sunrat Posted October 11, 2011 Posted October 11, 2011 - -------------------------------------------------------------------------Debian Security Advisory DSA-2321-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffOctober 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : moinVulnerability : cross-site scriptingProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1058 A cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki.For the oldstable distribution (lenny), this problem has been fixed inversion 1.7.1-3+lenny6.For the stable distribution (squeeze), this problem has been fixed inversion 1.9.3-1+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 1.9.3-3.- -------------------------------------------------------------------------Debian Security Advisory DSA-2322-1 security@debian.orghttp://www.debian.org/security/ Jonathan WiltshireOctober 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : bugzillaVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-201-2979 CVE-2010-4567 CVE-2010-4568 CVE-2010-4572 CVE-2011-0046 CVE-2011-0048 CVE-2011-2379 CVE-2011-2380 CVE-2011-2381 CVE-2011-2978 Several vulnerabilities were discovered in Bugzilla, a web-based bugtracking system.CVE-2010-4572 By inserting particular strings into certain URLs, it was possible to inject both headers and content to any browser.CVE-2010-4567, CVE-2011-0048 Bugzilla has a "URL" field that can contain several types of URL, including "java script:" and "data:" URLs. However, it does not make "java script:" and "data:" URLs into clickable links, to protect against cross-site scripting attacks or other attacks. It was possible to bypass this protection by adding spaces into the URL in places that Bugzilla did not expect them. Also, "java script:" and "data:" links were *always* shown as clickable to logged-out users.CVE-2010-4568 It was possible for a user to gain unauthorized access to any Bugzilla account in a very short amount of time (short enough that the attack is highly effective).CVE-2011-0046 Various pages were vulnerable to Cross-Site Request Forgery attacks. Most of these issues are not as serious as previous CSRF vulnerabilities.CVE-2011-2978 When a user changes his email address, Bugzilla trusts a user-modifiable field for obtaining the current e-mail address to send a confirmation message to. If an attacker has access to the session of another user (for example, if that user left their browser window open in a public place), the attacker could alter this field to cause the email-change notification to go to their own address. This means that the user would not be notified that his account had its email address changed by the attacker.CVE-2011-2381 For flagmails only, attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications when an attachment flag is edited.CVE-2011-2379 Bugzilla uses an alternate host for attachments when viewing them in raw format to prevent cross-site scripting attacks. This alternate host is now also used when viewing patches in "Raw Unified" mode because Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing, which could lead to the execution of malicious code.CVE-2011-2380 CVE-201-2979 Normally, a group name is confidential and is only visible to members of the group, and to non-members if the group is used in bugs. By crafting the URL when creating or editing a bug, it was possible to guess if a group existed or not, even for groups which weren't used in bugs and so which were supposed to remain confidential.For the oldstable distribution (lenny), it has not been practical tobackport patches to fix these bugs. Users of bugzilla on lenny are strongly advised to upgrade to the version in the squeeze distribution.For the stable distribution (squeeze), these problems have been fixed inversion 3.6.2.0-4.4.For the testing distribution (wheezy) and the unstable distribution (sid),the bugzilla packages have been removed.
sunrat Posted October 21, 2011 Posted October 21, 2011 - -------------------------------------------------------------------------Debian Security Advisory DSA-2324-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffOctober 20, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : wiresharkVulnerability : programming errorProblem type : remoteDebian-specific: noCVE ID : CVE-2011-3360 The Microsoft Vulnerability Research group discovered that insecureload path handling could lead to execution of arbitrary Lua script code.For the oldstable distribution (lenny), this problem has been fixed inversion 1.0.2-3+lenny15. This build will be released shortly.For the stable distribution (squeeze), this problem has been fixed inversion 1.2.11-6+squeeze4.For the unstable distribution (sid), this problem has been fixed inversion 1.6.2-1.
