sunrat Posted March 23, 2015 Share Posted March 23, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3201-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-0817 CVE-2015-0818 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0817 ilxu1a reported a flaw in Mozilla's implementation of typed array bounds checking in Javascript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system. CVE-2015-0818 Mariusz Mlynski discovered a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. For the stable distribution (wheezy), these problems have been fixed in version 31.5.3esr-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.5.3esr-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3202-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond March 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mono CVE ID : CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 Debian Bug : 780751 Researchers at INRIA and Xamarin discovered several vulnerabilities in mono, a platform for running and developing applications based on the ECMA/ISO Standards. Mono's TLS stack contained several problems that hampered its capabilities: those issues could lead to client impersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening (via FREAK). For the stable distribution (wheezy), these problems have been fixed in version 2.10.8.1-8+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 3.2.8+dfsg-10. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3203-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond March 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tor Several denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system. o Jowr discovered that very high DNS query load on a relay could trigger an assertion error. o A relay could crash with an assertion error if a buffer of exactly the wrong layout was passed to buf_pullup() at exactly the wrong time. For the stable distribution (wheezy), these problems have been fixed in version 0.2.4.26-1. For the testing distribution (jessie) and unstable distribution (sid), these problems have been fixed in version 0.2.5.11-1. Furthermore, this update disables support for SSLv3 in Tor. All versions of OpenSSL in use with Tor today support TLS 1.0 or later. Additionally, this release updates the geoIP database used by Tor as well as the list of directory authority servers, which Tor clients use to bootstrap and who sign the Tor directory consensus document. Link to comment Share on other sites More sharing options...
sunrat Posted March 24, 2015 Share Posted March 24, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django CVE ID : CVE-2015-2317 Debian Bug : 780873 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack. For the stable distribution (wheezy), this problem has been fixed in version 1.4.5-1+deb7u11. For the unstable distribution (sid), this problem has been fixed in version 1.7.7-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3197-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 Debian Bug : 781081 The openssl update issued as DSA 3197-1 caused regressions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied. For reference the original advisory text follows. Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-0286 Stephen Henson discovered that the ASN1_TYPE_cmp() function can be crashed, resulting in denial of service. CVE-2015-0287 Emilia Kaesper discovered a memory corruption in ASN.1 parsing. CVE-2015-0289 Michal Zalewski discovered a NULL pointer dereference in the PKCS#7 parsing code, resulting in denial of service. CVE-2015-0292 It was discovered that missing input sanitising in base64 decoding might result in memory corruption. CVE-2015-0209 It was discovered that a malformed EC private key might result in memory corruption. CVE-2015-0288 It was discovered that missing input sanitising in the X509_to_X509_REQ() function might result in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u16. Link to comment Share on other sites More sharing options...
sunrat Posted April 5, 2015 Share Posted April 5, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3205-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond March 27, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : batik CVE ID : CVE-2015-0250 Debian Bug : 780897 Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption. For the stable distribution (wheezy), this problem has been fixed in version 1.7+dfsg-3+deb7u1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1.7+dfsg-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3207-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 28, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : shibboleth-sp2 CVE ID : CVE-2015-2684 A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash. For the stable distribution (wheezy), this problem has been fixed in version 2.4.3+dfsg-5+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 2.5.3+dfsg-2. For the unstable distribution (sid), this problem has been fixed in version 2.5.3+dfsg-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3206-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 28, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dulwich CVE ID : CVE-2014-9706 CVE-2015-0838 Debian Bug : 780958 780989 Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9706 It was discovered that Dulwich allows writing to files under .git/ when checking out working trees. This could lead to the execution of arbitrary code with the privileges of the user running an application based on Dulwich. CVE-2015-0838 Ivan Fratric of the Google Security Team has found a buffer overflow in the C implementation of the apply_delta() function, used when accessing Git objects in pack files. An attacker could take advantage of this flaw to cause the execution of arbitrary code with the privileges of the user running a Git server or client based on Dulwich. For the stable distribution (wheezy), these problems have been fixed in version 0.8.5-2+deb7u2. For the upcoming stable distribution (jessie), these problems have been fixed in version 0.9.7-3. For the unstable distribution (sid), these problems have been fixed in version 0.10.1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3198-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 28, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Debian Bug : 781125 The previous update for php5, DSA-3198-1, introduced a regression causing segmentation faults when using SoapClient::__setSoapHeader. Updated packages are now available to address this regression. For reference, the original advisory text follows. Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2301 Use-after-free in the phar extension. CVE-2015-2331 Emmanuel Law discovered an integer overflow in the processing of ZIP archives, resulting in denial of service or potentially the execution of arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 5.4.39-0+deb7u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3208-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 29, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freexl CVE ID : CVE-2015-2753 CVE-2015-2754 CVE-2015-2776 Jodie Cunningham discovered multiple vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened. For the stable distribution (wheezy), these problems have been fixed in version 1.0.0b-1+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 1.0.0g-1+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.0g-1+deb8u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3209-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 30, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openldap CVE ID : CVE-2013-4449 CVE-2014-9713 CVE-2015-1545 Debian Bug : 729367 761406 776988 Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. CVE-2013-4449 Michael Vishchers from Seven Principles AG discovered a denial of service vulnerability in slapd, the directory server implementation. When the server is configured to used the RWM overlay, an attacker can make it crash by unbinding just after connecting, because of an issue with reference counting. CVE-2014-9713 The default Debian configuration of the directory database allows every users to edit their own attributes. When LDAP directories are used for access control, and this is done using user attributes, an authenticated user can leverage this to gain access to unauthorized resources. . Please note this is a Debian specific vulnerability. . The new package won't use the unsafe access control rule for new databases, but existing configurations won't be automatically modified. Administrators are incited to look at the README.Debian file provided by the updated package if they need to fix the access control rule. CVE-2015-1545 Ryan Tandy discovered a denial of service vulnerability in slapd. When using the deref overlay, providing an empty attribute list in a query makes the daemon crashes. For the stable distribution (wheezy), these problems have been fixed in version 2.4.31-2. For the upcoming stable distribution (jessie), these problems have been fixed in version 2.4.40-4. For the unstable distribution (sid), these problems have been fixed in version 2.4.40-4. Link to comment Share on other sites More sharing options...
