Jump to content

Recommended Posts

sunrat

-------------------------------------------------------------------------Debian Security Advisory DSA-2273-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 06, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : icedoveVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 Several vulnerabilities have been discovered in Icedove, an unbrandedversion of the Thunderbird mail/news client.CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code.CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code.CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated.CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code.CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code.CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code.CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code.As indicated in the Lenny (oldstable) release notes, security support forthe Icedove packages in the oldstable needed to be stopped before the endof the regular Lenny security maintenance life cycle.You are strongly encouraged to upgrade to stable or switch to a differentmail client.For the stable distribution (squeeze), this problem has been fixed inversion 3.0.11-1+squeeze3.For the unstable distribution (sid), this problem has been fixed inversion 3.1.11-1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2274-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 07, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : wiresharkVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1590 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175Huzaifa Sidhpurwala, David Maciejak and others discovered severalvulnerabilities in the X.509if and DICOM dissectors and in the code to process various capture and dictionary files, which could lead to denialof service or the execution of arbitrary code.For the oldstable distribution (lenny), this problem has been fixed inversion 1.0.2-3+lenny14.For the stable distribution (squeeze), this problem has been fixed inversion 1.2.11-6+squeeze2.For the unstable distribution (sid), this problem has been fixed inversion 1.2.17-1- -------------------------------------------------------------------------Debian Security Advisory DSA-2275-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeJuly 7, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : openoffice.orgVulnerability : stack-based buffer overflowProblem type : localDebian-specific: noCVE ID : none yetWill Dormann and Jared Allar discovered that the Lotus Word Pro importfilter of OpenOffice.org, a full-featured office productivity suite thatprovides a near drop-in replacement for Microsoft® Office, is notproperly handling object ids in the ".lwp" file format. An attacker canexploit this with a specially crafted file and execute arbitrary code withthe rights of the victim importing the file.The oldstable distribution (lenny) is not affected by this problem.For the stable distribution (squeeze), this problem has been fixed inversion 1:3.2.1-11+squeeze3.For the testing distribution (wheezy), this problem will be fixed soon.For the unstable distribution (sid), this problem has been fixed inlibreoffice version 1:3.3.3-1.

Link to post
Share on other sites
  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

  • sunrat

    1538

  • V.T. Eric Layton

    171

  • securitybreach

    112

  • Bruno

    65

Top Posters In This Topic

Popular Posts

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 security@debian.org http://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3401-1 security@debian.org https://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4123-1 security@debian.org https://www.debian.org/security/

sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2276-1 security@debian.orghttp://www.debian.org/security/ Luciano BelloJuly 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : asteriskVulnerability : multiple denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2529 CVE-2011-2535Debian Bug : 631445 631446 631448Paul Belanger reported a vulnerability in Asterisk identified as AST-2011-008 (CVE-2011-2529) through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures.Jared Mauch reported a vulnerability in Asterisk identified as AST-2011-009 through which an unauthenticated attacker may crash an Asterisk server remotely. If a user sends a package with a Contact header with a missing left angle bracket (<) the server will crash. A possible workaround is to disable chan_sip.The vulnerability identified as AST-2011-010 (CVE-2011-2535) reported about an input validation error in the IAX2 channel driver. An unauthenticated attacker may crash an Asterisk server remotely by sending a crafted option control frame.For the oldstable distribution (lenny), this problem has been fixed inversion 1.4.21.2~dfsg-3+lenny3.For the stable distribution (squeeze), this problem has been fixed inversion 1.6.2.9-2+squeeze3.For the testing distribution (wheezy), this problem has been fixed inversion 1:1.8.4.3-1.For the unstable distribution (sid), this problem has been fixed inversion 1:1.8.4.3-1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2277-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeJuly 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : xml-security-cVulnerability : stack-based buffer overflowProblem type : local/remoteDebian-specific: noCVE ID : CVE-2011-2516Debian bug : 632973It has been discovered that xml-security-c, an implementation of the XMLDigital Signature and Encryption specifications, is not properly handlingRSA keys of sizes on the order of 8192 or more bits. This allows anattacker to crash applications using this functionality or potentiallyexecute arbitrary code by tricking an application into verifying a signaturecreated with a sufficiently long RSA key.For the oldstable distribution (lenny), this problem has been fixed inversion 1.4.0-3+lenny3.For the stable distribution (squeeze), this problem has been fixed inversion 1.5.1-3+squeeze1.For the testing distribution (wheezy), this problem will be fixed soon.For the unstable distribution (sid), this problem has been fixed inversion 1.6.1-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2276-2 security@debian.orghttp://www.debian.org/security/ Luciano BelloJuly 11, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : asteriskVulnerability : multiple denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2529 CVE-2011-2535Debian Bug : 631445 631446 631448 633481DSA 2276-1 for Asterisk in the oldstable distribution (lenny) introduced afunctionality bug which invokes an undefined symbol.For the oldstable distribution (lenny), this problem has been fixed inversion 1.4.21.2~dfsg-3+lenny5.

