sunrat Posted February 5, 2012 Posted February 5, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2384-2 security@debian.org http://www.debian.org/security/ February 04, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cacti Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545 CVE-2011-4824 It was discovered that the last security update for cacti, DSA-2384-1, introduced a regression in lenny. For the oldstable distribution (lenny), this problem has been fixed in version 0.8.7b-2.1+lenny5. The stable distribution (squeeze) is not affected by this regression.
sunrat Posted February 5, 2012 Posted February 5, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2404-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 05, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen-qemu-dm-4.0 Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-0029 Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges. The old stable distribution (lenny) does not contain the xen-qemu-dm-4.0 package. For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-2+squeeze1. The testing distribution (wheezy) and the unstable distribution (sid) will be fixed soon.
sunrat Posted February 6, 2012 Posted February 6, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2405-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch February 06, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 Vulnerability : multiple issues Problem type : remote Debian-specific: no CVE ID : CVE-2011-3607 CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 Several vulnerabilities have been found in the Apache HTTPD Server: CVE-2011-3607: An integer overflow in ap_pregsub() could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. CVE-2011-3368 CVE-2011-3639 CVE-2011-4317: The Apache HTTP Server did not properly validate the request URI for proxied requests. In certain reverse proxy configurations using the ProxyPassMatch directive or using the RewriteRule directive with the [P] flag, a remote attacker could make the proxy connect to an arbitrary server. The could allow the attacker to access internal servers that are not otherwise accessible from the outside. The three CVE ids denote slightly different variants of the same issue. Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. For example, the configuration ProxyPassMatch ^/mail(.*) http://internal-host$1 is still insecure and should be replaced by one of the following configurations: ProxyPassMatch ^/mail(/.*) http://internal-host$1 ProxyPassMatch ^/mail/(.*) http://internal-host/$1 CVE-2012-0031: An apache2 child process could cause the parent process to crash during shutdown. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. CVE-2012-0053: The response message for error code 400 (bad request) could be used to expose "httpOnly" cookies. This could allow a remote attacker using cross site scripting to steal authentication cookies. For the oldstable distribution (lenny), these problems have been fixed in version apache2 2.2.9-10+lenny12. For the stable distribution (squeeze), these problems have been fixed in version apache2 2.2.16-6+squeeze6 For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-1. For the unstable distribution (sid), these problems have been fixed in version 2.2.22-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2403-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst February 06, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Vulnerability : code injection Problem type : remote Debian-specific: no CVE ID : CVE-2012-0830 Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. This update adds packages for the oldstable distribution, which were missing from the original advisory. The problem has been fixed in version 5.2.6.dfsg.1-1+lenny16, installed into the security archive on 3 Feb 2012. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7. For the unstable distribution (sid), this problem has been fixed in version 5.3.10-1.
sunrat Posted February 9, 2012 Posted February 9, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2406-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 09, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. CVE-2012-0442 Memory corruption bugs could cause Icedove to crash or possibly execute arbitrary code. CVE-2012-0444 Icedove does not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. CVE-2012-0449 Icedove allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document For the stable distribution (squeeze), this problem has been fixed in version 3.0.11-1+squeeze7. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2407-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 09, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cvs Vulnerability : heap overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-0804 It was discovered that a malicious CVS server could cause a heap overflow in the CVS client, potentially allowing the server to execute arbitrary code on the client. For the stable distribution (squeeze), this problem has been fixed in version 1:1.12.13-12+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 2:1.12.13+real-7.
sunrat Posted February 14, 2012 Posted February 14, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2408-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 13, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-1072 CVE-2011-4153 CVE-2012-0781 CVE-2012-0788 CVE-2012-0831 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1072 It was discoverd that insecure handling of temporary files in the PEAR installer could lead to denial of service. CVE-2011-4153 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the zend_strndup() function could lead to denial of service. CVE-2012-0781 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the tidy_diagnose() function could lead to denial of service. CVE-2012-0788 It was discovered that missing checks in the handling of PDORow objects could lead to denial of service. CVE-2012-0831 It was discovered that the magic_quotes_gpc setting could be disabled remotely This update also addresses PHP bugs, which are not treated as security issues in Debian (see README.Debian.security), but which were fixed nonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267 For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze8. For the unstable distribution (sid), this problem has been fixed in version 5.3.10-1.
