sunrat Posted December 16, 2011 Posted December 16, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2363-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 16, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tor Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-2778 It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. In Tor's default configuration this issue can only be triggered by clients that can connect to Tor's socks port, which listens only on localhost by default. In non-default configurations where Tor's SocksPort listens not only on localhost or where Tor was configured to use another socks server for all of its outgoing connections, Tor is vulnerable to a larger set of malicious parties. For the oldstable distribution (lenny), this problem has been fixed in version 0.2.1.32-1. For the stable distribution (squeeze), this problem has been fixed in version 0.2.2.35-1~squeeze+1. For the unstable and testing distributions, this problem has been fixed in version 0.2.2.35-1. For the experimental distribution, this problem has has fixed in version 0.2.3.10-alpha-1.
sunrat Posted December 18, 2011 Posted December 18, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2364-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 18, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xorg Vulnerability : incorrect permission check Problem type : local Debian-specific: yes CVE ID : CVE-2011-4613 Debian Bug : 652249 The Debian X wrapper enforces that the X server can only be started from a console. "vladz" discovered that this wrapper could be bypassed. The oldstable distribution (lenny) is not affected. For the stable distribution (squeeze), this problem has been fixed in version 7.5+8+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 1:7.6+10. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2365-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 18, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dtc Vulnerability : several Problem type : local/remote Debian-specific: no CVE ID : CVE-2011-3195 CVE-2011-3196 CVE-2011-3197 CVE-2011-3198 CVE-2011-3199 Debian Bug : 637469 637477 637485 637584 637629 637630 637618 637537 637487 637632 637669 Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services: CVE-2011-3195 A possible shell insertion has been found in the mailing list handling. CVE-2011-3196 Unix rights for the apache2.conf were set incorrectly (world readable). CVE-2011-3197 Incorrect input sanitising for the $_SERVER["addrlink"] parameter could lead to SQL insertion. CVE-2011-3198 DTC was using the -b option of htpasswd, possibly revealing password in clear text using ps or reading /proc. CVE-2011-3199 A possible HTML/javascript insertion vulnerability has been found in the DNS & MX section of the user panel. This update also fixes several vulnerabilities, for which no CVE ID has been assigned: It has been discovered that DTC performs insufficient input sanitising in the package installer, leading to possible unwanted destination directory for installed packages if some DTC application packages are installed (note that these aren't available in Debian main). DTC was setting-up /etc/sudoers with permissive sudo rights to chrootuid. Incorrect input sanitizing in the package installer could lead to SQL insertion. A malicious user could enter a specially crafted support ticket subject leading to an SQL injection in the draw_user_admin.php. For the oldstable distribution (lenny), this problem has been fixed in version 0.29.18-1+lenny2 The stable distribution (squeeze) doesn't include dtc. For the unstable distribution (sid), this problem has been fixed in version 0.34.1-1.
