (ntpd crash). For the stable distribution (wheezy), this problem has been fixed in version 1:4.2.6.p5+dfsg-2+deb7u3. For the unstable distribution (sid), this problem has been fixed in version 1:4.2.6.p5+dfsg-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3156-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini February 07, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : liblivemedia CVE ID : CVE-2013-6933 A vulnerability was found in liveMedia, a set of C++ libraries for multimedia streaming. RTSP messages starting with whitespace were assumed to have a zero length, triggering an integer underflow, infinite loop, and then a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTSP messages. The packages vlc and mplayer have also been updated to reflect this improvement. For the stable distribution (wheezy), this problem has been fixed in liblivemedia version 2012.05.17-1+wheezy1, vlc version 2.0.3-5+deb7u2+b1, and mplayer version 2:1.0~rc4.dfsg1+svn34540-1+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in liblivemedia version 2014.01.13-1. For the unstable distribution (sid), this problem has been fixed in liblivemedia version 2014.01.13-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 17, 2015 Share Posted February 17, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3157-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini February 09, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby1.9.1 CVE ID : CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975 The encodes() function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution. CVE-2014-8080, CVE-2014-8090 The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash). For the stable distribution (wheezy), these problems have been fixed in version 1.9.3.194-8.1+deb7u3. For the upcoming stable distribution (jessie), these problems have been fixed in version 2.1.5-1 of the ruby2.1 source package. For the unstable distribution (sid), these problems have been fixed in version 2.1.5-1 of the ruby2.1 source package. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3158-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 09, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : unrtf CVE ID : CVE-2014-9274 CVE-2014-9275 Debian Bug : 772811 Michal Zalewski and Hanno Boeck discovered several vulnerabilities in unrtf, a RTF to other formats converter, leading to a denial of service (application crash) or, potentially, the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 0.21.5-3~deb7u1. This update is based on a new upstream version of unrtf including additional bug fixes, new features and incompatible changes (especially PostScript support is dropped). For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems have been fixed in version 0.21.5-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3159-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini February 10, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby1.8 CVE ID : CVE-2014-8080 CVE-2014-8090 It was discovered that the REXML parser, part of the interpreter for the Ruby language, could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash). For the stable distribution (wheezy), this problem has been fixed in version 1.8.7.358-7.1+deb7u2. For the upcoming stable distribution (jessie), this problem has been fixed in version 2.1.5-1 of the ruby2.1 source package. For the unstable distribution (sid), this problem has been fixed in version 2.1.5-1 of the ruby2.1 source package. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3160-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 11, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xorg-server CVE ID : CVE-2015-0255 Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service. For the stable distribution (wheezy), this problem has been fixed in version 2:1.12.4-6+deb7u6. For the unstable distribution (sid), this problem has been fixed in version 2:1.16.4-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3161-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dbus CVE ID : CVE-2015-0245 Debian Bug : 777545 Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester. For the stable distribution (wheezy), this problem has been fixed in version 1.6.8-1+deb7u6. For the unstable distribution (sid), this problem has been fixed in version 1.8.16-1. Link to comment Share on other sites More sharing options...
sunrat Posted February 25, 2015 Share Posted February 25, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3162-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 18, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2015-1349 Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;". For the stable distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3163-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini February 19, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2014-9093 Debian Bug : 771163 It was discovered that LibreOffice, an office productivity suite, could try to write to invalid memory areas when importing malformed RTF files. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTF files. For the stable distribution (wheezy), this problem has been fixed in version 1:3.5.4+dfsg2-0+deb7u3. For the upcoming stable distribution (jessie), this problem has been fixed in version 1:4.3.3-2. For the unstable distribution (sid), this problem has been fixed in version 1:4.3.3-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3164-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 21, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : typo3-src CVE ID : not yet available Pierrick Caillon discovered that the authentication could be bypassed in the Typo 3 content management system. Please refer to the upstream advisory for additional information: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/ For the stable distribution (wheezy), this problem has been fixed in version 4.5.19+dfsg1-5+wheezy4. The upcoming stable distribution (jessie) no longer includes Typo 3. For the unstable distribution (sid), this problem has been fixed in version 4.5.40+dfsg1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3165-1 security@debian.org http://www.debian.org/security/ Michael Gilbert February 21, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xdg-utils CVE ID : CVE-2015-1877 Debian Bug : 777722 Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely. This problem only affects /bin/sh implementations that don't sanitize local variables. Dash, which is the default /bin/sh in Debian is affected. Bash as /bin/sh is known to be unaffected. For the stable distribution (wheezy), this problem has been fixed in version 1.1.0~rc1+git20111210-6+deb7u3. For the upcoming stable (jessie) and unstable (sid) distributions, this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3166-1 security@debian.org http://www.debian.org/security/ Michael Gilbert February 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : e2fsprogs CVE ID : CVE-2015-0247 CVE-2015-1572 Debian Bug : 778948 Jose Duart of the Google Security Team discovered a buffer overflow in in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem. CVE-2015-0247 Buffer overflow in the ext2/ext3/ext4 file system open/close routines. CVE-2015-1572 Incomplete fix for CVE-2015-0247. For the stable distribution (wheezy), these problems have been fixed in version 1.42.5-1.1+deb7u1. For the upcoming stable (jessie) and unstable (sid) distributions, these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sudo CVE ID : CVE-2014-9680 Debian Bug : 772707 Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment variable or to open files that the user would not otherwise be able to open. The later could potentially cause changes in system behavior when reading certain device special files or cause the program run via sudo to block. For the stable distribution (wheezy), this problem has been fixed in version 1.8.5p2-1+nmu2. Link to comment Share on other sites More sharing options...