sunrat Posted October 23, 2011 Posted October 23, 2011 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2325-1 security@debian.org http://www.debian.org/security/ Aurelien Jarno October 23, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : kfreebsd-8 Vulnerability : privilege escalation/denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2011-4062 Buffer overflow in the "linux emulation" support in FreeBSD kernel allows local users to cause a denial of service (panic) and possibly execute arbitrary code by calling the bind system call with a long path for a UNIX-domain socket, which is not properly handled when the address is used by other unspecified system calls. For the stable distribution (squeeze), this problem has been fixed in version 8.1+dfsg-8+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 8.2-9.
sunrat Posted October 25, 2011 Posted October 25, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2326-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 24, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pam Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3148 CVE-2011-3149 Kees Cook of the ChromeOS security team discovered a buffer overflow in pam_env, a PAM module to set environment variables through the PAM stack, which allowed the execution of arbitrary code. An additional issue in argument parsing allows denial of service. The oldstable distribution (lenny) is not affected. For the stable distribution (squeeze), this problem has been fixed in version 1.1.1-6.1+squeeze1. - -------------------------------------------------------------------------- Debian Security Advisory DSA-2327-1 security@debian.org http://www.debian.org/security/ Nico Golde Oct 24th, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : libfcgi-perl Vulnerability : authentication bypass Problem type : remote Debian-specific: no Debian bug : 607479 CVE IDs : CVE-2011-2766 Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing FastCGI applications, is incorrectly restoring environment variables of a prior request in subsequent requests. In some cases this may lead to authentication bypasses or worse. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 0.71-1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 0.73-2. For the unstable distribution (sid), this problem has been fixed in version 0.73-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2328-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 24, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freetype Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE ID : CVE-2011-3256 Debian Bug : 646120 It was discovered that missing input sanitising in Freetype's glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny7. For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 2.4.7-1.
sunrat Posted October 27, 2011 Posted October 27, 2011 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2329-1 security@debian.org http://www.debian.org/security/ Nico Golde Oct 27th, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : torque Vulnerability : buffer overflow Problem type : remote Debian-specific: no Debian bug : none CVE IDs : CVE-2011-2193 Bartlomiej Balcerek discovered several buffer overflows in torque server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names. The oldstable distribution (lenny) does not contain torque. For the stable distribution (squeeze), this problem has been fixed in version 2.4.8+dfsg-9squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 2.4.15+dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 2.4.15+dfsg-1.
sunrat Posted October 28, 2011 Posted October 28, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2330-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 27, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : simplesamlphp Vulnerability : xml encryption weakness Problem type : remote Debian-specific: no Issues were found in the handling of XML encryption in simpleSAMLphp, an application for federated authentication. The following two issues have been addressed: It may be possible to use an SP as an oracle to decrypt encrypted messages sent to that SP. It may be possible to use the SP as a key oracle which can be used to forge messages from that SP by issuing 300000-2000000 queries to the SP. The oldstable distribution (lenny) does not contain simplesamlphp. For the stable distribution (squeeze), this problem has been fixed in version 1.6.3-2. The testing distribution (wheezy) will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1.8.2-1.
sunrat Posted October 28, 2011 Posted October 28, 2011 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2331-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 28, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : tor Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2768 CVE-2011-2769 It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues (CVE-2011-2769). Please see this posting from the Tor blog for more information: https://blog.torproject.org/blog/tor-02234-...ecurity-patches For the oldstable distribution (lenny), this problem has been fixed in version 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian archive scripts, the update cannot be released synchronously with the packages for stable. It will be released shortly. For the stable distribution (squeeze), this problem has been fixed in version 0.2.1.31-1. For the unstable and testing distributions, this problem has been fixed in version 0.2.2.34-1. For the experimental distribution, this problem have has fixed in version 0.2.3.6-alpha-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local access, or specific files overwrites otherwise. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacked could flood the daemon with router solicitations in order to fill the input queue, causing a temporary denial of service (processing would be stopped during all the mdelay() calls). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2.