sunrat Posted December 20, 2011 Posted December 20, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2366-1 security@debian.org http://www.debian.org/security/ Jonathan Wiltshire December 18, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki Vulnerability : multiple Problem type : remote Debian-specific: no CVE ID : CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1587 CVE-2011-4360 CVE-2011-4361 Debian Bug : 650434 Several problems have been discovered in mediawiki, a website engine for collaborative work. CVE-2011-1578 CVE-2011-1587 Masato Kinugawa discovered a cross-site scripting (XSS) issue, which affects Internet Explorer clients only, and only version 6 and earlier. Web server configuration changes are required to fix this issue. Upgrading MediaWiki will only be sufficient for people who use Apache with AllowOverride enabled. For details of the required configuration changes, see the upstream announcements: http://lists.wikimedia.org/pipermail/media...ril/000096.html http://lists.wikimedia.org/pipermail/media...ril/000097.html CVE-2011-1579 Wikipedia user Suffusion of Yellow discovered a CSS validation error in the wikitext parser. This is an XSS issue for Internet Explorer clients, and a privacy loss issue for other clients since it allows the embedding of arbitrary remote images. CVE-2011-1580 MediaWiki developer Happy-Melon discovered that the transwiki import feature neglected to perform access control checks on form submission. The transwiki import feature is disabled by default. If it is enabled, it allows wiki pages to be copied from a remote wiki listed in $wgImportSources. The issue means that any user can trigger such an import to occur. CVE-2011-4360 Alexandre Emsenhuber discovered an issue where page titles on private wikis could be exposed bypassing different page ids to index.php. In the case of the user not having correct permissions, they will now be redirected to Special:BadTitle. CVE-2011-4361 Tim Starling discovered that action=ajax requests were dispatched to the relevant function without any read permission checks being done. This could have led to data leakage on private wikis. For the oldstable distribution (lenny), these problems have been fixed in version 1:1.12.0-2lenny9. For the stable distribution (squeeze), these problems have been fixed in version 1:1.15.5-2squeeze2. For the unstable distribution (sid), these problems have been fixed in version 1:1.15.5-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2367-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 19, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : asterisk Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-4597 CVE-2011-4598 Debian Bug : Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit: CVE-2011-4597 Ben Williams discovered that it was possible to enumerate SIP user names in some configurations. Please see the upstream advisory for details: http://downloads.asterisk.org/pub/security/AST-2011-013.html This update only modifies the sample sip.conf configuration file. Please see README.Debian for more information on how to update your installation. CVE-2011-4598 Kristijan Vrban discovered that Asterisk can be crashed with malformed SIP packets if the "automon" feature is enabled. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.4.21.2~dfsg-3+lenny6. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6.2.9-2+squeeze4. For the unstable distribution (sid), this problem has been fixed in version 1:1.8.8.0~dfsg-1.
sunrat Posted December 21, 2011 Posted December 21, 2011 - --------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 security@debian.org http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq - --------------------------------------------------------------------------- Package : lighttpd Vulnerability : multiple Problem type : remote Debian-specific: no Debian bug : 652726 CVE IDs : CVE-2011-4362 CVE-2011-3389 Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions. CVE-2011-3389 When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called "BEAST" attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack (BCBA) on an HTTPS session. Technically this is no lighttpd vulnerability. However, lighttpd offers a workaround to mitigate this problem by providing a possibility to disable CBC ciphers. This updates includes this option by default. System administrators are advised to read the NEWS file of this update (as this may break older clients). For the oldstable distribution (lenny), this problem has been fixed in version 1.4.19+lenny3. For the stable distribution (squeeze), this problem has been fixed in version 1.4.28-2+squeeze1. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1.4.30-1.
sunrat Posted December 22, 2011 Posted December 22, 2011 - --------------------------------------------------------------------------- Debian Security Advisory DSA-2369-1 security@debian.org http://www.debian.org/security/ Nico Golde Dec 21th, 2011 http://www.debian.org/security/faq - --------------------------------------------------------------------------- Package : libsoup2.4 Vulnerability : insufficient input sanitization Problem type : remote Debian-specific: no Debian bug : 635837 CVE IDs : CVE-2011-2524 It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack. For the oldstable distribution (lenny), this problem has been fixed in version 2.4.1-2+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 2.30.2-1+squeeze1. For the testing distribution (squeeze), this problem has been fixed in version 2.34.3-1. For the unstable distribution (sid), this problem has been fixed in version 2.34.3-1.
sunrat Posted December 22, 2011 Posted December 22, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2370-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 22, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : unbound Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-4528 CVE-2011-4869 It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service. CVE-2011-4528 Unbound attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone. CVE-2011-4869 Unbound does not properly process malformed responses which lack expected NSEC3 records. For the oldstable distribution (lenny), these problems have been fixed in version 1.4.6-1~lenny2. For the stable distribution (squeeze), these problems have been fixed in version 1.4.6-1+squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.4.14-1.