Link to post
Share on other sites
sunrat

- --------------------------------------------------------------------------Debian Security Advisory DSA-2254-2 security@debian.orghttp://www.debian.org/security/ Luciano BelloJuly 11, 2011 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : oprofileVulnerability : command injectionProblem type : localDebian-specific: noDebian bug : 624212CVE ID : CVE-2011-1760Jamie Strandboge noticed that the patch propoused to fix CVE-2011-1760 in OProfile has been incomplete.For reference, the description of the original DSA, is:OProfile is a performance profiling tool which is configurable by opcontrol, itscontrol utility. Stephane Chauveau reported several ways to inject arbitrarycommands in the arguments of this utility. If a local unprivileged user isauthorized by sudoers file to run opcontrol as root, this user could use theflaw to escalate his privileges.For the oldstable distribution (lenny), this problem has been fixed inversion 0.9.3-2+lenny2.For the stable distribution (squeeze), this problem has been fixed inversion 0.9.6-1.1+squeeze2.For the testing distribution (wheezy), this problem has been fixed inversion 0.9.6-1.4.For the unstable distribution (sid), this problem has been fixed inversion 0.9.6-1.4.- -------------------------------------------------------------------------Debian Security Advisory DSA-2278-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisJuly 16, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : horde3Vulnerability : severalProblem type : remoteDebian-specific: noCVE IDs : CVE-2010-3077 CVE-2010-3694 Debian Bug : 598582It was discovered that horde3, the horde web application framework, isprone to a cross-site scripting attack and a cross-site request forgery.For the oldstable distribution (lenny), these problems have been fixedin version 3.2.2+debian0-2+lenny3.For the stable distribution (squeeze), these problems have been fixed inversion 3.3.8+debian0-2, which was already included in the squeezerelease.For the testing distribution (wheezy) and the unstable distribution(sid), these problems have been fixed in version 3.3.8+debian0-2.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2279-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisJuly 19, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libapache2-mod-authnz-externalVulnerability : SQL injectionProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2688 Debian Bug : 633637It was discovered that libapache2-mod-authnz-external, an apacheauthentication module, is prone to an SQL injection via the $userparamter.For the stable distribution (squeeze), this problem has been fixed inversion 3.2.4-2+squeeze1.The oldstable distribution (lenny) does not containlibapache2-mod-authnz-externalFor the testing distribution (wheezy), this problem will be fixed soon.For the unstable distribution (sid), this problem has been fixed inversion 3.2.4-2.1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2280-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisJuly 19, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libvirtVulnerability : severalProblem type : remoteDebian-specific: noCVE IDs : CVE-2011-2511 CVE-2011-1486Debian Bugs : 633630 623222It was discovered that libvirt, a library for interfacing with differentvirtualization systems, is prone to an integer overflow (CVE-2011-2511).Additionally, the stable version is prone to a denial of service,because its error reporting is not thread-safe (CVE-2011-1486).For the stable distribution (squeeze), these problems have been fixed inversion 0.8.3-5+squeeze2.For the oldstable distribution (lenny), this problem has been fixed inversion 0.4.6-10+lenny2.For the testing distribution (wheezy), these problems will fixed soon.For the unstable distribution (sid), these problems have been fixed inversion 0.9.2-7).