sunrat Posted April 6, 2015 Share Posted April 6, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3210-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 31, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2015-2188 CVE-2015-2189 CVE-2015-2191 Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy15. For the upcoming stable distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-4. For the unstable distribution (sid), these problems have been fixed in version 1.12.1+g01b65bf-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3211-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 01, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery. For the stable distribution (wheezy), these problems have been fixed in version 31.6.0esr-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.6.0esr-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3212-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez April 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 31.6.0-1~deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 31.6.0-1. For the unstable distribution (sid), these problems have been fixed in version 31.6.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 7, 2015 Share Posted April 7, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3213-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 06, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : arj CVE ID : CVE-2015-0556 CVE-2015-0557 CVE-2015-2782 Debian Bug : 774015 774434 774435 Multiple vulnerabilities have been discovered in arj, an open source version of the arj archiver. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0556 Jakub Wilk discovered that arj follows symlinks created during unpacking of an arj archive. A remote attacker could use this flaw to perform a directory traversal attack if a user or automated system were tricked into processing a specially crafted arj archive. CVE-2015-0557 Jakub Wilk discovered that arj does not sufficiently protect from directory traversal while unpacking an arj archive containing file paths with multiple leading slashes. A remote attacker could use this flaw to write to arbitrary files if a user or automated system were tricked into processing a specially crafted arj archive. CVE-2015-2782 Jakub Wilk and Guillem Jover discovered a buffer overflow vulnerability in arj. A remote attacker could use this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the user running arj. For the stable distribution (wheezy), these problems have been fixed in version 3.10.22-10+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 3.10.22-13. For the unstable distribution (sid), these problems have been fixed in version 3.10.22-13. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3214-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst April 06, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mailman CVE ID : CVE-2015-2775 Debian Bug : 781626 A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script (such as postfix-to-mailman.py) to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file system. For the stable distribution (wheezy), this problem has been fixed in version 1:2.1.15-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:2.1.18-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3215-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 06, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgd2 CVE ID : CVE-2014-2497 CVE-2014-9709 Debian Bug : 744719 Multiple vulnerabilities were discovered in libgd2, a graphics library: CVE-2014-2497 The gdImageCreateFromXpm() function would try to dereference a NULL pointer when reading an XPM file with a special color table. This could allow remote attackers to cause a denial of service (crash) via crafted XPM files. CVE-2014-9709 Importing an invalid GIF file using the gdImageCreateFromGif() function would cause a read buffer overflow that could allow remote attackers to cause a denial of service (crash) via crafted GIF files. For the stable distribution (wheezy), these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 2.1.0-5. For the unstable distribution (sid), these problems have been fixed in version 2.1.0-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3216-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 06, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tor CVE ID : CVE-2015-2928 CVE-2015-2929 Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system: CVE-2015-2928 "disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. CVE-2015-2929 "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors. Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden service with introductions. Introduction points now no longer allow multiple cells of that type on the same circuit. For the stable distribution (wheezy), these problems have been fixed in version 0.2.4.27-1. For the unstable distribution (sid), these problems have been fixed in version 0.2.5.12-1. For the experimental distribution, these problems have been fixed in version 0.2.6.7-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 10, 2015 Share Posted April 10, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3057-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 07, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 Debian Bug : 774358 The update for libxml2 issued as DSA-3057-1 caused regressions due to an incomplete patch to address CVE-2014-3660. Updated packages are available to address this problem. For reference the original advisory text follows. Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) For the stable distribution (wheezy), this problem has been fixed in version 2.8.0+dfsg1-7+wheezy4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3217-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dpkg CVE ID : CVE-2015-0840 Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file (.dsc). Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive. For the stable distribution (wheezy), this problem has been fixed in version 1.16.16. This update also includes non-security changes previously scheduled for the next wheezy point release. See the Debian changelog for details. For the unstable distribution (sid), this problem has been fixed in version 1.17.25. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3218-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 10, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wesnoth-1.10 CVE ID : CVE-2015-0844 Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded. For the stable distribution (wheezy), this problem has been fixed in version 1.10.3-3+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.10.7-2 and in version 1:1.12.1-1 of the wesnoth-1.12 source package. Link to comment Share on other sites More sharing options...