sunrat Posted October 29, 2011 Posted October 29, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2332-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 29, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django Vulnerability : several issues Problem type : remote Debian-specific: no CVE ID : CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 CVE-2011-4140 Debian Bug : 641405 Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework: CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session. CVE-2011-4137, CVE-2011-4138 Django's field type URLfield by default checks supplied URL's by issuing a request to it, which doesn't time out. A Denial of Service is possible by supplying specially prepared URL's that keep the connection open indefinately or fill the Django's server memory. CVE-2011-4139 Django used X-Forwarded-Host headers to construct full URL's. This header may not contain trusted input and could be used to poison the cache. CVE-2011-4140 The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests. For the oldstable distribution (lenny), this problem has been fixed in version 1.0.2-1+lenny3. For the stable distribution (squeeze), this problem has been fixed in version 1.2.3-3+squeeze2. For the testing (wheezy) and unstable distribution (sid), this problem has been fixed in version 1.3.1-1.
sunrat Posted October 31, 2011 Posted October 31, 2011 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2333-1 security@debian.org http://www.debian.org/security/ Jonathan Wiltshire Oct 31th, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : phpldapadmin Vulnerability : several Problem type : remote Debian-specific: no Debian bug : 646754 CVE IDs : CVE-2011-4075 CVE-2011-4074 Two vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmd.php (when "cmd" is set to "_debug") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. CVE-2011-4075 Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to "query_engine", "query" is set to "none", and "search" is set to e.g. "1") is not properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code. For the oldstable distribution (lenny), these problems have been fixed in version 1.1.0.5-6+lenny2. For the stable distribution (squeeze), these problems have been fixed in version 1.2.0.5-2+squeeze1. For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.2.0.5-2.1.
sunrat Posted November 4, 2011 Posted November 4, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2334-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 04, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mahara Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2771 CVE-2011-2772 CVE-2011-2773 Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder: CVE-2011-2771 Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. CVE-2011-2772 Richard Mansfield discovered that insufficient upload restrictions allowed denial of service. CVE-2011-2773 Richard Mansfield that the management of institutions was prone to cross-site request forgery. (no CVE ID available yet) Andrew Nichols discovered a privilege escalation vulnerability in MNet handling. For the oldstable distribution (lenny), this problem has been fixed in version 1.0.4-4+lenny11. For the stable distribution (squeeze), this problem has been fixed in version 1.2.6-2+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 1.4.1-1.
sunrat Posted November 6, 2011 Posted November 6, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2335-1 security@debian.org http://www.debian.org/security/ Nico Golde November 5th, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : man2hhtml Vulnerability : missing input sanitization Problem type : remote Debian-specific: yes CVE ID : CVE-2011-2770 Tim Starling discovered that the Debian-native CGI wrapper for man2html, a program to convert UNIX man pages to HTML, is not properly escaping user-supplied input when displaying various error messages. A remote attacker can exploit this flaw to conduct cross-site scripting (XSS) attacks. For the oldstable distribution (lenny), this problem has been fixed in version 1.6f-3+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 1.6f+repack-1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 1.6g-6. For the unstable distribution (sid), this problem has been fixed in version 1.6g-6.
sunrat Posted November 6, 2011 Posted November 6, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2337-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 6, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen Vulnerability : several vulnerabilities Problem type : local Debian-specific: no CVE ID : CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262 Several vulnerabilities were discovered in the Xen virtual machine hypervisor. CVE-2011-1166 A 64-bit guest can get one of its vCPU'ss into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. CVE-2011-1583, CVE-2011-3262 Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image. CVE-2011-1898 When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS can users to gain host OS privileges by writing to the interrupt injection registers. The oldstable distribution (lenny) contains a different version of Xen not affected by these problems. For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-4. For the testing (wheezy) and unstable distribution (sid), this problem has been fixed in version 4.1.1-1.