sunrat Posted February 26, 2015 Share Posted February 26, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3168-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond February 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-redcloth CVE ID : CVE-2012-6684 Debian Bug : 774748 Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by injecting arbitrary Javascript code into the generated HTML. For the stable distribution (wheezy), this problem has been fixed in version 4.2.9-2+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 4.2.9-4. - ---------------------------------------------------------------------- Debian Security Advisory DSA-3169-1 security@debian.org http://www.debian.org/security/ Aurelien Jarno February 23, 2015 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : eglibc CVE ID : CVE-2012-3406 CVE-2013-7424 CVE-2014-4043 CVE-2014-9402 CVE-2015-1472 CVE-2015-1473 Debian Bug : 681888 751774 775572 777197 Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library: CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. CVE-2013-7424 An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. CVE-2014-4043 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. CVE-2014-9402 The getnetbyname function in glibc 2.21 in earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name. CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The incorrect use of "__libc_use_alloca (newsize)" caused a different (and weaker) policy to be enforced which could allow a denial of service attack. For the unstable distribution (sid), all the above issues are fixed in version 2.19-15 of the glibc package. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3171-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 23, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba CVE ID : CVE-2015-0240 Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. For the stable distribution (wheezy), this problem has been fixed in version 2:3.6.6-6+deb7u5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3160-1 security@debian.org http://www.debian.org/security/ Ben Hutchings February 23, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559 CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239 CVE-2015-1420 CVE-2015-1421 CVE-2015-1593 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation. CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use this flaw to exploit vulnerabilities in modules that would not normally be loaded. CVE-2014-7822 Akira Fujita found that the splice() system call did not validate the given file offset and length. A local unprivileged user can use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects. CVE-2014-8160 Florian Westphal discovered that a netfilter (iptables/ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module (nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any port/endpoint of the specified protocol. CVE-2014-8559 It was found that kernel functions that iterate over a directory tree can dead-lock or live-lock in case some of the directory entries were recently deleted or dropped from the cache. A local unprivileged user can use this flaw for denial of service. CVE-2014-9585 Andy Lutomirski discovered that address randomisation for the vDSO in 64-bit processes is extremely biased. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. CVE-2014-9683 Dmitry Chernenkov discovered that eCryptfs writes past the end of the allocated buffer during encrypted filename decoding, resulting in local denial of service. CVE-2015-0239 It was found that KVM did not correctly emulate the x86 SYSENTER instruction. An unprivileged user within a guest system that has not enabled SYSENTER, for example because the emulated CPU vendor is AMD, could potentially use this flaw to cause a denial of service or privilege escalation in that guest. CVE-2015-1420 It was discovered that the open_by_handle_at() system call reads the handle size from user memory a second time after validating it. A local user with the CAP_DAC_READ_SEARCH capability could use this flaw for privilege escalation. CVE-2015-1421 It was found that the SCTP implementation could free an authentication state while it was still in use, resulting in heap corruption. This could allow remote users to cause a denial of service or privilege escalation. CVE-2015-1593 It was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. For the stable distribution (wheezy), these problems have been fixed in version 3.2.65-1+deb7u2. Additionally this update fixes regressions introduced in versions 3.2.65-1 and 3.2.65-1+deb7u1. For the upcoming stable distribution (jessie), these problems will be fixed soon (a subset is fixed already). For the unstable distribution (sid), these problems will be fixed soon (a subset is fixed already). Link to comment Share on other sites More sharing options...