Link to post
Share on other sites
sunrat

-------------------------------------------------------------------------Debian Security Advisory DSA-2281-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisJuly 21, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : opieVulnerability : severalProblem type : remoteDebian-specific: noCVE IDs : CVE-2011-2489 CVE-2011-2490 CVE-2010-1938Debian Bugs : 631344 631345 584932Sebastian Krahmer discovered that opie, a system that makes it simple touse One-Time passwords in applications, is prone to a privilegeescalation (CVE-2011-2490) and an off-by-one error, which can lead tothe execution of arbitrary code (CVE-2011-2489). Adam Zabrocki andMaksymilian Arciemowicz also discovered another off-by-one error(CVE-2010-1938), which only affects the lenny version as the fix wasalready included for squeeze.For the oldstable distribution (lenny), these problems have been fixed inversion 2.32-10.2+lenny2.For the stable distribution (squeeze), these problems have been fixed inversion 2.32.dfsg.1-0.2+squeeze1The testing distribution (wheezy) and the unstable distribution (sid) donot contain opie.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2282-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 25, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : qemu-kvmVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2212 CVE-2011-2527 Two vulnerabilities have been discovered in KVM, a solution for fullvirtualization on x86 hardware:CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation.CVE-2011-2527 Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation.For the stable distribution (squeeze), this problem has been fixed inversion 0.12.5+dfsg-5+squeeze6.For the unstable distribution (sid), this problem has been fixed inversion 0.14.1+dfsg-3.- -------------------------------------------------------------------------Debian Security Advisory DSA-2283-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 25, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : krb5-applVulnerability : programming errorProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1526 Tim Zingelmann discovered that due an incorrect configure script the kerborised FTP server failed to set the effective GID correctly, resulting in privilege escalation.The oldstable distribution (lenny) is not affected.For the stable distribution (squeeze), this problem has been fixed inversion 1.0.1-1.1.For the unstable distribution (sid), this problem will be fixed soon.- -------------------------------------------------------------------------Debian Security Advisory DSA-2284-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 25, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : opensaml2Vulnerability : implementation errorProblem type : local(remote)Debian-specific: noCVE ID : CVE-2011-1411 Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks. More details can be found in the Shibbolethadvisory at http://shibboleth.internet2.edu/security-advisories.html For the oldstable distribution (lenny), this problem has been fixed inversion 2.0-2+lenny3.For the stable distribution (squeeze), this problem has been fixed inversion 2.3-2+squeeze1.For the unstable distribution (sid), this problem will be fixed soon.- --------------------------------------------------------------------------Debian Security Advisory DSA-2285-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeJuly 26, 2011 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : mapserverVulnerability : severalProblem type : remoteDebian-specific: noDebian bug : noneCVE IDs : CVE-2011-2703 CVE-2011-2704Several vulnerabilities have been discovered in mapserver, a CGI-basedweb framework to publish spatial data and interactive mapping applications.The Common Vulnerabilities and Exposures project identifies the followingproblems:CVE-2011-2703 Several instances of insufficient escaping of user input, leading to SQL injection attacks via OGC filter encoding (in WMS, WFS, and SOS filters).CVE-2011-2704 Missing length checks in the processing of OGC filter encoding that can lead to stack-based buffer overflows and the execution of arbitrary code.For the oldstable distribution (lenny), this problem has been fixed inversion 5.0.3-3+lenny7.For the stable distribution (squeeze), this problem has been fixed inversion 5.6.5-2+squeeze2.For the testing (squeeze) and unstable (sid) distributions, this problemwill be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2286-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstJuly 26, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : phpymadminVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2505 CVE-2011-2506 CVE-2011-2507 CVE-2011-2508 CVE-2011-2642Several vulnerabilities were discovered in phpMyAdmin, a tool toadministrate MySQL over the web. The Common Vulnerabilities andExposures project identifies the following problems:CVE-2011-2505 Possible session manipulation in Swekey authentication.CVE-2011-2506 Possible code injection in setup script, in case session variables are compromised.CVE-2011-2507 Regular expression quoting issue in Synchronize code.CVE-2011-2508 Possible directory traversal in MIME-type transformation.CVE-2011-2642 Cross site scripting in table Print view when the attacker can create crafted table names.No CVE name yet Possible superglobal and local variables manipulation in Swekey authentication. (PMASA-2011-12)The oldstable distribution (lenny) is only affected by CVE-2011-2642,which has been fixed in version 2.11.8.1-5+lenny9.For the stable distribution (squeeze), these problems have been fixedin version 3.3.7-6.For the testing distribution (wheezy) and unstable distribution (sid),these problems have been fixed in version 3.4.3.2-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2287-1 security@debian.orghttp://www.debian.org/security/ Luciano BelloJuly 28, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libpngVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 Debian Bug : #632786 #633871The PNG library libpng has been affected by several vulnerabilities. Themost critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with anarbitrary amount of data controlled by her via a crafted PNG image.The other vulnerabilities are less critical and allow an attacker to cause a crash in the program (denial of service) via a crafted PNG image.For the oldstable distribution (lenny), this problem has been fixed inversion 1.2.27-2+lenny5. Due to a technical limitation in the Debianarchive processing scripts, the updated packages cannot be releasedin paralell with the packages for Squeeze. They will appear shortly.For the stable distribution (squeeze), this problem has been fixed inversion 1.2.44-1+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 1.2.46-1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2288-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 28, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libsndfileVulnerability : integer overflowProblem type : local(remote)Debian-specific: noCVE ID : CVE-2011-2696 Hossein Lotfi discovered an integer overflow in libsndfile's code toparse Paris Audio files, which could potentially lead to the execution of arbitrary code.For the oldstable distribution (lenny), this problem has been fixed inversion 1.0.17-4+lenny3.For the stable distribution (squeeze), this problem has been fixed inversion 1.0.21-3+squeeze1For the unstable distribution (sid), this problem has been fixed inversion 1.0.25-1.

Link to post
Share on other sites
  • 2 weeks later...
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2292-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerAugust 11, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : isc-dhcpVulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2748 CVE-2011-2749David Zych discovered that the ISC DHCP crashes when processingcertain packets, leading to a denial of service.For the oldstable distribution (lenny), this problem has been fixed inversion 3.1.1-6+lenny6 of the dhcp3 package.For the stable distribution (squeeze), this problem has been fixed inversion 4.1.1-P1-15+squeeze3 of the isc-dhcp package.For the testing distribution (wheezy) and the unstable distribution(sid), this problem will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2293-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstAugust 12, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libxfontVulnerability : buffer overflowProblem type : localDebian-specific: noCVE ID : CVE-2011-2895 Tomas Hoger found a buffer overflow in the X.Org libXfont library,which may allow for a local privilege escalation through craftedfont files.For the oldstable distribution (lenny), this problem has been fixed inversion 1.3.3-2.For the stable distribution (squeeze), this problem has been fixed inversion 1.4.1-3.For the unstable distribution (sid), this problem has been fixed inversion 1.4.4-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2294-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffAugust 14, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : freetypeVulnerability : missing input sanisitingProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0226 Debian Bug : 635871It was discovered that insufficient input saniting in Freetype's code toparse Type1 could lead to the execution of arbitrary code.For the oldstable distribution (lenny), this problem has been fixed inversion 2.3.7-2+lenny6.For the stable distribution (squeeze), this problem has been fixed inversion 2.4.2-2.1+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 2.4.6-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2295-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffAugust 17, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceapeVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 Several vulnerabilities have been found in the Iceape internet suite, anunbranded version of Seamonkey:CVE-2011-0084 "regenrecht" discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code.CVE-2011-2378 "regenrecht" discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code.CVE-2011-2981 "moz_bug_r_a_4" discovered a Chrome privilege escalation vulnerability in the event handler code.CVE-2011-2982 Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.CVE-2011-2983 "shutdown" discovered an information leak in the handling of RegExp.input.CVE-2011-2984 "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability.The oldstable distribution (lenny) is not affected. The iceapepackage only provides the XPCOM code.For the stable distribution (squeeze), this problem has been fixed inversion 2.0.11-7.For the unstable distribution (sid), this problem has been fixed inversion 2.0.14-5.- -------------------------------------------------------------------------Debian Security Advisory DSA-2296-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffAugust 17, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceweaselVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 Several vulnerabilities have been discovered in Iceweasel, a web browserbased on Firefox. The included XULRunner library provides renderingservices for several other applications included in Debian.CVE-2011-0084 "regenrecht" discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code.CVE-2011-2378 "regenrecht" discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code.CVE-2011-2981 "moz_bug_r_a_4" discovered a Chrome privilege escalation vulnerability in the event handler code.CVE-2011-2982 Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.CVE-2011-2983 "shutdown" discovered an information leak in the handling of RegExp.input.CVE-2011-2984 "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability.For the oldstable distribution (lenny), this problem has been fixed inversion 1.9.0.19-13 of the xulrunner source package.For the stable distribution (squeeze), this problem has been fixed inversion 3.5.16-9.For the unstable distribution (sid), this problem has been fixed inversion 6.0-1