sunrat Posted December 24, 2011 Posted December 24, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2371-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 24, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jasper Vulnerability : buffer overflows Problem type : remote Debian-specific: no CVE ID : CVE-2011-4516 CVE-2011-4517 Two buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code. For the oldstable distribution (lenny), this problem will be fixed in version 1.900.1-5.1+lenny2. Due to technical limitations of the Debian archive software, the oldstable update cannot be released synchronously with the stable update. For the stable distribution (squeeze), this problem has been fixed in version 1.900.1-7+squeeze1. For the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted December 25, 2011 Posted December 25, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2372-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 25, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : heimdal Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-4862 It was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges. For the oldstable distribution (lenny), this problem has been fixed in version 1.2.dfsg.1-2.1+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 1.4.0~git20100726.dfsg.1-2+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2373-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 25, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inetutils Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-4862 It was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges. For the oldstable distribution (lenny), this problem has been fixed in version 2:1.5.dfsg.1-9+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 2:1.6-3.1+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted December 27, 2011 Posted December 27, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2374-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openswan Vulnerability : implementation error Problem type : remote Debian-specific: no CVE ID : CVE-2011-4073 Debian Bug : 650674 The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto. More information can be found in the upstream advisory at http://openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt For the oldstable distribution (lenny), this problem has been fixed in version 1:2.4.12+dfsg-1.3+lenny4. For the stable distribution (squeeze), this problem has been fixed in version 1:2.6.28+dfsg-5+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 1:2.6.37-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2375-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : krb5, krb5-appl Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-4862 It was discovered that the encryption support for BSD telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet port to execute arbitrary code with root privileges. For the oldstable distribution (lenny), this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny7 of the krb5 package. For the stable distribution (squeeze), this problem has been fixed in version 1:1.0.1-1.2 of the krb5-appl package. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted December 30, 2011 Posted December 30, 2011 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2376-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst December 30, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ipmitool Vulnerability : insecure pid file Problem type : local Debian-specific: no CVE ID : CVE-2011-4339 Debian Bug : 651917 It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file. For the stable distribution (squeeze), this problem has been fixed in version 1.8.11-2+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 1.8.11-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2263-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst December 30, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : movabletype-opensource Vulnerability : several Problem type : remote Debian-specific: no CVE ID : not yet available Debian Bug : 627936 Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package. The original advisory text follows. It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities: A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances. For the oldstable distribution (lenny), these problems have been fixed in version 4.2.3-1+lenny3. For the stable distribution (squeeze), these problems have been fixed in version 4.3.5+dfsg-2+squeeze2. For the testing distribution (wheezy) and for the unstable distribution (sid), these problems have been fixed in version 4.3.6.1+dfsg-1.
sunrat Posted January 1, 2012 Posted January 1, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2376-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst December 31, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ipmitool Vulnerability : insecure pid file Problem type : local Debian-specific: no CVE ID : CVE-2011-4339 Debian Bug : 651917 It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file. The original announcement didn't contain corrections for the Debian 5.0 "lenny" distribution. This update adds packages for lenny. For the oldstable distribution (lenny), this problem has been fixed in version 1.8.9-2+squeeze1. (Although the version number contains the string "squeeze", this is in fact an update for lenny.) For the stable distribution (squeeze), this problem has been fixed in version 1.8.11-2+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 1.8.11-5.
sunrat Posted January 2, 2012 Posted January 2, 2012 - --------------------------------------------------------------------------- Debian Security Advisory DSA-2377-1 security@debian.org http://www.debian.org/security/ Nico Golde Jan 1st, 2012 http://www.debian.org/security/faq - --------------------------------------------------------------------------- Package : cyrus-imapd-2.2 Vulnerability : NULL pointer dereference Problem type : remote Debian-specific: no CVE IDs : CVE-2011-3481 It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP. For the oldstable distribution (lenny), this problem has been fixed in version 2.2.13-14+lenny6. For the stable distribution (squeeze), this problem has been fixed in version 2.2.13-19+squeeze3. For the testing (wheezy) and unstable (sid) distributions, this problem has been fixed in cyrus-imapd-2.4 version 2.4.11-1.