sunrat Posted February 27, 2015 Share Posted February 27, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3172-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond February 25, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups CVE ID : CVE-2014-9679 Debian Bug : 778387 Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files. By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow. For the stable distribution (wheezy), this problem has been fixed in version 1.5.3-5+deb7u5. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1.7.5-11. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3173-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 25, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgtk2-perl It was discovered that libgtk2-perl, a Perl interface to the 2.x series of the Gimp Toolkit library, incorrectly frees memory which GTK+ still holds onto and might access later, leading to denial of service (application crash) or, potentially, to arbitrary code execution. For the stable distribution (wheezy), this problem has been fixed in version 2:1.244-1+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 2:1.2492-4. For the unstable distribution (sid), this problem has been fixed in version 2:1.2492-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3174-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 25, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure. For the stable distribution (wheezy), these problems have been fixed in version 31.5.0esr-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.5.0esr-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3175-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 25, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : kfreebsd-9 CVE ID : CVE-2015-1414 Mateusz Kocielski and Marek Kroemeke discovered that an integer overflow in IGMP processing may result in denial of service through malformed IGMP packets. For the stable distribution (wheezy), this problem has been fixed in version 9.0-10+deb70.9. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3176-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 26, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : request-tracker4 CVE ID : CVE-2014-9472 CVE-2015-1165 CVE-2015-1464 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9472 Christian Loos discovered a remote denial of service vulnerability, exploitable via the email gateway and affecting any installation which accepts mail from untrusted sources. Depending on RT's logging configuration, a remote attacker can take advantage of this flaw to cause CPU and excessive disk usage. CVE-2015-1165 Christian Loos discovered an information disclosure flaw which may reveal RSS feeds URLs, and thus ticket data. CVE-2015-1464 It was discovered that RSS feed URLs can be leveraged to perform session hijacking, allowing a user with the URL to log in as the user that created the feed. For the stable distribution (wheezy), these problems have been fixed in version 4.0.7-5+deb7u3. For the unstable distribution (sid), these problems have been fixed in version 4.2.8-3. Link to comment Share on other sites More sharing options...
sunrat Posted March 3, 2015 Share Posted March 3, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3178-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : unace CVE ID : CVE-2015-2063 Debian Bug : 775003 Jakub Wilk discovered that unace, an utility to extract, test and view .ace archives, contained an integer overflow leading to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ace archive, an attacker could cause a denial of service (application crash) or, possibly, execute arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 1.2b-10+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 1.2b-12. For the unstable distribution (sid), this problem has been fixed in version 1.2b-12. Link to comment Share on other sites More sharing options...
sunrat Posted March 5, 2015 Share Posted March 5, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3179-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 03, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure. For the stable distribution (wheezy), these problems have been fixed in version 31.5.0-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.5.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted March 6, 2015 Share Posted March 6, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3180-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini March 05, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libarchive CVE ID : no yet available Debian Bug : 778266 Alexander Cherepanov discovered that bsdcpio, an implementation of the 'cpio' program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths. For the stable distribution (wheezy), this problem has been fixed in version 3.0.4-3+wheezy1. For the upcoming stable distribution (jessie), this problem has been fixed in version 3.1.2-11. For the unstable distribution (sid), this problem has been fixed in version 3.1.2-11. Link to comment Share on other sites More sharing options...
sunrat Posted March 11, 2015 Share Posted March 11, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3181-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 10, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 Multiple security issues have been found in the Xen virtualisation solution: CVE-2015-2044 Information leak via x86 system device emulation. CVE-2015-2045 Information leak in the HYPERVISOR_xen_version() hypercall. CVE-2015-2151 Missing input sanitising in the x86 emulator could result in information disclosure, denial of service or potentially privilege escalation. In addition the Xen developers reported an unfixable limitation in the handling of non-standard PCI devices. Please refer to http://xenbits.xen.org/xsa/advisory-124.html for further information. For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u5. For the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3177-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond March 10, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mod-gnutls CVE ID : CVE-2015-2091 Debian Bug : 578663 Thomas Klute discovered that in mod-gnutls, an Apache module providing SSL and TLS encryption with GnuTLS, a bug caused the server's client verify mode not to be considered at all, in case the directory's configuration was unset. Clients with invalid certificates were then able to leverage this flaw in order to get access to that directory. For the stable distribution (wheezy), this problem has been fixed in version 0.5.10-1.1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 0.6-1.3. Link to comment Share on other sites More sharing options...