sunrat Posted February 16, 2012 Posted February 16, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2409-1 security@debian.org http://www.debian.org/security/ Raphael Geissert February 15, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : devscripts Vulnerability : several Problem type : local (remote) Debian-specific: yes CVE ID : CVE-2012-0210 CVE-2012-0211 CVE-2012-0212 Several vulnerabilities have been discovered in debdiff, a script used to compare two Debian packages, which is part of the devscripts package. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: CVE-2012-0210: Paul Wise discovered that due to insufficient input sanitising when processing .dsc and .changes files, it is possible to execute arbitrary code and disclose system information. CVE-2012-0211: Raphael Geissert discovered that it is possible to inject or modify arguments of external commands when processing source packages with specially-named tarballs in the top-level directory of the .orig tarball, allowing arbitrary code execution. CVE-2012-0212: Raphael Geissert discovered that it is possible to inject or modify arguments of external commands when passing as argument to debdiff a specially-named file, allowing arbitrary code execution. For the stable distribution (squeeze), these problems have been fixed in version 2.10.69+squeeze2. For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems will be fixed in version 2.11.4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2410-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 15, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpng Vulnerability : integer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-3026 Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. For the stable distribution (squeeze), this problem has been fixed in version 1.2.44-1+squeeze2. For the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted February 19, 2012 Posted February 19, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2411-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 19, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mumble Vulnerability : information disclosure Problem type : local Debian-specific: no CVE ID : CVE-2012-0863 Debian Bug : 659039 It was discovered that mumble, a VoIP client, does not probably manage permission on its user-specific configuration files, allowing other local users on the system to access them. For the stable distribution (squeeze), this problem has been fixed in version 1.2.2-6+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1.2.3-3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2412-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 19, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvorbis Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE ID : CVE-2012-0444 It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed. For the stable distribution (squeeze), this problem has been fixed in version 1.3.1-1+squeeze1. For the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted February 20, 2012 Posted February 20, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2413-1 security@debian.org http://www.debian.org/security/ Luk Claes February 20, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libarchive Vulnerability : buffer overflows Problem type : remote/local Debian-specific: no CVE ID : CVE-2011-1777 CVE-2011-1778 Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality. For the stable distribution (squeeze), this problem has been fixed in version 2.8.4-1+squeeze1. For the testing (wheezy) and unstable (sid) distributions, this problem has been fixed in version 2.8.5-5.
sunrat Posted February 22, 2012 Posted February 22, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2413-1 security@debian.org http://www.debian.org/security/ Nico Golde February 21, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : fex Vulnerability : insufficient input sanitization Problem type : remote Debian-specific: no CVE ID : CVE-2012-0869 Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters. For the stable distribution (squeeze), this problem has been fixed in version 20100208+debian1-1+squeeze2. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 20120215-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2415-1 security@debian.org http://www.debian.org/security/ Nico Golde February 21, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libmodplug Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2011-1761 CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915 Several vulnerabilities that can lead to the execution of arbitrary code have been discovered in libmodplug, a library for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1761 epiphant discovered that the abc file parser is vulnerable to several stack-based buffer overflows that potentially lead to the execution of arbitrary code. CVE-2011-2911 Hossein Lotfi of Secunia discovered that the CSoundFile::ReadWav function is vulnerable to an integer overflow which leads to a heap-based buffer overflow. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted WAV files. CVE-2011-2912 Hossein Lotfi of Secunia discovered that the CSoundFile::ReadS3M function is vulnerable to a stack-based buffer overflow. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted S3M files. CVE-2011-2913 Hossein Lotfi of Secunia discovered that the CSoundFile::ReadAMS function suffers from an off-by-one vulnerability that leads to memory corruption. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted AMS files. CVE-2011-2914 It was discovered that the CSoundFile::ReadDSM function suffers from an off-by-one vulnerability that leads to memory corruption. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted DSM files. CVE-2011-2915 It was discovered that the CSoundFile::ReadAMS2 function suffers from an off-by-one vulnerability that leads to memory corruption. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted AMS files. For the stable distribution (squeeze), this problem has been fixed in version 1:0.8.8.1-1+squeeze2. For the testing (wheezy) and unstable (sid) distributions, this problem has been fixed in version 1:0.8.8.4-1.
sunrat Posted February 22, 2012 Posted February 22, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2417-1 security@debian.org http://www.debian.org/security/ Nico Golde February 22, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 Vulnerability : computational denial of service Problem type : local/remote Debian-specific: no Debug bug : 660846 CVE ID : CVE-2012-0841 It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. As a result it is possible to perform denial of service attacks against applications using libxml2 functionality because of the computational overhead. For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze3. For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon.
sunrat Posted February 23, 2012 Posted February 23, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2416-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst February 22, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : notmuch Vulnerability : information disclosure Problem type : remote Debian-specific: no It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing message. For the stable distribution (squeeze), this problem has been fixed in version 0.3.1+squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 0.11.1-1.