sunrat Posted April 12, 2015 Share Posted April 12, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3219-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 11, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libdbd-firebird-perl CVE ID : CVE-2015-2788 Debian Bug : 780925 Stefan Roas discovered a way to cause a buffer overflow in DBD-FireBird, a Perl DBI driver for the Firebird RDBMS, in certain error conditions, due to the use of the sprintf() function to write to a fixed-size memory buffer. For the stable distribution (wheezy), this problem has been fixed in version 0.91-2+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 1.18-2. For the unstable distribution (sid), this problem has been fixed in version 1.18-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3220-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 11, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtasn1-3 CVE ID : CVE-2015-2806 Hanno Boeck discovered a stack-based buffer overflow in the asn1_der_decoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 2.13-2+deb7u2. Link to comment Share on other sites More sharing options...
sunrat Posted April 14, 2015 Share Posted April 14, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3221-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : das-watchdog CVE ID : CVE-2015-2831 Debian Bug : 781806 Adam Sampson discovered a buffer overflow in the handling of the XAUTHORITY environment variable in das-watchdog, a watchdog daemon to ensure a realtime process won't hang the machine. A local user can exploit this flaw to escalate his privileges and execute arbitrary code as root. For the stable distribution (wheezy), this problem has been fixed in version 0.9.0-2+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 0.9.0-3.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3222-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chrony CVE ID : CVE-2015-1821 CVE-2015-1822 CVE-2015-1853 Debian Bug : 782160 Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server: CVE-2015-1821 Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code. CVE-2015-1822 When allocating memory to save unacknowledged replies to authenticated command requests, a pointer would be left uninitialized, which could trigger an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code. CVE-2015-1853 When peering with other NTP hosts using authenticated symmetric association, the internal state variables would be updated before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers. For the stable distribution (wheezy), these problems have been fixed in version 1.24-3.1+deb7u3. For the unstable distribution (sid), these problems have been fixed in version 1.30-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3223-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ntp CVE ID : CVE-2015-1798 CVE-2015-1799 Debian Bug : 782095 Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol: CVE-2015-1798 When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentication and send malicious packets without having to know the symmetric key. CVE-2015-1799 When peering with other NTP hosts using authenticated symmetric association, ntpd would update its internal state variables before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers. Additionally, it was discovered that generating MD5 keys using ntp-keygen on big endian machines would either trigger an endless loop, or generate non-random keys. For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u4. For the unstable distribution (sid), these problems have been fixed in version 1:4.2.6.p5+dfsg-7. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3224-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libx11 CVE ID : CVE-2013-7439 Abhishek Arya discovered a buffer overflow in the MakeBigReq macro provided by libx11, which could result in denial of service or the execution of arbitrary code. Several other xorg packages (e.g. libxrender) will be recompiled against the fixed package after the release of this update. For detailed information on the status of recompiled packages please refer to the Debian Security Tracker at https://security-tracker.debian.org/tracker/CVE-2013-7439 For the stable distribution (wheezy), this problem has been fixed in version 2:1.5.0-1+deb7u2. For the upcoming stable distribution (jessie), this problem has been fixed in version 2:1.6.0-1. For the unstable distribution (sid), this problem has been fixed in version 2:1.6.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 17, 2015 Share Posted April 17, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3225-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gst-plugins-bad0.10 CVE ID : CVE-2015-0797 Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 0.10.23-7.1+deb7u2. For the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3226-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond April 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inspircd Debian Bug : 780880 adam@anope.org discovered several problems in inspircd, an IRC daemon: - an incomplete patch for CVE-2012-1836 failed to adequately resolve the problem where maliciously crafted DNS requests could lead to remote code execution through a heap-based buffer overflow. - the incorrect processing of specific DNS packets could trigger an infinite loop, thus resulting in a denial of service. For the stable distribution (wheezy), this problem has been fixed in version 2.0.5-1+deb7u1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 2.0.16-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3227-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : movabletype-opensource CVE ID : CVE-2015-0845 John Lightsey discovered a format string injection vulnerability in the localisation of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user. For the stable distribution (wheezy), this problem has been fixed in version 5.1.4+dfsg-4+deb7u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3228-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond April 16, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ppp CVE ID : CVE-2015-3310 Debian Bug : 782450 Emanuele Rocca discovered that ppp, a daemon implementing the Point-to-Point Protocol, was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon. For the stable distribution (wheezy), this problem has been fixed in version 2.4.5-5.1+deb7u2. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 2.4.6-3.1. Link to comment Share on other sites More sharing options...
sunrat Posted April 20, 2015 Share Posted April 20, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3229-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 19, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 Debian Bug : 782645 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html For the stable distribution (wheezy), these problems have been fixed in version 5.5.43-0+deb7u1. For the upcoming stable distribution (jessie), these problems will be fixed in version 5.5.43-0+deb8u1. Updated packages are already available through jessie-security. Link to comment Share on other sites More sharing options...