sunrat Posted March 12, 2015 Share Posted March 12, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3182-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 11, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libssh2 CVE ID : CVE-2015-1782 Debian Bug : 780249 Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash (denial of service) or otherwise read and use unintended memory areas in this process. For the stable distribution (wheezy), this problem has been fixed in version 1.4.2-1.1+deb7u1. Link to comment Share on other sites More sharing options...
sunrat Posted March 16, 2015 Share Posted March 16, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3183-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : movabletype-opensource CVE ID : CVE-2013-2184 CVE-2014-9057 CVE-2015-1592 Debian Bug : 712602 774192 Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and execute arbitrary local Perl files or possibly remotely execute arbitrary code. CVE-2014-9057 Netanel Rubin from Check Point Software Technologies discovered a SQL injection vulnerability in the XML-RPC interface allowing remote attackers to execute arbitrary SQL commands. CVE-2015-1592 The Perl Storable::thaw function is not properly used, allowing remote attackers to include and execute arbitrary local Perl files and possibly remotely execute arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 5.1.4+dfsg-4+deb7u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3184-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini March 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnupg CVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606 Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on Elgamal decryption performance. CVE-2015-0837 The modular exponentiation routine mpi_powm() was susceptible to a side-channel attack caused by data-dependent timing variations when accessing its internal pre-computed table. CVE-2015-1606 The keyring parsing code did not properly reject certain packet types not belonging in a keyring, which caused an access to memory already freed. This could allow remote attackers to cause a denial of service (crash) via crafted keyring files. For the stable distribution (wheezy), these problems have been fixed in version 1.4.12-7+deb7u7. For the upcoming stable distribution (jessie), these problems have been fixed in version 1.4.18-7. For the unstable distribution (sid), these problems have been fixed in version 1.4.18-7. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3185-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini March 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt11 CVE ID : CVE-2014-3591 CVE-2015-0837 Multiple vulnerabilities were discovered in libgcrypt: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on Elgamal decryption performance. CVE-2015-0837 The modular exponentiation routine mpi_powm() was susceptible to a side-channel attack caused by data-dependent timing variations when accessing its internal pre-computed table. For the stable distribution (wheezy), these problems have been fixed in version 1.5.0-5+deb7u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3186-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 13, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2014-1569 Debian Bug : 773625 It was discovered that the Mozilla Network Security Service library (nss) incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack. For the stable distribution (wheezy), this problem has been fixed in version 2:3.14.5-1+deb7u4. For the upcoming stable distribution (jessie), this problem has been fixed in version 2:3.17.2-1.1. For the unstable distribution (sid), this problem has been fixed in version 2:3.17.2-1.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3187-1 security@debian.org http://www.debian.org/security/ Michael Gilbert March 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icu CVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419 CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926 CVE-2014-7940 CVE-2014-9654 Debian Bug : 775884 776264 776265 776719 Several vulnerabilities were discovered in the International Components for Unicode (ICU) library. CVE-2013-1569 Glyph table issue. CVE-2013-2383 Glyph table issue. CVE-2013-2384 Font layout issue. CVE-2013-2419 Font processing issue. CVE-2014-6585 Out-of-bounds read. CVE-2014-6591 Additional out-of-bounds reads. CVE-2014-7923 Memory corruption in regular expression comparison. CVE-2014-7926 Memory corruption in regular expression comparison. CVE-2014-7940 Uninitialized memory. CVE-2014-9654 More regular expression flaws. For the stable distribution (wheezy), these problems have been fixed in version 4.8.1.1-12+deb7u2. For the upcoming stable (jessie) and unstable (sid) distributions, these problems have been fixed in version 52.1-7.1. Link to comment Share on other sites More sharing options...
sunrat Posted March 16, 2015 Share Posted March 16, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3188-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freetype CVE ID : CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660 CVE-2014-9661 CVE-2014-9663 CVE-2014-9664 CVE-2014-9666 CVE-2014-9667 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9675 Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 2.4.9-1.1+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 2.5.2-3. For the unstable distribution (sid), these problems have been fixed in version 2.5.2-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3189-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libav CVE ID : CVE-2014-7933 CVE-2014-8543 CVE-2014-8544 CVE-2014-8547 CVE-2014-8548 CVE-2014-9604 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.17 For the stable distribution (wheezy), these problems have been fixed in version 6:0.8.17-1. For the unstable distribution (sid), these problems have been fixed in version 6:11.3-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3190-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : putty CVE ID : CVE-2015-2157 Patrick Coleman discovered that the Putty SSH client failed to wipe out unused sensitive memory. In addition Florent Daigniere discovered that exponential values in Diffie Hellman exchanges were insufficienty restricted. For the stable distribution (wheezy), this problem has been fixed in version 0.62-9+deb7u2. For the upcoming stable distribution (jessie), this problem has been fixed in version 0.63-10. For the unstable distribution (sid), this problem has been fixed in version 0.63-10. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3191-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnutls26 CVE ID : CVE-2015-0282 CVE-2015-0294 Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0282 GnuTLS does not verify the RSA PKCS #1 signature algorithm to match the signature algorithm in the certificate, leading to a potential downgrade to a disallowed algorithm without detecting it. CVE-2015-0294 It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import. For the stable distribution (wheezy), these problems have been fixed in version 2.12.20-8+deb7u3. Link to comment Share on other sites More sharing options...