sunrat Posted January 4, 2012 Posted January 4, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2378-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 03, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-4351 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579 Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version 4:0.5.6-3. For the unstable distribution (sid), this problem has been fixed in version 4:0.7.3-1 of the libav source package.
sunrat Posted January 7, 2012 Posted January 7, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2381-1 security@debian.org http://www.debian.org/security/ Florian Weimer January 06, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : squid3 Vulnerability : invalid memory deallocation Problem type : remote Debian-specific: no CVE ID : CVE-2011-4096 It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash. The squid package and the version of squid3 shipped in lenny lack IPv6 support and are not affected by this issue. For the stable distribution (squeeze), this problem has been fixed in version 3.1.6-1.2+squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 3.1.18-1.
sunrat Posted January 8, 2012 Posted January 8, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2382-1 security@debian.org http://www.debian.org/security/ Jonathan Wiltshire January 07, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ecryptfs-utils Vulnerability : multiple Problem type : local Debian-specific: no CVE ID : CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1837 CVE-2011-3145 Several problems have been discovered in ecryptfs-utils, a cryptographic filesystem for Linux. CVE-2011-1831 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. CVE-2011-1832 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. CVE-2011-1834 Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly handled modifications to the mtab file when an error occurs. A local attacker could use this flaw to corrupt the mtab file, and possibly unmount arbitrary locations, leading to a denial of service. CVE-2011-1835 Marc Deslauriers discovered that eCryptfs incorrectly handled keys when setting up an encrypted private directory. A local attacker could use this flaw to manipulate keys during creation of a new user. CVE-2011-1837 Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled lock counters. A local attacker could use this flaw to possibly overwrite arbitrary files. We acknowledge the work of the Ubuntu distribution in preparing patches suitable for near-direct inclusion in the Debian package. For the oldstable distribution (lenny), these problems have been fixed in version 68-1+lenny1. For the stable distribution (squeeze), these problems have been fixed in version 83-4+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 95-1.
sunrat Posted January 8, 2012 Posted January 8, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2383-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 08, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : super Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-2776 Robert Luberda discovered a buffer overflow in the syslog logging code of Super, a tool to execute scripts (or other commands) as if they were root. The default Debian configuration is not affected. For the oldstable distribution (lenny), this problem has been fixed in version 3.30.0-2+lenny1. Due to a technical limitation in the Debian archive scripts this update cannot be released synchronously with the stable update. It will be available shortly. For the stable distribution (squeeze), this problem has been fixed in version 3.30.0-3+squeeze1. For the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted January 10, 2012 Posted January 10, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2384-1 security@debian.org http://www.debian.org/security/ Luk Claes January 09, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cacti Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545 CVE-2011-4824 Several vulnerabilities have been discovered in cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands. For the oldstable distribution (lenny), this problem has been fixed in version 0.8.7b-2.1+lenny4. For the stable distribution (squeeze), this problem has been fixed in version 0.8.7g-1+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 0.8.7i-2.
sunrat Posted January 10, 2012 Posted January 10, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2385-1 security@debian.org http://www.debian.org/security/ Florian Weimer January 10, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pdns Vulnerability : packet loop Problem type : remote Debian-specific: no CVE ID : CVE-2012-0206 Ray Morris discovered that the PowerDNS authoritative sever responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service. For the oldstable distribution (lenny), this problem has been fixed in version 2.9.21.2-1+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 2.9.22-8+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted January 11, 2012 Posted January 11, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2387-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 11, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : simplesamlphp Vulnerability : insufficient input sanitation Problem type : remote Debian-specific: no timtai1 discovered that simpleSAMLphp, an authentication and federation platform, is vulnerable to a cross site scripting attack, allowing a remote attacker to access sensitive client data. The oldstable distribution (lenny) does not contain a simplesamlphp package. For the stable distribution (squeeze), this problem has been fixed in version 1.6.3-3. For the unstable distribution (sid), this problem has been fixed in version 1.8.2-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2386-1 security@debian.org http://www.debian.org/security/ January 10, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openttd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3341 CVE-2011-3342 CVE-2011-3343 Several vulnerabilities have been discovered in openttd, a transport business simulation game. Multiple buffer overflows and off-by-one errors allow remote attackers to cause denial of service. For the oldstable distribution (lenny), this problem has been fixed in version 0.6.2-1+lenny4. For the stable distribution (squeeze), this problem has been fixed in version 1.0.4-4. For the unstable distribution (sid), this problem has been fixed in version 1.1.4-1.