sunrat Posted April 22, 2015 Share Posted April 22, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3230-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 20, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : django-markupfield CVE ID : CVE-2015-0846 James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn't disable the ..raw directive, allowing remote attackers to include arbitrary files. For the stable distribution (wheezy), this problem has been fixed in version 1.0.2-2+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 1.2.1-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1.3.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3231-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 21, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : subversion CVE ID : CVE-2015-0248 CVE-2015-0251 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0248 Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. CVE-2015-0251 Subversion HTTP servers allow spoofing svn:author property values for new revisions via specially crafted v1 HTTP protocol request sequences. For the stable distribution (wheezy), these problems have been fixed in version 1.6.17dfsg-4+deb7u9. For the upcoming stable distribution (jessie), these problems have been fixed in version 1.8.10-6. For the unstable distribution (sid), these problems have been fixed in version 1.8.10-6. Link to comment Share on other sites More sharing options...
sunrat Posted April 25, 2015 Share Posted April 25, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3232-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to the issue fixed in DSA-2849-1. CVE-2015-3144 When parsing URLs with a zero-length hostname (such as "http://:80"), libcurl would try to read from an invalid memory address. This could allow remote attackers to cause a denial of service (crash). This issue only affects the upcoming stable (jessie) and unstable (sid) distributions. CVE-2015-3145 When parsing HTTP cookies, if the parsed cookie's "path" element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service (crash). This issue only affects the upcoming stable (jessie) and unstable (sid) distributions. CVE-2015-3148 When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user. For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy13. For the upcoming stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 7.42.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3233-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 24, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wpa CVE ID : CVE-2015-1863 Debian Bug : 783148 The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentially execute arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 1.0-3+deb7u2. Note that this issue does not affect the binary packages distributed in Debian as the CONFIG_P2P is not enabled for the build. For the upcoming stable distribution (jessie), this problem has been fixed in version 2.3-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.3-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3234-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-6 CVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 6b35-1.13.7-1~deb7u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3235-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 7u79-2.5.5-1~deb7u1. For the upcoming stable distribution (jessie), these problems will be fixed soon in version 7u79-2.5.5-1~deb8u1 (the update will be available shortly after the final jessie release). For the unstable distribution (sid), these problems have been fixed in version 7u79-2.5.5-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 26, 2015 Share Posted April 26, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3236-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 25, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2015-1774 It was discovered that missing input sanitising in Libreoffice's filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened. For the oldstable distribution (wheezy), this problem has been fixed in version 1:3.5.4+dfsg2-0+deb7u4. For the stable distribution (jessie), this problem has been fixed in version 1:4.3.3-2+deb8u1. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted April 28, 2015 Share Posted April 28, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3237-1 security@debian.org http://www.debian.org/security/ Ben Hutchings April 26, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2014-8159 CVE-2014-9715 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3332 CVE-2015-3339 Debian Bug : 741667 782515 782561 782698 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-8159 It was found that the Linux kernel's InfiniBand/RDMA subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. CVE-2014-9715 It was found that the netfilter connection tracking subsystem used too small a type as an offset within each connection's data structure, following a bug fix in Linux 3.2.33 and 3.6. In some configurations, this would lead to memory corruption and crashes (even without malicious traffic). This could potentially also result in violation of the netfilter policy or remote code execution. This can be mitigated by disabling connection tracking accounting: sysctl net.netfilter.nf_conntrack_acct=0 CVE-2015-2041 Sasha Levin discovered that the LLC subsystem exposed some variables as sysctls with the wrong type. On a 64-bit kernel, this possibly allows privilege escalation from a process with CAP_NET_ADMIN capability; it also results in a trivial information leak. CVE-2015-2042 Sasha Levin discovered that the RDS subsystem exposed some variables as sysctls with the wrong type. On a 64-bit kernel, this results in a trivial information leak. CVE-2015-2150 Jan Beulich discovered that Xen guests are currently permitted to modify all of the (writable) bits in the PCI command register of devices passed through to them. This in particular allows them to disable memory and I/O decoding on the device unless the device is an SR-IOV virtual function, which can result in denial of service to the host. CVE-2015-2830 Andrew Lutomirski discovered that when a 64-bit task on an amd64 kernel makes a fork(2) or clone(2) system call using int $0x80, the 32-bit compatibility flag is set (correctly) but is not cleared on return. As a result, both seccomp and audit will misinterpret the following system call by the task(s), possibly leading to a violation of security policy. CVE-2015-2922 Modio AB discovered that the IPv6 subsystem would process a router advertisement that specifies no route but only a hop limit, which would then be applied to the interface that received it. This can result in loss of IPv6 connectivity beyond the local network. This may be mitigated by disabling processing of IPv6 router advertisements if they are not needed: sysctl net.ipv6.conf.default.accept_ra=0 sysctl net.ipv6.conf.