sunrat Posted November 7, 2011 Posted November 7, 2011 Package : moodle Vulnerability : several Problem type : remote Debian-specific: no CVE ID : not yet available Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning: * MSA-11-0020 Continue links in error messages can lead offsite * MSA-11-0024 Recaptcha images were being authenticated from an older server * MSA-11-0025 Group names in user upload CSV not escaped * MSA-11-0026 Fields in user upload CSV not escaped * MSA-11-0031 Forms API constant issue * MSA-11-0032 MNET SSL validation issue * MSA-11-0036 Messaging refresh vulnerability * MSA-11-0037 Course section editing injection vulnerability * MSA-11-0038 Database injection protection strengthened For the stable distribution (squeeze), this problem has been fixed in version 1.9.9.dfsg2-2.1+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 1.9.9.dfsg2-4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2339-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 07, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3640 Debian Bug : 647614 This update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority. More information can be found in the Mozilla Security Blog: http://blog.mozilla.com/security/2011/11/0...cate-authority/ This update also fixes an insecure load path for pkcs11.txt configuration file (CVE-2011-3640). For the oldstable distribution (lenny), this problem has been fixed in version 3.12.3.1-0lenny7. For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze4. For the unstable distribution (sid), this problem has been fixed in version 3.13.1.with.ckbi.1.88-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2336-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 07, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3362 CVE-2011-3973 CVE-2011-3974 CVE-2011-3504 Debian Bug : 641478 Multiple vulnerabilities were found in the ffmpeg, a multimedia player, server and encoder: CVE-2011-3362 An integer signedness error in decode_residual_block function of the Chinese AVS video (CAVS) decoder in libavcodec can lead to denial of service (memory corruption and application crash) or possible code execution via a crafted CAVS file. CVE-2011-3973/CVE-2011-3974 Multiple errors in the Chinese AVS video (CAVS) decoder can lead to denial of service (memory corruption and application crash) via an invalid bitstream. CVE-2011-3504 A memory allocation problem in the Matroska format decoder can lead to code execution via a crafted file. For the stable distribution (squeeze), this problem has been fixed in version 4:0.5.5-1. For the unstable distribution (sid), this problem has been fixed in version 4:0.7.2-1 of the libav source package. Security support for ffmpeg has been discontinued for the oldstable distribution (lenny) before in DSA 2306. The current version in oldstable is not supported by upstream anymore and is affected by several security issues. Backporting fixes for these and any future issues has become unfeasible and therefore we needed to drop our security support for the version in oldstable. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2340-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 7, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-8.3, postgresql-8.4, postgresql-9.0 Vulnerability : weak password hashing Problem type : remote Debian-specific: no CVE ID : CVE-2011-2483 Debian Bug : 631285 magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents. For the oldstable distribution (lenny), this problem has been fixed in postgresql-8.3 version 8.3.16-0lenny1. For the stable distribution (squeeze), this problem has been fixed in postgresql-8.4 version 8.4.9-0squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in postgresql-8.4 version 8.4.9-1, postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1. The updates also include reliability improvements, originally scheduled for inclusion into the next point release; for details see the respective changelogs.
sunrat Posted November 9, 2011 Posted November 9, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2341-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 09, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. For the oldstable distribution (lenny), this problem has been fixed in version 1.9.0.19-15 of the xulrunner source package. For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-11. For the unstable distribution (sid), this problem has been fixed in version 8.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2342-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 09, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceape Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. The oldstable distribution (lenny) is not affected. The iceape package only provides the XPCOM code. For the stable distribution (squeeze), this problem has been fixed in version 2.0.11-9. For the unstable distribution (sid), this problem has been fixed in version 2.0.14-9. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2343-1 security@debian.org http://www.debian.org/security/ Raphael Geissert November 09, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl Vulnerability : CA trust revocation Problem type : remote Debian-specific: no Several weak certificates were issued by Malaysian intermediate CA "Digicert Sdn. Bhd." This event, along with other issues, has lead to Entrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed certificates. This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this decision by marking Digicert Sdn. Bhd.'s certificates as revoked. For the oldstable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny14. For the stable distribution (squeeze), this problem has been fixed in version 0.9.8o-4squeeze4. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1.0.0e-2.1.