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2297-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffAugust 21, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : icedoveVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 Several vulnerabilities have been discovered in Icedove, an unbrandedversion of the Thunderbird mail/news client.CVE-2011-0084 "regenrecht" discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code.CVE-2011-2378 "regenrecht" discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code.CVE-2011-2981 "moz_bug_r_a_4" discovered a Chrome privilege escalation vulnerability in the event handler code.CVE-2011-2982 Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.CVE-2011-2983 "shutdown" discovered an information leak in the handling of RegExp.input.CVE-2011-2984 "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability.As indicated in the Lenny (oldstable) release notes, security support forthe Icedove packages in the oldstable needed to be stopped before the endof the regular Lenny security maintenance life cycle.You are strongly encouraged to upgrade to stable or switch to a differentmail client.For the stable distribution (squeeze), this problem has been fixed inversion 3.0.11-1+squeeze4.For the unstable distribution (sid), this problem has been fixed inversion 3.1.12-1.

Link to post
Share on other sites
  • 2 weeks later...
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2298-1 security@debian.orghttp://www.debian.org/security/ Stefan FritschAugust 29, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : apache2Vulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2010-1452 CVE-2011-3192Two issues have been found in the Apache HTTPD web server:CVE-2011-3192A vulnerability has been found in the way the multiple overlappingranges are handled by the Apache HTTPD server. This vulnerabilityallows an attacker to cause Apache HTTPD to use an excessive amount ofmemory, causing a denial of service.CVE-2010-1452A vulnerability has been found in mod_dav that allows an attacker tocause a daemon crash, causing a denial of service. This issue onlyaffects the Debian 5.0 oldstable/lenny distribution.For the oldstable distribution (lenny), these problems have been fixedin version 2.2.9-10+lenny10.For the stable distribution (squeeze), this problem has been fixed inversion 2.2.16-6+squeeze2.For the testing distribution (wheezy), this problem will be fixed soon.For the unstable distribution (sid), this problem has been fixed inversion 2.2.19-2.

Link to post
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2299-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstAugust 31, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : ca-certificatesVulnerability : comprimised certificate authorityProblem type : local/remoteDebian-specific: noDebian Bug : 639744An unauthorized SSL certificate has been found in the wild issuedthe DigiNotar Certificate Authority, obtained through a securitycompromise with said company. Debian, like other softwaredistributors, has as a precaution decided to disable the DigiNotarRoot CA by default in its ca-certificates bundle.For other software in Debian that ships a CA bundle, like theMozilla suite, updates are forthcoming.For the oldstable distribution (lenny), the ca-certificates packagedoes not contain this root CA.For the stable distribution (squeeze), the root CA has beendisabled starting ca-certificates version 20090814+nmu3.For the testing distribution (wheezy) and unstable distribution(sid), the root CA has been disabled starting ca-certificatesversion 20110502+nmu1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2200-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffAugust 31, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : nssVulnerability : comprimised certificate authorityProblem type : local(remote)Debian-specific: noCVE ID : not availableSeveral unauthorised SSL certificates have been found in the wild issuedfor the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other softwaredistributors, has as a precaution decided to disable the DigiNotarRoot CA by default in the NSS crypto libraries.For the oldstable distribution (lenny), this problem has been fixed inversion 3.12.3.1-0lenny5.For the stable distribution (squeeze), this problem has been fixed inversion 3.12.8-1+squeeze2.For the unstable distribution (sid), this problem has been fixed inversion 3.12.11-2.