<interface>.accept_ra=0 CVE-2015-3331 Stephan Mueller discovered that the optimised implementation of RFC4106 GCM for x86 processors that support AESNI miscalculated buffer addresses in some cases. If an IPsec tunnel is configured to use this mode (also known as AES-GCM-ESP) this can lead to memory corruption and crashes (even without malicious traffic). This could potentially also result in remote code execution. CVE-2015-3332 Ben Hutchings discovered that the TCP Fast Open feature regressed in Linux 3.16.7-ckt9, resulting in a kernel BUG when it is used. This can be used as a local denial of service. CVE-2015-3339 It was found that the execve(2) system call can race with inode attribute changes made by chown(2). Although chown(2) clears the setuid/setgid bits of a file if it changes the respective owner ID, this race condition could result in execve(2) setting effective uid/gid to the new owner ID, a privilege escalation. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u1. The linux package in wheezy is not affected by CVE-2015-3332. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt9-3~deb8u1 or earlier versions. Additionally, this version fixes a regression in the xen-netfront driver (#782698). For the unstable distribution (sid), these problems have been fixed in version 3.16.7-ckt9-3 or earlier versions. Additionally, this version fixes a regression in the xen-netfront driver (#782698). - ------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 security@debian.org http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1245 CVE-2015-1246 CVE-2015-1247 CVE-2015-1248 CVE-2015-1249 CVE-2015-3333 CVE-2015-3334 CVE-2015-3336 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. CVE-2015-1237 Khalil Zhani discovered a use-after-free issue in IPC. CVE-2015-1238 cloudfuzzer discovered an out-of-bounds write in the skia library. CVE-2015-1240 w3bd3vil discovered an out-of-bounds read in the WebGL implementation. CVE-2015-1241 Phillip Moon and Matt Weston discovered a way to trigger local user interface actions remotely via a crafted website. CVE-2015-1242 A type confusion issue was discovered in the v8 javascript library. CVE-2015-1244 Mike Ruddy discovered a way to bypass the HTTP Strict Transport Security policy. CVE-2015-1245 Khalil Zhani discovered a use-after-free issue in the pdfium library. CVE-2015-1246 Atte Kettunen discovered an out-of-bounds read issue in webkit/blink. CVE-2015-1247 Jann Horn discovered that "file:" URLs in OpenSearch documents were not sanitized, which could allow local files to be read remotely when using the OpenSearch feature from a crafted website. CVE-2015-1248 Vittorio Gambaletta discovered a way to bypass the SafeBrowsing feature, which could allow the remote execution of a downloaded executable file. CVE-2015-1249 The chrome 41 development team found various issues from internal fuzzing, audits, and other studies. CVE-2015-3333 Multiple issues were discovered and fixed in v8 4.2.7.14. CVE-2015-3334 It was discovered that remote websites could capture video data from attached web cameras without permission. CVE-2015-3336 It was discovered that remote websites could cause user interface disruptions like window fullscreening and mouse pointer locking. For the stable distribution (jessie), these problems have been fixed in version 42.0.2311.90-1~deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 42.0.2311.90-1. Link to comment Share on other sites More sharing options...
sunrat Posted April 29, 2015 Share Posted April 29, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3239-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 29, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icecast2 CVE ID : CVE-2015-3026 Debian Bug : 782120 Juliane Holzt discovered that Icecast2, a streaming media server, could dereference a NULL pointer when URL authentication is configured and the stream_auth URL is trigged by a client without setting any credentials. This could allow remote attackers to cause a denial of service (crash). For the stable distribution (jessie), this problem has been fixed in version 2.4.0-1.1+deb8u1. For the testing distribution (stretch), this problem will be fixed in version 2.4.2-1. For the unstable distribution (sid), this problem has been fixed in version 2.4.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3240-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 29, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2015-3153 Debian Bug : It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information. For the stable distribution (jessie), this problem has been fixed in version 7.38.0-4+deb8u2. For the testing distribution (stretch), this problem will be fixed in version 7.42.1-1. For the unstable distribution (sid), this problem has been fixed in version 7.42.1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3241-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 29, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : elasticsearch CVE ID : CVE-2015-3337 John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal. For the stable distribution (jessie), this problem has been fixed in version 1.0.3+dfsg-5+deb8u1. For the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted May 2, 2015 Share Posted May 2, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3242-1 security@debian.org http://www.debian.org/security/ Michael Gilbert April 30, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-1243 CVE-2015-1250 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1243 Saif El-Sherei discovered a use-after-free issue. CVE-2015-1250 The chrome 42 team found and fixed multiple issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 42.0.2311.135-1~deb8u1. For the testing distribution (stretch), this problem will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 42.0.2311.135-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3243-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 01, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml-libxml-perl CVE ID : CVE-2015-3451 Debian Bug : 783443 Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface to the libxml2 library, did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected ressources, depending on how the library is used. For the oldstable distribution (wheezy), this problem has been fixed in version 2.0001+dfsg-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 2.0116+dfsg-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.0116+dfsg-2. Link to comment Share on other sites More sharing options...