sunrat Posted January 15, 2012 Posted January 15, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2388-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez January 14, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : t1lib Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 Debian Bug : 652996 Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts. CVE-2010-2642 A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0433 Another heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0764 An invalid pointer dereference allows execution of arbitrary code using crafted Type 1 fonts. CVE-2011-1552 Another invalid pointer dereference results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1553 A use-after-free vulnerability results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1554 An off-by-one error results in an invalid memory read and application crash, triggered by crafted Type 1 fonts. For the oldstable distribution (lenny), this problem has been fixed in version 5.1.2-3+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 5.1.2-3+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 5.1.2-3.3. For the unstable distribution (sid), this problem has been fixed in version 5.1.2-3.3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2390-1 security@debian.org http://www.debian.org/security/ Florian Weimer January 15, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576 CVE-2011-4619 Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.) CVE-2011-4576 The SSL 3.0 implementation does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. CVE-2011-4619 The Server Gated Cryptography (SGC) implementation in OpenSSL does not properly handle handshake restarts, unnecessarily simplifying CPU exhaustion attacks. For the oldstable distribution (lenny), these problems have been fixed in version 0.9.8g-15+lenny15. For the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze5. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.0.0f-1.
sunrat Posted January 16, 2012 Posted January 16, 2012 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2389-1 security@debian.org http://www.debian.org/security/ Dann Frazier January 15, 2012 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2011-2183 CVE-2011-2213 CVE-2011-2898 CVE-2011-3353 CVE-2011-4077 CVE-2011-4110 CVE-2011-4127 CVE-2011-4611 CVE-2011-4622 CVE-2011-4914 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2183 Andrea Righi reported an issue in KSM, a memory-saving de-duplication feature. By exploiting a race with exiting tasks, local users can cause a kernel oops, resulting in a denial of service. CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. CVE-2011-2898 Eric Dumazet reported an information leak in the raw packet socket implementation. CVE-2011-3353 Han-Wen Nienhuys reported a local denial of service issue issue in the FUSE (Filesystem in Userspace) support in the linux kernel. Local users could cause a buffer overflow, leading to a kernel oops and resulting in a denial of service. CVE-2011-4077 Carlos Maiolino reported an issue in the XFS filesystem. A local user with the ability to mount a filesystem could corrupt memory resulting in a denial of service or possibly gain elevated privileges. CVE-2011-4110 David Howells reported an issue in the kernel's access key retention system which allow local users to cause a kernel oops leading to a denial of service. CVE-2011-4127 Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough support for SCSI devices. Users with permission to access restricted portions of a device (e.g. a partition or a logical volume) can obtain access to the entire device by way of the SG_IO ioctl. This could be exploited by a local user or privileged VM guest to achieve a privilege escalation. CVE-2011-4611 Maynard Johnson reported an issue with the perf support on POWER7 systems that allows local users to cause a denial of service. CVE-2011-4622 Jan Kiszka reported an issue in the KVM PIT timer support. Local users with the permission to use KVM can cause a denial of service by starting a PIT timer without first setting up the irqchip. CVE-2011-4914 Ben Hutchings reported various bounds checking issues within the ROSE protocol support in the kernel. Remote users could possibly use this to gain access to sensitive memory or cause a denial of service. For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution (lenny) will be available soon. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+39squeeze1
sunrat Posted January 22, 2012 Posted January 22, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2391-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 22, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : phpmyadmin Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-1940 CVE-2011-3181 CVE-2011-4107 Debian Bug : 656247 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4107 The XML import plugin allowed a remote attacker to read arbitrary files via XML data containing external entity references. CVE-2011-1940, CVE-2011-3181 Cross site scripting was possible in the table tracking feature, allowing a remote attacker to inject arbitrary web script or HTML. The oldstable distribution (lenny) is not affected by these problems. For the stable distribution (squeeze), these problems have been fixed in version 4:3.3.7-7. For the testing distribution (wheezy) and unstable distribution (sid), these problems have been fixed in version 4:3.4.7.1-1.