sunrat Posted February 27, 2012 Posted February 27, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2414-2 security@debian.org http://www.debian.org/security/ Nico Golde February 25, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : fex Vulnerability : insufficient input sanitization Problem type : remote Debian-specific: no CVE ID : CVE-2012-0869 It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem. For the stable distribution (squeeze), this problem has been fixed in version 20100208+debian1-1+squeeze3. The testing (wheezy) and unstable (sid) distributions are not affected by this problem.
sunrat Posted February 27, 2012 Posted February 27, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2418-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 27, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-8.4 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked. This could result in privilege escalation. CVE-2012-0867 It was discovered that only the first 32 characters of a host name are checked when validating host names through SSL certificates. This could result in spoofing the connection in limited circumstances. CVE-2012-0868 It was discovered that pg_dump did not sanitise object names. This could result in arbitrary SQL command execution if a malformed dump file is opened. For the stable distribution (squeeze), this problem has been fixed in version 8.4.11-0squeeze1. For the unstable distribution (sid), this problem has been fixed in version 8.4.11-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2419-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 27, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : puppet Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2012-1053 CVE-2012-1054 Two vulnerabilities were discovered in Puppet, a centralized configuration management tool. CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. CVE-2012-1054 The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used. For the stable distribution (squeeze), these problems have been fixed in version 2.6.2-5+squeeze4. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2.7.11-1.
sunrat Posted February 28, 2012 Posted February 28, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2420-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 28, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-6 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3377 CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. CVE-2011-3377 The Iced Tea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix with the required domain name. CVE-2011-3563 The Java Sound component did not properly check for array boundaries. A malicious input or an untrusted Java application or applet could use this flaw to cause Java Virtual Machine to crash or disclose portion of its memory. CVE-2011-5035 The OpenJDK embedded web server did not guard against an excessive number of a request parameters, leading to a denial of service vulnerability involving hash collisions. CVE-2012-0497 It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. This could lead to JVM crash or Java sandbox bypass. CVE-2012-0501 The ZIP central directory parser used by java.util.zip.ZipFile entered an infinite recursion in native code when processing a crafted ZIP file, leading to a denial of service. CVE-2012-0502 A flaw was found in the AWT KeyboardFocusManager class that could allow untrusted Java applets to acquire keyboard focus and possibly steal sensitive information. CVE-2012-0503 The java.util.TimeZone.setDefault() method lacked a security manager invocation, allowing an untrusted Java application or applet to set a new default time zone. CVE-2012-0505 The Java serialization code leaked references to serialization exceptions, possibly leaking critical objects to untrusted code in Java applets and applications. CVE-2012-0506 It was discovered that CORBA implementation in Java did not properly protect repository identifiers (that can be obtained using _ids() method) on certain Corba objects. This could have been used to perform modification of the data that should have been immutable. CVE-2012-0507 The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine to crash or bypass Java sandbox restrictions For the stable distribution (squeeze), these problems have been fixed in version 6b18-1.8.13-0+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 6b24-1.11.1-1.
sunrat Posted March 1, 2012 Posted March 1, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2421-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 29, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : moodle Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-4308 CVE-2011-4584 CVE-2011-4585 CVE-2011-4586 CVE-2011-4587 CVE-2011-4588 CVE-2012-0792 CVE-2012-0793 CVE-2012-0794 CVE-2012-0795 CVE-2012-0796 Several security issues have been fixed in Moodle, a course management system for online learning: CVE-2011-4308 / CVE-2012-0792 Rossiani Wijaya discovered an information leak in mod/forum/user.php CVE-2011-4584 MNET authentication didn't prevent a user using "Login As" from jumping to a remove MNET SSO. CVE-2011-4585 Darragh Enright discovered that the change password form was send in over plain HTTP even if httpslogin was set to "true". CVE-2011-4586 David Michael Evans and German Sanchez Gances discovered CRLF injection/HTTP response splitting vulnerabilities in the Calendar module. CVE-2011-4587 Stephen Mc Guiness discovered empty passwords could be entered in some circumstances. CVE-2011-4588 Patrick McNeill that IP address restrictions could be bypassed in MNET. CVE-2012-0796 Simon Coggins discovered that additional information could be injected into mail headers. CVE-2012-0795 John Ehringer discovered that email adresses were insufficiently validated. CVE-2012-0794 Rajesh Taneja discovered that cookie encryption used a fixed key. CVE-2012-0793 Eloy Lafuente discovered that profile images were insufficiently protected. A new configuration option "forceloginforprofileimages" was introduced for that. For the stable distribution (squeeze), this problem has been fixed in version 1.9.9.dfsg2-2.1+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 1.9.9.dfsg2-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2422-1 security@debian.org http://www.debian.org/security/ Florian Weimer February 29, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file Vulnerability : missing bounds checks Problem type : remote Debian-specific: no The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File (CDF) format, leading to crashes. Note that after this update, file may return different detection results for CDF files (well-formed or not). The new detections are believed to be more accurate. For the stable distribution (squeeze), this problem has been fixed in version 5.04-5+squeeze1.