Link to post
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2298-2 security@debian.orghttp://www.debian.org/security/ Stefan FritschSeptember 05, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : apache2Vulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2010-1452 CVE-2011-3192Debian Bug : 639825The apache2 Upgrade from DSA-2298-1 has caused a regression thatprevented some video players from seeking in video files served byApache HTTPD. This update fixes this bug.The text of the original advisory is reproduced for reference:Two issues have been found in the Apache HTTPD web server:CVE-2011-3192A vulnerability has been found in the way the multiple overlappingranges are handled by the Apache HTTPD server. This vulnerabilityallows an attacker to cause Apache HTTPD to use an excessive amount ofmemory, causing a denial of service.CVE-2010-1452A vulnerability has been found in mod_dav that allows an attacker tocause a daemon crash, causing a denial of service. This issue onlyaffects the Debian 5.0 oldstable/lenny distribution.The regression has been fixed in the following packages:For the oldstable distribution (lenny), this problem has been fixedin version 2.2.9-10+lenny11.For the stable distribution (squeeze), this problem has been fixed inversion 2.2.16-6+squeeze3.For the testing distribution (wheezy), this problem will be fixed inversion 2.2.20-1.For the unstable distribution (sid), this problem has been fixed inversion 2.2.20-1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2300-2 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstSeptember 5, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : nssVulnerability : comprimised certificate authorityProblem type : local(remote)Debian-specific: noCVE ID : not availableSeveral unauthorised SSL certificates have been found in the wild issuedfor the DigiNotar Certificate Authority, obtained through a securitycompromise with said company. Debian, like other softwaredistributors, has as a precaution decided to disable the DigiNotarRoot CA by default in the NSS crypto libraries.As a result from further understanding of the incident, this updateto DSA 2300 disables additional DigiNotar issuing certificates.For the oldstable distribution (lenny), this problem has been fixed inversion 3.12.3.1-0lenny6.For the stable distribution (squeeze), this problem has been fixed inversion 3.12.8-1+squeeze3.For the unstable distribution (sid), this problem has been fixed inversion 3.12.11-2.- -------------------------------------------------------------------------Debian Security Advisory DSA-2301-1 security@debian.orghttp://www.debian.org/security/ Luciano BelloSeptember 5, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : railsVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214Several vulnerabilities have been discovered in Rails, the Ruby webapplication framework. The Common Vulnerabilities and Exposures projectidentifies the following problems:CVE-2009-4214 A cross-site scripting (XSS) vulnerability had been found in the strip_tags function. An attacker may inject non-printable characters that certain browsers will then evaluate. This vulnerability only affects the oldstable distribution (lenny).CVE-2011-2930 A SQL injection vulnerability had been found in the quote_table_name method could allow malicious users to inject arbitrary SQL into a query.CVE-2011-2931 A cross-site scripting (XSS) vulnerability had been found in the strip_tags helper. An parsing error can be exploited by an attacker, who can confuse the parser and may inject HTML tags into the output document.CVE-2011-3186 A newline (CRLF) injection vulnerability had been found in response.rb. This vulnerability allows an attacker to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.For the oldstable distribution (lenny), this problem has been fixed inversion 2.1.0-7+lenny1.For the stable distribution (squeeze), this problem has been fixed inversion 2.3.5-1.2+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 2.3.14.

Link to post
Share on other sites

- --------------------------------------------------------------------------Debian Security Advisory DSA-2302-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeSep 7, 2011 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : bcfg2Vulnerability : missing input sanitizationProblem type : remoteDebian-specific: noDebian bug : 640028CVE IDs : CVE-2011-3211It has been discovered that the bcfg2 server, a configuration managementserver for bcfg2 clients, is not properly sanitizing input from bcfg2clients before passing it to various shell commands. This enables anattacker in control of a bcfg2 client to execute arbitrary commands onthe server with root privileges.For the oldstable distribution (lenny), this problem has been fixed inversion 0.9.5.7-1.1+lenny1.For the stable distribution (squeeze), this problem has been fixed inversion 1.0.1-3+squeeze1For the testing distribution (wheezy), this problem has been fixed inversion 1.1.2-2.For the unstable distribution (sid), this problem has been fixed inversion 1.1.2-2.

Link to post
Share on other sites

- ----------------------------------------------------------------------Debian Security Advisory DSA-2303-1 security@debian.orghttp://www.debian.org/security/ Moritz Muehlenhoff, Dann FrazierSeptember 8, 2011 http://www.debian.org/security/faq- ----------------------------------------------------------------------Package : linux-2.6Vulnerability : privilege escalation/denial of service/information leakProblem type : local/remoteDebian-specific: noCVE Id(s) : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191Several vulnerabilities have been discovered in the Linux kernel that may leadto a denial of service or privilege escalation. The Common Vulnerabilities andExposures project identifies the following problems:CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service.CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (cpu time and memory).CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths.CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service.CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges.CVE-2011-2723 Brent Meshier reported an issue in the GRO (generic receive offload) implementation. This can be exploited by remote users to create a denial of service (system crash) in certain network device configurations.CVE-2011-2905 Christian Ohm discovered that the 'perf' analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running 'perf' in a directory under the control of the attacker.CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory.CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the 'perf' analysis tool could lead to local denial of service.CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.This update also includes a fix for a regression introduced with the previoussecurity fix for CVE-2011-1768 (Debian: #633738)For the stable distribution (squeeze), this problem has been fixed in version2.6.32-35squeeze1. Updates for issues impacting the oldstable distribution(lenny) will be available soon.The following matrix lists additional source packages that were rebuilt forcompatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+35squeeze1