sunrat Posted November 11, 2011 Posted November 11, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2344-1 security@debian.org http://www.debian.org/security/ Florian Weimer November 11, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django-piston Vulnerability : deserialization vulnerability Problem type : remote Debian-specific: no CVE ID : CVE-2011-4103 Debian Bug : 647315 It was discovered that the Piston framework can deserializes untrusted YAML and Pickle data, leading to remote code execution. (CVE-2011-4103) The old stable distribution (lenny) does not contain a python-django-piston package. For the stable distribution (squeeze), this problem has been fixed in version 0.2.2-1+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 0.2.2-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2345-1 security@debian.org http://www.debian.org/security/ Florian Weimer November 11, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove Vulnerability : several Problem type : local (remote) Debian-specific: no CVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 Several vulnerabilities have been discovered in Icedove, a mail client based on Thunderbird. CVE-2011-3647 The JSSubScriptLoader does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. CVE-2011-3648 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. CVE-2011-3650 Iceweasel does not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze6. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 3.1.15-1.
sunrat Posted November 15, 2011 Posted November 15, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2346-1 security@debian.org http://www.debian.org/security/ Florian Weimer November 15, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : proftpd-dfsg Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-4130 Debian Bug : 648373 Several vulnerabilities were discovered in ProFTPD, an FTP server: ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. (The version in lenny is not affected by this problem.) For the oldstable distribution (lenny), this problem has been fixed in version 1.3.1-17lenny8. For the stable distribution (squeeze), this problem has been fixed in version 1.3.3a-6squeeze4. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1.3.4~rc3-2.
sunrat Posted November 16, 2011 Posted November 16, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2346-2 security@debian.org http://www.debian.org/security/ Florian Weimer November 16, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : proftpd-dfsg Vulnerability : several Problem type : remote Debian-specific: no Debian Bug : 648922 The ProFTPD security update, DSA-2346-1, introduced a regression, preventing successful TLS connections. This regression does not affected the stable distribution (squeeze), nor the testing and unstable distributions. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.1-17lenny9. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2347-1 security@debian.org http://www.debian.org/security/ Florian Weimer November 16, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 Vulnerability : improper assert Problem type : remote Debian-specific: no CVE ID : CVE-2011-4313 It was discovered that BIND, a DNS server, crashes while processing certain sequences of recursive DNS queries, leading to a denial of service. Authoritative-only server configurations are not affected by this issue. For the oldstable distribution (lenny), this problem has been fixed in version 1:9.6.ESV.R4+dfsg-0+lenny4. For the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze4.
sunrat Posted November 19, 2011 Posted November 19, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2349-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 19, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip Vulnerability : several Problem type : remote Debian-specific: no CVE ID : not available yet Two vulnerabilities have been found in SPIP, a website engine for publishing, which allow privilege escalation to site administrator privileges and cross-site scripting. The oldstable distribution (lenny) doesn't include spip. For the stable distribution (squeeze), this problem has been fixed in version 2.1.1-3squeeze2. For the unstable distribution (sid), this problem has been fixed in version 2.1.12-1.
sunrat Posted November 20, 2011 Posted November 20, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2350-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 20, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freetype Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE ID : CVE-2011-3439 Debian Bug : 649122 It was discovered that missing input sanitising in Freetype's processing of CID-keyed fonts could lead to the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny8. For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 2.4.8-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2348-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 17, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : systemtap Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2010-4170 CVE-2010-4171 CVE-2011-2503 Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux: CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation. CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation. CVE-2010-4171 It was discovered that insufficient validation of module unloading could lead to denial of service. For the stable distribution (squeeze), this problem has been fixed in version 1.2-5+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 1.6-1.