sunrat Posted March 18, 2015 Share Posted March 18, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3192-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 17, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : checkpw CVE ID : CVE-2015-0885 Debian Bug : 780139 Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password authentication program, has a flaw in processing account names which contain double dashes. A remote attacker can use this flaw to cause a denial of service (infinite loop). For the stable distribution (wheezy), this problem has been fixed in version 1.02-1+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 1.02-1.1. For the unstable distribution (sid), this problem has been fixed in version 1.02-1.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3193-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 17, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tcpdump CVE ID : CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 4.3.0-1+deb7u2. For the upcoming stable distribution (jessie), these problems have been fixed in version 4.6.2-4. For the unstable distribution (sid), these problems have been fixed in version 4.6.2-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3194-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 17, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxfont CVE ID : CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation. For the stable distribution (wheezy), these problems have been fixed in version 1.4.5-5. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted March 21, 2015 Share Posted March 21, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3195-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 18, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2014-9705 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2305 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension (only applicable to 32 bit systems). CVE-2014-9705 Buffer overflow in the enchant extension. CVE-2015-0231 Stefan Esser discovered a use-after-free in the unserialisation of objects. CVE-2015-0232 Alex Eubanks discovered incorrect memory management in the exif extension. CVE-2015-0273 Use-after-free in the unserialisation of DateTimeZone. For the stable distribution (wheezy), these problems have been fixed in version 5.4.38-0+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 5.6.6+dfsg-2. For the unstable distribution (sid), these problems have been fixed in version 5.6.6+dfsg-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3196-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 18, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file CVE ID : CVE-2014-9653 Hanno Boeck discovered that file's ELF parser is suspectible to denial of service. For the stable distribution (wheezy), this problem has been fixed in version 5.11-2+deb7u8. For the upcoming stable distribution (jessie), this problem has been fixed in version 1:5.22+15-1. For the unstable distribution (sid), this problem has been fixed in version 1:5.22+15-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3197-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 19, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-0286 Stephen Henson discovered that the ASN1_TYPE_cmp() function can be crashed, resulting in denial of service. CVE-2015-0287 Emilia Kaesper discovered a memory corruption in ASN.1 parsing. CVE-2015-0289 Michal Zalewski discovered a NULL pointer dereference in the PKCS#7 parsing code, resulting in denial of service. CVE-2015-0292 It was discovered that missing input sanitising in base64 decoding might result in memory corruption. CVE-2015-0209 It was discovered that a malformed EC private key might result in memory corruption. CVE-2015-0288 It was discovered that missing input sanitising in the X509_to_X509_REQ() function might result in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u15. In this update the export ciphers are removed from the default cipher list. Link to comment Share on other sites More sharing options...
sunrat Posted March 22, 2015 Share Posted March 22, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3198-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2015-2301 CVE-2015-2331 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2301 Use-after-free in the phar extension. CVE-2015-2331 Emmanuel Law discovered an integer overflow in the processing of ZIP archives, resulting in denial of service or potentially the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 5.4.39-0+deb7u1. This update also fixes a regression in the curl support introduced in DSA 3195. For the unstable distribution (sid), these problems will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3199-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 20, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xerces-c CVE ID : CVE-2015-0252 Debian Bug : 780827 Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. An unauthenticated attacker could use this flaw to cause an application using the xerces-c library to crash. For the stable distribution (wheezy), this problem has been fixed in version 3.1.1-3+deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3200-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : CVE-2015-2559 Multiple vulnerabilities have been found the Drupal content management framework. More information can be found at https://www.drupal.org/SA-CORE-2015-001 For the stable distribution (wheezy), this problem has been fixed in version 7.14-2+deb7u9. For the unstable distribution (sid), this problem has been fixed in version 7.32-1+deb8u2. Link to comment Share on other sites More sharing options...
Recommended Posts