sunrat Posted May 3, 2015 Share Posted May 3, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3244-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : owncloud CVE ID : CVE-2015-3011 CVE-2015-3012 CVE-2015-3013 Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. CVE-2015-3011 Hugh Davenport discovered that the "contacts" application shipped with ownCloud is vulnerable to multiple stored cross-site scripting attacks. This vulnerability is effectively exploitable in any browser. CVE-2015-3012 Roy Jansen discovered that the "documents" application shipped with ownCloud is vulnerable to multiple stored cross-site scripting attacks. This vulnerability is not exploitable in browsers that support the current CSP standard. CVE-2015-3013 Lukas Reschke discovered a blacklist bypass vulnerability, allowing authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could leverage this bypass by uploading a .htaccess and execute arbitrary PHP code if the /data/ directory is stored inside the web root and a web server that interprets .htaccess files is used. On default Debian installations the data directory is outside of the web root and thus this vulnerability is not exploitable by default. For the stable distribution (jessie), these problems have been fixed in version 7.0.4+dfsg-4~deb8u1. For the testing distribution (stretch), these problems have been fixed in version 7.0.4+dfsg-3. For the unstable distribution (sid), these problems have been fixed in version 7.0.4+dfsg-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3245-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini May 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby1.8 CVE ID : CVE-2015-1855 It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. For the oldstable distribution (wheezy), this problem has been fixed in version 1.8.7.358-7.1+deb7u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3246-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini May 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby1.9.1 CVE ID : CVE-2015-1855 It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. For the oldstable distribution (wheezy), this problem has been fixed in version 1.9.3.194-8.1+deb7u5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3247-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini May 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby2.1 CVE ID : CVE-2015-1855 It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. For the stable distribution (jessie), this problem has been fixed in version 2.1.5-2+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 2.1.5-3. For the unstable distribution (sid), this problem has been fixed in version 2.1.5-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3248-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libphp-snoopy CVE ID : CVE-2014-5008 It was discovered that missing input saniting in Snoopy, a PHP class that simulates a web browser may result in the execution of arbitrary commands. For the oldstable distribution (wheezy), this problem has been fixed in version 2.0.0-1~deb7u1. For the stable distribution (jessie), this problem was fixed before the initial release. For the unstable distribution (sid), this problem has been fixed in version 2.0.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 4, 2015 Share Posted May 4, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3249-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond May 03, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jqueryui CVE ID : CVE-2010-5312 Shadowman131 discovered that jqueryui, a Javascript UI library for dynamic web applications, failed to properly sanitize its "title" option. This would allow a remote attacker to inject arbitrary code through cross-site scripting. For the oldstable distribution (wheezy), this problem has been fixed in version 1.8.ooops.21+dfsg-2+deb7u1. For the stable distribution (jessie), testing distribution (stretch) and unstable distribution (sid), this problem has been fixed in version 1.10.1+dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 7, 2015 Share Posted May 7, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3250-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini May 04, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2015-3438 CVE-2015-3439 CVE-2015-3440 Debian Bug : 783347 783554 Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands. More information can be found in the upstream advisories at https://wordpress.org/news/2015/04/wordpress-4-1-2/ and https://wordpress.org/news/2015/04/wordpress-4-2-1/ For the oldstable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u6. For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 4.2.1+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.2.1+dfsg-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3251-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 05, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dnsmasq CVE ID : CVE-2015-3294 Debian Bug : 783459 Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and DHCP/TFTP server, did not properly check the return value of the setup_reply() function called during a TCP connection, which is used then as a size argument in a function which writes data on the client's connection. A remote attacker could exploit this issue via a specially crafted DNS request to cause dnsmasq to crash, or potentially to obtain sensitive information from process memory. For the oldstable distribution (wheezy), this problem has been fixed in version 2.62-3+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 2.72-3+deb8u1. For the testing distribution (stretch) and the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3252-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 06, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sqlite3 CVE ID : CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 3.8.7.1-1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 3.8.9-1. For the unstable distribution (sid), these problems have been fixed in version 3.8.9-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 9, 2015 Share Posted May 9, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3253-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst May 07, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pound CVE ID : CVE-2009-3555 CVE-2012-4929 CVE-2014-3566 Debian Bug : 723731 727197 765539 765649 Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer (SSL) protocol. For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555). TLS compression is disabled (CVE-2012-4929), although this is normally already disabled by the OpenSSL system library. Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566) entirely via the new "DisableSSLv3" configuration directive, although it will not disabled by default in this update. Additionally a non-security sensitive issue in redirect encoding is addressed. For Debian 8 (jessie) these issues have been fixed prior to the release, with the exception of client-initiated renegotiation (CVE-2009-3555). This update addresses that issue for jessie. For the oldstable distribution (wheezy), these problems have been fixed in version 2.6-2+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 2.6-6+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 2.6-6.1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3251-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 07, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dnsmasq Debian Bug : 784571 The update for dnsmasq issued as DSA-3251-1 introduced a regression for the armel and armhf builds causing dnsmasq failing to start under certain configurations. Updated packages are now available to address this regression. Additionally dnsmasq was patched to handle the case were the libc headers defined SO_REUSEPORT, but is not supported by the running kernel. For reference, the original advisory text follows. Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and DHCP/TFTP server, did not properly check the return value of the setup_reply() function called during a TCP connection, which is used then as a size argument in a function which writes data on the client's connection. A remote attacker could exploit this issue via a specially crafted DNS request to cause dnsmasq to crash, or potentially to obtain sensitive information from process memory. For the oldstable distribution (wheezy), this problem has been fixed in version 2.62-3+deb7u3. Link to comment Share on other sites More sharing options...