Link to post
Share on other sites

- ----------------------------------------------------------------------Debian Security Advisory DSA-2303-2 security@debian.orghttp://www.debian.org/security/ Dann FrazierSeptember 10, 2011 http://www.debian.org/security/faq- ----------------------------------------------------------------------Package : linux-2.6Vulnerability : privilege escalation/denial of service/information leakProblem type : local/remoteDebian-specific: noCVE Id(s) : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191Debian Bug : 640966The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused aregression that can result in an oops during invalid accesses to/proc/<pid>/maps files.The text of the original advisory is reproduced for reference:Several vulnerabilities have been discovered in the Linux kernel that may leadto a denial of service or privilege escalation. The Common Vulnerabilities andExposures project identifies the following problems:CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service.CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (cpu time and memory).CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths.CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service.CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges.CVE-2011-2723 Brent Meshier reported an issue in the GRO (generic receive offload) implementation. This can be exploited by remote users to create a denial of service (system crash) in certain network device configurations.CVE-2011-2905 Christian Ohm discovered that the 'perf' analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running 'perf' in a directory under the control of the attacker.CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory.CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the 'perf' analysis tool could lead to local denial of service.CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.This update also includes a fix for a regression introduced with the previoussecurity fix for CVE-2011-1768 (Debian: #633738)For the stable distribution (squeeze), this problem has been fixed in version2.6.32-35squeeze2. Updates for issues impacting the oldstable distribution(lenny) will be available soon.The following matrix lists additional source packages that were rebuilt forcompatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+35squeeze2- -------------------------------------------------------------------------Debian Security Advisory DSA-2306-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoSeptember 11, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : ffmpegVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2010-3908 CVE-2010-4704 CVE-2011-0480 CVE-2011-0722 CVE-2011-0723Debian Bug : 611495Several vulnerabilities have been discovered in ffmpeg, a multimedia player,server and encoder.The Common Vulnerabilities and Exposures project identifies the followingproblems:CVE-2010-3908 FFmpeg before 0.5.4, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.CVE-2010-4704 libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.CVE-2011-0480 Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for the channel floor and the channel residue.CVE-2011-0722 FFmpeg allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.For the stable distribution (squeeze), this problem has been fixed inversion 4:0.5.4-1.Security support for ffmpeg has been discontinued for the oldstabledistribution (lenny).The current version in oldstable is not supported by upstream anymoreand is affected by several security issues. Backporting fixes for theseand any future issues has become unfeasible and therefore we need todrop our security support for the version in oldstable.- -------------------------------------------------------------------------Debian Security Advisory DSA-2307-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoSeptember 11, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromium-browserVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2359 CVE-2011-2800 CVE-2011-2818Several vulnerabilities were discovered in the Chromium browser.The Common Vulnerabilities and Exposures project identifiesthe following problems:CVE-2011-2818 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.CVE-2011-2800 Google Chrome before allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.CVE-2011-2359 Google Chrome does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Several unauthorised SSL certificates have been found in the wild issuedfor the DigiNotar Certificate Authority, obtained through a securitycompromise with said company.This update blacklists SSL certificates issued by DigiNotar-controlledintermediate CAs used by the Dutch PKIoverheid program.For the stable distribution (squeeze), this problem has been fixed inversion 6.0.472.63~r59945-5+squeeze6.For the testing distribution (wheezy), this problem has been fixed inversion 13.0.782.220~r99552-1.For the unstable distribution (sid), this problem has been fixed inversion 13.0.782.220~r99552-1.- --------------------------------------------------------------------------Debian Security Advisory DSA-2304-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeSep 11, 2011 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : squid3Vulnerability : buffer overflowProblem type : remoteDebian-specific: noDebian bug : 639755CVE IDs : CVE-2011-3205Ben Hawkes discovered that squid3, a full featured Web Proxy cache(HTTP proxy), is vulnerable to a buffer overflow when processing gopherserver replies. An attacker can exploit this flaw by connecting to agopher server that returns lines longer than 4096 bytes. This may resultin denial of service conditions (daemon crash) or the possibly theexecution of arbitrary code with rights of the squid daemon.For the oldstable distribution (lenny), this problem has been fixed inversion 3.0.STABLE8-3+lenny5.For the stable distribution (squeeze), this problem has been fixed inversion 3.1.6-1.2+squeeze1.For the testing distribution (wheezy), this problem has been fixed inversion 3.1.15-1.For the unstable distribution (sid), this problem has been fixed inversion 3.1.15-1.

Link to post
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2308-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffSeptember 12, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : mantisVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-3357 CVE-2011-3358 Debian Bug : 640297Several vulnerabilities were found in Mantis, a web-based bug tracking system: Insufficient input validation could result in local file inclusion and cross-site scripting.For the oldstable distribution (lenny), this problem has been fixed inversion 1.1.6+dfsg-2lenny6.For the stable distribution (squeeze), this problem has been fixed inversion 1.1.8+dfsg-10squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 1.2.7-1.

Link to post
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2309-1 security@debian.orghttp://www.debian.org/security/ Raphael GeissertSeptember 13, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : opensslVulnerability : compromised certificate authorityProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1945Several fraudulent SSL certificates have been found in the wild issuedby the DigiNotar Certificate Authority, obtained through a securitycompromise of said company. After further updates on this incident, ithas been determined that all of DigiNotar's signing certificates can nolonger be trusted.Debian, like other software distributors and vendors, has decided todistrust all of DigiNotar's CAs. In this update, this is done in thecrypto library (a component of the OpenSSL toolkit) by marking suchcertificates as revoked.Any application that uses said component should now reject certificatessigned by DigiNotar. Individual applications may allow users to overrridethe validation failure. However, making exceptions is highlydiscouraged and should be carefully verified.Additionally, a vulnerability has been found in the ECDHE_ECDS cipherwhere timing attacks make it easier to determine private keys. TheCommon Vulnerabilities and Exposures project identifies it asCVE-2011-1945.For the oldstable distribution (lenny), these problems have been fixed inversion 0.9.8g-15+lenny12.For the stable distribution (squeeze), these problems have been fixed inversion 0.9.8o-4squeeze2.For the testing distribution (wheezy), these problems will be fixed soon.For the unstable distribution (sid), these problems have been fixed inversion 1.0.0e-1.