sunrat Posted January 24, 2012 Posted January 24, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2392-1 security@debian.org http://www.debian.org/security/ January 23, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rails Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 CVE-2009-4214 Debian Bug : 629067 It was discovered that the last security update for Ruby on Rails, DSA-2301-1, introduced a regression in the libactionpack-ruby package. For the oldstable distribution (lenny), this problem has been fixed in version 2.1.0-7+lenny2. For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2392-1 security@debian.org http://www.debian.org/security/ Florian Weimer January 23, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl Vulnerability : out-of-bounds read Problem type : remote Debian-specific: no CVE ID : CVE-2012-0050 Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue. For the oldstable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny16. For the stable distribution (squeeze), this problem has been fixed in version 0.9.8o-4squeeze7. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1.0.0g-1.
sunrat Posted January 25, 2012 Posted January 25, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2393-1 security@debian.org http://www.debian.org/security/ dann frazier January 25, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bip Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-0806 Debian Bug : 657217 Julien Tinnes reported a buffer overflow in the bip multiuser irc proxy which may allow arbitrary code execution by remote users. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 0.8.2-1squeeze4. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted January 27, 2012 Posted January 27, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2394-1 security@debian.org http://www.debian.org/security/ Luciano Bello January 27, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 Debian Bug : 652352 643648 656377 Many security problems had been fixed in libxml2, a popular library to handle XML data files. CVE-2011-3919: Jüri Aedla discovered a heap-based buffer overflow that allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-0216: An Off-by-one error have been discoveried that allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2011-2821: A memory corruption (double free) bug has been identified in libxml2's XPath engine. Through it, it is possible to an attacker allows cause a denial of service or possibly have unspecified other impact. This vulnerability does not affect the oldstable distribution (lenny). CVE-2011-2834: Yang Dingning discovered a double free vulnerability related to XPath handling. CVE-2011-3905: An out-of-bounds read vulnerability had been discovered, which allows remote attackers to cause a denial of service. For the oldstable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny5. For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze2. For the testing distribution (wheezy), this problem has been fixed in version 2.7.8.dfsg-7. For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-7.
sunrat Posted January 27, 2012 Posted January 27, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2395-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-3483 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068 Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code (CVE-2012-0068) This update also addresses several bugs, which can lead to crashes of Wireshark. These are not treated as security issues, but are fixed nonetheless if security updates are scheduled: CVE-2011-3483, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067. For the stable distribution (squeeze), this problem has been fixed in version 1.2.11-6+squeeze6. For the unstable distribution (sid), this problem has been fixed in version 1.6.5-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2396-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu-kvm Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-0029 Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation. This update also fixes a guest-triggerable memory corruption in VNC handling. For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze8. For the unstable distribution (sid), this problem has been fixed in version 1.0+dfsg-5.
sunrat Posted January 29, 2012 Posted January 29, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2397-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 29, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icu Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-4599 It was discovered that a buffer overflow in the Unicode libraray ICU could lead to the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 3.8.1-3+lenny3. For the stable distribution (squeeze), this problem has been fixed in version 4.4.1-8. For the unstable distribution (sid), this problem has been fixed in version 4.8.1.1-3.