sunrat Posted May 10, 2015 Share Posted May 10, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3254-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 09, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : suricata CVE ID : CVE-2015-0971 Kostya Kortchinsky of the Google Security Team discovered a flaw in the DER parser used to decode SSL/TLS certificates in suricata. A remote attacker can take advantage of this flaw to cause suricata to crash. For the stable distribution (jessie), this problem has been fixed in version 2.0.7-2+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.0.8-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 10, 2015 Share Posted May 10, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3255-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini May 10, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : zeromq3 CVE ID : none assigned yet Debian Bug : 784366 It was discovered that libzmq, a lightweight messaging kernel, is susceptible to a protocol downgrade attack on sockets using the ZMTP v3 protocol. This could allow remote attackers to bypass ZMTP v3 security mechanisms by sending ZMTP v2 or earlier headers. For the stable distribution (jessie), this problem has been fixed in version 4.0.5+dfsg-2+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 4.0.5+dfsg-3. For the unstable distribution (sid), this problem has been fixed in version 4.0.5+dfsg-3. Link to comment Share on other sites More sharing options...
sunrat Posted May 14, 2015 Share Posted May 14, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3258-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini May 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : quassel CVE ID : CVE-2015-3427 Debian Bug : 783926 It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection (e.g. when the backend PostgreSQL server is restarted). For the stable distribution (jessie), this problem has been fixed in version 1:0.10.0-2.3+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1:0.10.0-2.4. For the unstable distribution (sid), this problem has been fixed in version 1:0.10.0-2.4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-3259-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2014-9718 CVE-2015-1779 CVE-2015-2756 CVE-2015-3456 Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. CVE-2015-2756 Jan Beulich discovered that unmediated PCI command register could result in denial of service. CVE-2015-3456 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u7 of the qemu source package and in version 1.1.2+dfsg-6+deb7u7 of the qemu-kvm source package. Only CVE-2015-3456 affects oldstable. For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12. For the unstable distribution (sid), these problems will be fixed soon. Link to comment Share on other sites More sharing options...
sunrat Posted May 14, 2015 Share Posted May 14, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3260-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2011-3079 CVE-2015-0797 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 31.7.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 31.7.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 38.0-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 21, 2015 Share Posted May 21, 2015 - Debian Security Advisory DSA-3264-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 19, 2015 http://www.debian.org/security/faq - Package : icedove CVE ID : CVE-2015-0797 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 31.7.0-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 31.7.0-1~deb8u1. For the unstable distribution (sid), these problems will be fixed soon. Debian Security Advisory DSA-3263-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond May 19, 2015 http://www.debian.org/security/faq - Package : proftpd-dfsg CVE ID : CVE-2015-3306 Debian Bug : 782781 Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code. For the oldstable distribution (wheezy), this problem has been fixed in version 1.3.4a-5+deb7u3. For the stable distribution (jessie), this problem has been fixed in version 1.3.5-1.1+deb8u1. For the testing distribution (stretch) and unstable distribution (sid), this problem has been fixed in version 1.3.5-2. Debian Security Advisory DSA-3265-1 security@debian.org http://www.debian.org/security/ David Pr��vot May 20, 2015 http://www.debian.org/security/faq - Package : zendframework CVE ID : CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 CVE-2014-2684 CVE-2014-2685 CVE-2014-4914 CVE-2014-8088 CVE-2014-8089 CVE-2015-3154 Debian Bug : 743175 754201 Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some functions. This fix extends the incomplete one from CVE-2012-5657. CVE-2014-2682 Lukas Reschke reported a failure to consider that the libxml_disable_entity_loader setting is shared among threads in the PHP-FPM case. This fix extends the incomplete one from CVE-2012-5657. CVE-2014-2683 Lukas Reschke reported a lack of protection against XML Entity Expansion attacks in some functions. This fix extends the incomplete one from CVE-2012-6532. CVE-2014-2684 Christian Mainka and Vladislav Mladenov from the Ruhr-University Bochum reported an error in the consumer's verify method that lead to acceptance of wrongly sourced tokens. CVE-2014-2685 Christian Mainka and Vladislav Mladenov from the Ruhr-University Bochum reported a specification violation in which signing of a single parameter is incorrectly considered sufficient. CVE-2014-4914 Cassiano Dal Pizzol discovered that the implementation of the ORDER BY SQL statement in Zend_Db_Select contains a potential SQL injection when the query string passed contains parentheses. CVE-2014-8088 Yury Dyachenko at Positive Research Center identified potential XML eXternal Entity injection vectors due to insecure usage of PHP's DOM extension. CVE-2014-8089 Jonas Sandstr��m discovered an SQL injection vector when manually quoting value for sqlsrv extension, using null byte. CVE-2015-3154 Filippo Tessarotto and Maks3w reported potential CRLF injection attacks in mail and HTTP headers. For the oldstable distribution (wheezy), these problems have been fixed in version 1.11.13-1.1+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 1.12.9+dfsg-2+deb8u1. For the testing distribution (stretch), these problems will be fixed in version 1.12.12+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 1.12.12+dfsg-1. Link to comment Share on other sites More sharing options...