sunrat Posted November 21, 2011 Posted November 21, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2351-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 21, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-4102 Huzaifa Sidhpurwala discovered a buffer overflow in Wireshark's ERF dissector, which could lead to the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version wireshark 1.0.2-3+lenny16. For the stable distribution (squeeze), this problem has been fixed in version 1.2.11-6+squeeze5. For the unstable distribution (sid), this problem has been fixed in version 1.6.3-1.
sunrat Posted November 22, 2011 Posted November 22, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2352-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 22, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : puppet Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2011-3872 It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the "certdnsnames" option was used. This could lead to man in the middle attacks. More details are available at http://puppetlabs.com/security/cve/cve-2011-3872/ For the oldstable distribution (lenny), this problem has been fixed in version 0.24.5-3+lenny2. For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 2.7.6-1.
sunrat Posted November 24, 2011 Posted November 24, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2353-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ldns Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-3581 Debian Bug : David Wheeler discovered a buffer overflow in ldns's code to parse RR records, which could lead to the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.4.0-1+lenny2. For the stable distribution (squeeze), this problem has been fixed in version 1.6.6-2+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 1.6.11-1.
sunrat Posted November 30, 2011 Posted November 30, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2354-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 28, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2896 CVE-2011-3170 Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the Cups printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny10. For the stable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze1. For the testing and unstable distribution (sid), this problem has been fixed in version 1.5.0-8. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2355-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 30, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : clearsilver Vulnerability : format string vulnerability Problem type : remote Debian-specific: no CVE ID : CVE-2011-4357 Leo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 0.10.4-1.3+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 0.10.5-1+squeeze1. For the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted December 1, 2011 Posted December 1, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2356-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 01, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-6 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform: CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions. For the stable distribution (squeeze), this problem has been fixed in version 6b18-1.8.10-0+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 6b23~pre11-1.
sunrat Posted December 4, 2011 Posted December 4, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2357-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 03, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : evince Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-264320 Debian Bug : 609534 Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer: CVE-2010-2640 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2641 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2642 Insuficient bounds checks in the AFM fonts parser when writing data to a memory buffer allocated on heap could lead to arbitrary memory overwrite and arbitrary code execution. CVE-2010-2643 Insuficient check on an integer used as a size for memory allocation can lead to arbitrary write outside the allocated range and cause arbitrary code execution. For the oldstable distribution (lenny), this problem has been fixed in version 2.22.2-4~lenny2. For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641 and CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for CVE-2010-2642 was incomplete. The final fix is present in version 2.30.3-2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 3.0.2. For the unstable distribution (sid), this problem has been fixed in version 3.0.2.
sunrat Posted December 7, 2011 Posted December 7, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2289-1 security@debian.org http://www.debian.org/security/ Florian Weimer August 07, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : typo3-src Vulnerability : several Problem type : remote Debian-specific: no Debian Bug : 635937 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site scripting, information disclosure, authentication delay bypass, and arbitrary file deletion. More details can be found in the Typo3 security advisory: http://typo3.org/teams/security/security-b...o3-core-sa-2011 - -001/ For the oldstable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny8. For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 4.5.4+dfsg1-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2290-1 security@debian.org http://www.debian.org/security/ Florian Weimer August 07, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE ID : CVE-2011-2522 CVE-2011-2694 The Samba Web Administration Tool (SWAT) contains several cross-site request forgery (CSRF) vulnerabilities (CVE-2011-2522) and a cross-site scripting vulnerability (CVE-2011-2694). For the oldstable distribution (lenny), these problems have been fixed in version 2:3.2.5-4lenny15. For the stable distribution (squeeze), these problems have been fixed in version 2:3.5.6~dfsg-3squeeze5. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2:3.5.10~dfsg-1. ------------------------------------------------------------------------- Debian Security Advisory DSA-2291-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst August 8, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : squirrelmail Vulnerability : various Problem type : remote Debian-specific: no CVE ID : CVE-2010-4554 CVE-2010-4555 CVE-2011-2023 CVE-2011-2752 CVE-2011-2753 Various vulnerabilities have been found in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2010-4554 SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. CVE-2010-4555, CVE-2011-2752, CVE-2011-2753 Multiple small bugs in SquirrelMail allowed an attacker to inject malicious script into various pages or alter the contents of user preferences. CVE-2011-2023 It was possible to inject arbitrary web script or HTML via a crafted STYLE element in an HTML part of an e-mail message. For the oldstable distribution (lenny), this problem has been fixed in version 1.4.15-4+lenny5. For the stable distribution (squeeze), this problem has been fixed in version 1.4.21-2. For the testing (wheezy) and unstable distribution (sid), these problems have been fixed in version 1.4.22-1.