sunrat Posted January 30, 2012 Posted January 30, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2398-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 30, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3389 CVE-2012-0036 Several vulnerabilities have been discovered in Curl, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3389 This update enables OpenSSL workarounds against the "BEAST" attack. Additional information can be found in the Curl advisory: http://curl.haxx.se/docs/adv_20120124B.html CVE-2012-0036 Dan Fandrich discovered that Curl performs insufficient sanitising when extracting the file path part of an URL. For the oldstable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny6. For the stable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 7.24.0-1.
sunrat Posted January 31, 2012 Posted January 31, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2399-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 31, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit characters, which made it easier for attackers to determine a cleartext password by using knowledge of a password hash. CVE-2011-4566 When used on 32 bit platforms, the exif extension could be used to trigger an integer overflow in the exif_process_IFD_TAG function when processing a JPEG file. CVE-2011-4885 It was possible to trigger hash collisions predictably when parsing form parameters, which allows remote attackers to cause a denial of service by sending many crafted parameters. CVE-2012-0057 When applying a crafted XSLT transform, an attacker could write files to arbitrary places in the filesystem. NOTE: the fix for CVE-2011-2483 required changing the behaviour of this function: it is now incompatible with some old (wrongly) generated hashes for passwords containing 8-bit characters. See the package NEWS entry for details. This change has not been applied to the Lenny version of PHP. For the oldstable distribution (lenny), these problems have been fixed in version 5.2.6.dfsg.1-1+lenny14. For the stable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze5. For the testing distribution (wheezy) and unstable distribution (sid), these problems have been fixed in version 5.3.9-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2399-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 31, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 A regression was found in the fix for PHP's XSLT transformations (CVE-2012-0057). Updated packages are now available to address this regression. For reference, the original advisory text follows. Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit characters, which made it easier for attackers to determine a cleartext password by using knowledge of a password hash. CVE-2011-4566 When used on 32 bit platforms, the exif extension could be used to trigger an integer overflow in the exif_process_IFD_TAG function when processing a JPEG file. CVE-2011-4885 It was possible to trigger hash collisions predictably when parsing form parameters, which allows remote attackers to cause a denial of service by sending many crafted parameters. CVE-2012-0057 When applying a crafted XSLT transform, an attacker could write files to arbitrary places in the filesystem. NOTE: the fix for CVE-2011-2483 required changing the behaviour of this function: it is now incompatible with some old (wrongly) generated hashes for passwords containing 8-bit characters. See the package NEWS entry for details. This change has not been applied to the Lenny version of PHP. NOTE: at the time of release packages for some architectures are still being built. They will be installed into the archive as soon as they arrive. For the oldstable distribution (lenny), these problems have been fixed in version 5.2.6.dfsg.1-1+lenny15. For the stable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze6. For the testing distribution (wheezy) and unstable distribution (sid), these problems have been fixed in version 5.3.9-1. We recommend that you upgrade your php5 packages.
sunrat Posted February 2, 2012 Posted February 2, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2401-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 02, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat6 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written into a logfile. CVE-2011-2526 Missing input sanisiting in the HTTP APR or HTTP NIO connectors could lead to denial of service. CVE-2011-3190 AJP requests could be spoofed in some setups. CVE-2011-3375 Incorrect request caching could lead to information disclosure. CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests. Additional information can be found at http://tomcat.apache.org/security-6.html For the stable distribution (squeeze), this problem has been fixed in version 6.0.35-1+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 6.0.35-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2400-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 02, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0444 "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code. CVE-2012-0449 Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.9.0.19-13 of the xulrunner source package. For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-12. For the unstable distribution (sid), this problem has been fixed in version 10.0-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2402-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 02, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceape Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0444 "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code. CVE-2012-0449 Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version 2.0.11-10. For the unstable distribution (sid), this problem has been fixed in version 2.0.14-10. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2403-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst February 02, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Vulnerability : code injection Problem type : remote Debian-specific: no CVE ID : CVE-2012-0830 Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. For the oldstable distribution (lenny), no fix is available at this time. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7. The testing distribution (wheezy) and unstable distribution (sid) will be fixed soon.
Recommended Posts