Link to post
Share on other sites

- --------------------------------------------------------------------------Debian Security Advisory DSA-2305-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeSeptember 19, 2011 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : vsftpdVulnerability : denial of serviceProblem type : remoteDebian-specific: noDebian bug : 622741 629373CVE IDs : CVE-2011-0762 CVE-2011-2189Two security issue have been discovered that affect vsftpd, a lightweight,efficient FTP server written for security.CVE-2011-2189 It was discovered that Linux kernels < 2.6.35 are considerably slower in releasing than in the creation of network namespaces. As a result of this and because vsftpd is using this feature as a security enhancement to provide network isolation for connections, it is possible to cause denial of service conditions due to excessive memory allocations by the kernel. This is technically no vsftpd flaw, but a kernel issue. However, this feature has legitimate use cases and backporting the specific kernel patch is too intrusive. Additionally, a local attacker requires the CAP_SYS_ADMIN capability to abuse this functionality. Therefore, as a fix, a kernel version check has been added to vsftpd in order to disable this feature for kernels < 2.6.35.CVE-2011-0762 Maksymilian Arciemowicz discovered that vsftpd is incorrectly handling certain glob expressions in STAT commands. This allows a remote authenticated attacker to conduct denial of service attacks (excessive CPU and process slot exhaustion) via crafted STAT commands.For the oldstable distribution (lenny), this problem has been fixed inversion 2.0.7-1+lenny1.For the stable distribution (squeeze), this problem has been fixed inversion 2.3.2-3+squeeze2. Please note that CVE-2011-2189 does not affectthe lenny version.For the testing distribution (wheezy), this problem will be fixed soon.For the unstable distribution (sid), this problem has been fixed inversion 2.3.4-1.

Link to post
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2310-1 security@debian.orghttp://www.debian.org/security/ dann frazierSeptember 22, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : linux-2.6Vulnerability : privilege escalation/denial of service/information leakProblem type : local/remoteDebian-specific: noCVE Id(s) : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209 CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191Debian Bug : 633738Several vulnerabilities have been discovered in the Linux kernel that may leadto a privilege escalation, denial of service or information leak. The CommonVulnerabilities and Exposures project identifies the following problems:CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device.CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device.CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the alpha architecture. Local users could obtain access to sensitive kernel memory. CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4() system call on the alpha architecture permitting local users to gain elevated privileges.CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop.CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (cpu time and memory).CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths.CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.This update also includes a fix for a regression introduced with the previoussecurity fix for CVE-2011-1768 (Debian: #633738)For the oldstable distribution (lenny), this problem has been fixed in version2.6.26-26lenny4. Updates for arm and alpha are not yet available, but will bereleased as soon as possible. Updates for the hppa and ia64 architectures willbe included in the upcoming 5.0.9 point release.The following matrix lists additional source packages that were rebuilt forcompatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+26lenny4

Link to post
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2311-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerSeptember 27, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : openjdk-6Vulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871Debian Bug : 629852Several vulnerabilities have been discovered in OpenJDK, animplementation of the Java SE platform. The Common Vulnerabilitiesand Exposures project identifies the following problems:CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine.CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.In addition, this update removes support for the Zero/Shark and CacaoHotspot variants from the i386 and amd64 due to stability issues.These Hotspot variants are included in the openjdk-6-jre-zero andicedtea-6-jre-cacao packages, and these packages must be removedduring this update.For the oldstable distribution (lenny), these problems will be fixedin a separate DSA for technical reasons.For the stable distribution (squeeze), these problems have been fixedin version 6b18-1.8.9-0.1~squeeze1.For the testing distribution (wheezy) and the unstable distribution(sid(, these problems have been fixed in version 6b18-1.8.9-0.1.

Link to post
Share on other sites

- -------------------------------------------------------------------------Debian Security Advisory DSA-2312-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffSeptember 29, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceapeVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 Several vulnerabilities have been found in the Iceape internet suite,an unbranded version of Seamonkey:CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key.CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code.CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code.CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy.CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection.The oldstable distribution (lenny) is not affected. The iceape packageonly provides the XPCOM code.For the stable distribution (squeeze), this problem has been fixed inversion 2.0.11-8. This update also marks the compromised DigiNotarroot certs as revoked rather then untrusted.For the unstable distribution (sid), this problem has been fixed inversion 2.0.14-8.- -------------------------------------------------------------------------Debian Security Advisory DSA-2313-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffSeptember 29, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceweaselVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 Several vulnerabilities have been found in Iceweasel, a web browserbased on Firefox:CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key.CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code.CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code.CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy.CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection.For the oldstable distribution (lenny), this problem has been fixed inversion 1.9.0.19-14 of the xulrunner source package. This update alsomarks the compromised DigiNotar root certs as revoked rather thenuntrusted.For the stable distribution (squeeze), this problem has been fixedinversion 3.5.16-10. This update also marks the compromised DigiNotarroot certs as revoked rather then untrusted.For the unstable distribution (sid), this problem has been fixed inversion 7.0-1.