sunrat Posted December 7, 2011 Posted December 7, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2358-1 security@debian.org http://www.debian.org/security/ December 05, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-6 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions. For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2359-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 06, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mojarra Vulnerability : EL injection Problem type : remote Debian-specific: no CVE ID : CVE-2011-4358 It was discovered that Mojarra, an implementation of JavaServer Faces, evaluates untrusted values as EL expressions if includeViewParameters is set to true. For the stable distribution (squeeze), this problem has been fixed in version 2.0.3-1+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 2.0.3-2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2360-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 6, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- This is an advance notice that security support for Debian GNU/Linux 5.0 (code name "lenny") will be terminated in two months. The Debian project released Debian GNU/Linux 6.0 alias "squeeze" on the 6th of February 2011. Users and distributors have been given a one-year timeframe to upgrade their old installations to the current stable release. Hence, the security support for the old release of 5.0 is going to end on the 6th of February 2012 as previously announced. Previously announced security updates for the old release will continue to be available on security.debian.org.
sunrat Posted December 7, 2011 Posted December 7, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2360-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 6, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- This is an advance notice that security support for Debian GNU/Linux 5.0 (code name "lenny") will be terminated in two months. The Debian project released Debian GNU/Linux 6.0 alias "squeeze" on the 6th of February 2011. Users and distributors have been given a one-year timeframe to upgrade their old installations to the current stable release. Hence, the security support for the old release of 5.0 is going to end on the 6th of February 2012 as previously announced. Previously announced security updates for the old release will continue to be available on security.debian.org.
sunrat Posted December 8, 2011 Posted December 8, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2361-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 07, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chasen Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-4000 It was discovered that ChaSen, a Japanese morphological analysis system, contains a buffer overflow, potentially leading to arbitrary code execution in programs using the library. For the oldstable distribution (lenny), this problem has been fixed in version 2.4.4-2+lenny2. For the stable distribution (squeeze), this problem has been fixed in version 2.4.4-11+squeeze2.
sunrat Posted December 11, 2011 Posted December 11, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2362-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 10, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : acpid Vulnerability : several Problem type : remote Debian-specific: partly CVE ID : CVE-2011-1159 CVE-2011-2777 CVE-2011-4578 Multiple vulnerabilities were found in the acpid, the Advanced Configuration and Power Interface event daemon: CVE-2011-1159 Vasiliy Kulikov of OpenWall discovered that the socket handling is vulnerable to denial of service. CVE-2011-2777 Oliver-Tobias Ripka discovered that incorrect process handling in the Debian-specific powerbtn.sh script could lead to local privilege escalation. This issue doesn't affect oldstable. The script is only shipped as an example in /usr/share/doc/acpid/examples. See /usr/share/doc/acpid/README.Debian for details. CVE-2011-4578 Helmut Grohne and Michael Biebl discovered that acpid sets a umask of 0 when executing scripts, which could result in local privilege escalation. For the oldstable distribution (lenny), this problem has been fixed in version 1.0.8-1lenny4. For the stable distribution (squeeze), this problem has been fixed in version 1:2.0.7-1squeeze3. For the unstable distribution (sid), this problem will be fixed soon.
Recommended Posts