sunrat Posted May 21, 2015 Share Posted May 21, 2015 - Debian Security Advisory DSA-3261-2 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 20, 2015 http://www.debian.org/security/faq - Package : libmodule-signature-perl Debian Bug : 785701 The update for libmodule-signature-perl issued as DSA-3261-1 introduced a regression in the handling of the --skip option of cpansign. Updated packages are now available to address this regression. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in libmodule-signature-perl, a Perl module to manipulate CPAN SIGNATURE files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-3406 John Lightsey discovered that Module::Signature could parses the unsigned portion of the SIGNATURE file as the signed portion due to incorrect handling of PGP signature boundaries. CVE-2015-3407 John Lightsey discovered that Module::Signature incorrectly handles files that are not listed in the SIGNATURE file. This includes some files in the t/ directory that would execute when tests are run. CVE-2015-3408 John Lightsey discovered that Module::Signature uses two argument open() calls to read the files when generating checksums from the signed manifest. This allows to embed arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. CVE-2015-3409 John Lightsey discovered that Module::Signature incorrectly handles module loading, allowing to load modules from relative paths in @INC. A remote attacker providing a malicious module could use this issue to execute arbitrary code during signature verification. For the oldstable distribution (wheezy), this problem has been fixed in version 0.68-1+deb7u3. For the stable distribution (jessie), this problem has been fixed in version 0.73-1+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 0.79-1. Link to comment Share on other sites More sharing options...
securitybreach Posted May 21, 2015 Share Posted May 21, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3266-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 21, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : fuse CVE ID : CVE-2015-3202 Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users. For the oldstable distribution (wheezy), this problem has been fixed in version 2.9.0-2+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 2.9.3-15+deb8u1. For the testing distribution (stretch) and the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
securitybreach Posted May 22, 2015 Share Posted May 22, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3267-1 security@debian.org http://www.debian.org/security/ Michael Gilbert May 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262 CVE-2015-1263 CVE-2015-1264 CVE-2015-1265 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition. CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox. CVE-2015-1253 A cross-origin bypass issue was discovered in the DOM parser. CVE-2015-1254 A cross-origin bypass issue was discovered in the DOM editing feature. CVE-2015-1255 Khalil Zhani discovered a use-after-free issue in WebAudio. CVE-2015-1256 Atte Kettunen discovered a use-after-free issue in the SVG implementation. CVE-2015-1257 miaubiz discovered an overflow issue in the SVG implementation. CVE-2015-1258 cloudfuzzer discovered an invalid size parameter used in the libvpx library. CVE-2015-1259 Atte Kettunen discovered an uninitialized memory issue in the pdfium library. CVE-2015-1260 Khalil Zhani discovered multiple use-after-free issues in chromium's interface to the WebRTC library. CVE-2015-1261 Juho Nurminen discovered a URL bar spoofing issue. CVE-2015-1262 miaubiz discovered the use of an uninitialized class member in font handling. CVE-2015-1263 Mike Ruddy discovered that downloading the spellcheck dictionary was not done over HTTPS. CVE-2015-1264 K0r3Ph1L discovered a cross-site scripting issue that could be triggered by bookmarking a site. CVE-2015-1265 The chrome 43 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.3.61.21. For the stable distribution (jessie), these problems have been fixed in version 43.0.2357.65-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 43.0.2357.65-1. Link to comment Share on other sites More sharing options...
securitybreach Posted May 22, 2015 Share Posted May 22, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3268-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ntfs-3g CVE ID : CVE-2015-3202 Debian Bug : 786475 Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users. For the oldstable distribution (wheezy), this problem has been fixed in version 1:2012.1.15AR.5-2.1+deb7u1. Note that this issue does not affect the binary packages distributed in Debian in wheezy as ntfs-3g does not use the embedded fuse-lite library. For the stable distribution (jessie), this problem has been fixed in version 1:2014.2.15AR.2-1+deb8u1. For the testing distribution (stretch) and the unstable distribution (sid), this problem will be fixed soon. Link to comment Share on other sites More sharing options...
securitybreach Posted May 22, 2015 Share Posted May 22, 2015 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3269-1 security@debian.org http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.1 CVE ID : CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 (Remote crash) SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 (Information exposure) The replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure. CVE-2015-3167 (Possible side-channel key exposure) In contrib/pgcrypto, some cases of decryption with an incorrect key could report other error message texts. Fix by using a one-size-fits-all message. For the oldstable distribution (wheezy), these problems have been fixed in version 9.1.16-0+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 9.1.16-0+deb8u1. (Jessie contains a reduced postgresql-9.1 package; only CVE-2015-3166 is fixed in the produced binary package postgresql-plperl-9.1. We recommend to upgrade to postgresql-9.4 to get the full set of fixes. See the Jessie release notes for details.) The testing distribution (stretch) and the unstable distribution (sid) do not contain the postgresql-9.1 package. Link to comment Share on other sites More sharing options...
Recommended Posts