Link to post
Share on other sites
sunrat

- --------------------------------------------------------------------------Debian Security Advisory DSA-2314-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeOct 3, 2011 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : puppetVulnerability : multipleProblem type : local/remoteDebian-specific: noDebian bug : noneCVE IDs : CVE-2011-3848 CVE-2011-3870 CVE-2011-3869 CVE-2011-3871Multiple security issues have been discovered in puppet, a centralizedconfiguration management system. The Common Vulnerabilities and Exposuresproject identifies the following problems:CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X.509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.CVE-2011-3870 Ricky Zhou discovered a potential local privilege escalation in the ssh_authorized_keys resource and theoretically in the Solaris and AIX providers, where file ownership was given away before it was written, leading to a possibility for a user to overwrite arbitrary files as root, if their authorized_keys file was managed.CVE-2011-3869 A predictable file name in the k5login type leads to the possibility of symlink attacks which would allow the owner of the home directory to symlink to anything on the system, and have it replaced with the "correct" content of the file, which can lead to a privilege escalation on puppet runs.CVE-2011-3871 A potential local privilege escalation was found in the --edit mode of 'puppet resource' due to a persistant, predictable file name, which can result in editing an arbitrary target file, and thus be be tricked into running that arbitrary file as the invoking user. This command is most commonly run as root, this leads to a potential privilege escalation.Additionally, this update hardens the indirector file backed terminus baseclass against injection attacks based on trusted path names.For the oldstable distribution (lenny), this problem will be fixed soon.For the stable distribution (squeeze), this problem has been fixed inversion 2.6.2-5+squeeze1.For the testing distribution (wheezy), this has been fixed inversion 2.7.3-3.For the unstable distribution (sid), this problem has been fixed inversion 2.7.3-3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2315-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoOctober 05, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : openoffice.orgVulnerability : multiple vulnerabilitiesProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2713 Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiplevulnerabilities in the binary Microsoft Word (doc) file format importerof OpenOffice.org, a full-featured office productivity suite thatprovides a near drop-in replacement for Microsoft® Office.For the oldstable distribution (lenny), this problem has been fixed inversion 1:2.4.1+dfsg-1+lenny12.For the stable distribution (squeeze), this problem has been fixed inversion 1:3.2.1-11+squeeze4.For the testing distribution (wheezy), and the unstable distribution (sid),this problem will be fixed soon.- -------------------------------------------------------------------------Debian Security Advisory DSA-2316-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerOctober 05, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : quaggaVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered severalvulnerabilities in Quagga, an Internet routing daemon:CVE-2011-3323 A stack-based buffer overflow while decoding Link State Update packets with a malformed Inter Area Prefix LSA can cause the ospf6d process to crash or (potentially) execute arbitrary code.CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement.CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet.CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga.CVE-2011-3327 A heap-based buffer overflow while processing BGP UPDATE messages containing an Extended Communities path attribute can cause the bgpd process to crash or (potentially) execute arbitrary code.The OSPF-related vulnerabilities require that potential attackers sendpackets to a vulnerable Quagga router; the packets are not distributedover OSPF. In contrast, the BGP UPDATE messages could be propagatedby some routers.For the oldstable distribution (lenny), these problems have been fixedin version 0.99.10-1lenny6.For the stable distribution (squeeze), these problems have been fixedin version 0.99.17-2+squeeze3.For the testing distribution (wheezy) and the unstable distribution(sid), these problems have been fixed in version 0.99.19-1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2317-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffOctober 05, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : icedoveVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key.CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code.CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code.CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy.CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection.As indicated in the Lenny (oldstable) release notes, security support forthe Icedove packages in the oldstable needed to be stopped before the endof the regular Lenny security maintenance life cycle.You are strongly encouraged to upgrade to stable or switch to a differentmail client.For the stable distribution (squeeze), this problem has been fixed inversion 3.0.11-1+squeeze5.For the unstable distribution (sid), this problem has been fixed inversion 3.1.15-1.

Link to post
Share on other sites
sunrat

- --------------------------------------------------------------------------Debian Security Advisory DSA-2318-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeOct 6, 2011 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : cyrus-imapd-2.2Vulnerability : multipleProblem type : remoteDebian-specific: noDebian bug : noneCVE IDs : CVE-2011-3372 CVE-2011-3208Multiple security issues have been discovered in cyrus-imapd, a highly scalablemail system designed for use in enterprise environments. The CommonVulnerabilities and Exposures project identifies the following problems:CVE-2011-3208 Coverity discovered a stack-based buffer overflow in the NNTP server implementation (nttpd) of cyrus-imapd. An attacker can exploit this flaw via several crafted NNTP commands to execute arbitrary code.CVE-2011-3372 Stefan Cornelius of Secunia Research discovered that the command processing of the NNTP server implementation (nttpd) of cyrus-imapd is not properly implementing access restrictions for certain commands and is not checking for a complete, successful authentication. An attacker can use this flaw to bypass access restrictions for some commands and, e.g. exploit CVE-2011-3208 without proper authentication.For the oldstable distribution (lenny), this problem has been fixed inversion 2.2_2.2.13-14+lenny5.For the stable distribution (squeeze), this problem has been fixed inversion 2.2_2.2.13-19+squeeze2.For the testing distribution (wheezy), this problem will be fixed soon.For the unstable distribution (sid), this problem has been fixed incyrus-imapd-2.4 version 2.4.12-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2319-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstOctober 8, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : policykit-1Vulnerability : race conditionProblem type : localDebian-specific: noCVE ID : CVE-2011-1485 Debian Bug : 644500Neel Mehta discovered that a race condition in Policykit, a frameworkfor managing administrative policies and privileges, allowed localusers to elevate privileges by executing a setuid program from pkexec.The oldstable distribution (lenny) does not contain the policykit-1package.For the stable distribution (squeeze), this problem has been fixed inversion 0.96-4+squeeze1.For the testing distribution (wheezy) and unstable distribution (sid),this problem has been fixed in version 0.101-4.- -------------------------------------------------------------------------Debian Security Advisory DSA-2320-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstOctober 8, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : dokuwikiVulnerability : regression fixProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2510 Debian Bug : 644145The dokuwiki update included in Debian Lenny 5.0.9 to address a crosssite scripting issue (CVE-2011-2510) had a regression rendering linksto external websites broken. This update corrects that regression.For the oldstable distribution (lenny), this problem has been fixed inversion 0.0.20080505-4+lenny4.

Link to post
Share on other sites

×
×
  • Create New...