sunrat Posted March 2, 2012 Posted March 2, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2423-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 02, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : movabletype-opensource Vulnerability : several Problem type : remote Debian-specific: no Debian Bug : 631437 661064 Several vulnerabilities were discovered in Movable Type, a blogging system: Under certain circumstances, a user who has "Create Entries" or "Manage Blog" permissions may be able to read known files on the local file system. The file management system contains shell command injection vulnerabilities, the most serious of which may lead to arbitrary OS command execution by a user who has a permission to sign-in to the admin script and also has a permission to upload files. Session hijack and cross-site request forgery vulnerabilities exist in the commenting and the community script. A remote attacker could hijack the user session or could execute arbitrary script code on victim's browser under the certain circumstances. Templates which do not escape variable properly and mt-wizard.cgi contain cross-site scripting vulnerabilities. For the stable distribution (squeeze), these problems have been fixed in version 4.3.8+dfsg-0+squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 5.1.3+dfsg-1.
sunrat Posted March 4, 2012 Posted March 4, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2424-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 04, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml-atom-perl Vulnerability : XML external entity expansion Problem type : remote Debian-specific: no It was discovered that the XML::Atom Perl module did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected ressources, depending on how the library is used. For the stable distribution (squeeze), this problem has been fixed in version 0.37-1+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 0.39-1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2425-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 04, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : plib Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-4620 Debian Bug : 654785 It was discovered that PLIB, a library used by TORCS, contains a buffer overflow in error message processing, which could allow remote attackers to execute arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version 1.8.5-5+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1.8.5-5.1.
sunrat Posted March 6, 2012 Posted March 6, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2426-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 06, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gimp Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1782 CVE-2011-2896 Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program. CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. CVE-2010-4541 Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. CVE-2010-4542 Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in in the GFIG plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. CVE-2010-4543 Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. CVE-2011-1782 The correction for CVE-2010-4543 was incomplete. CVE-2011-2896 The LZW decompressor in the LZWReadByte function in plug-ins/common/file-gif-load.c does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream. For the stable distribution (squeeze), these problems have been fixed in version 2.6.10-1+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2.6.11-5. - ------------------------------------------------------------------------- Debian Security Advisory DSA-2427-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 06, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick Vulnerability : several Problem type : local CVE ID : CVE-2012-0247 CVE-2012-0248 Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images: CVE-2012-0247 When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address. CVE-2012-0248 Parsing a maliciously crafted image with an IFD whose all IOP tags value offsets point to the beginning of the IFD itself results in an endless loop and a denial of service. For the stable distribution (squeeze), these problems have been fixed in version 8:6.6.0.4-3+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 8:6.6.9.7-6.
sunrat Posted March 7, 2012 Posted March 7, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2429-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 07, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.1 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115 CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0490 CVE-2012-0492 Debian Bug : 659687 Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes at: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html For the stable distribution (squeeze), these problems have been fixed in version 5.1.61-0+squeeze1. For the unstable distribution (sid), these problems have been fixed in version 5.1.61-2.
sunrat Posted March 8, 2012 Posted March 8, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2428-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 07, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freetype Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2012-1133 CVE-2012-1134 CVE-2012-1136 CVE-2012-1142 CVE-2012-1144 Mateusz Jurczyk from the Google Security Team discovered several vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed. For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze4. The updated packages are already available since yesterday, but the advisory text couldn't be send earlier. For the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted March 10, 2012 Posted March 10, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2430-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 10, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-pam Vulnerability : double free Problem type : remote Debian-specific: no CVE ID : CVE-2012-1502 Markus Vervier discovered a double free in the Python interface to the PAM library, which could lead to denial of service. For the stable distribution (squeeze), this problem has been fixed in version 0.4.2-12.2+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 0.4.2-13.
sunrat Posted March 11, 2012 Posted March 11, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2431-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 11, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libdbd-pg-perl Vulnerability : format string vulnerabilities Problem type : remote Debian-specific: no CVE ID : CVE-2012-1151 Debian Bug : 661536 Niko Tyni discovered two format string vulnerabilities in DBD::Pg, a Perl DBI driver for the PostgreSQL database server, which can be exploited by a rogue database server. For the stable distribution (squeeze), this problem has been fixed in version 2.17.1-2+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 2.19.0-1.
sunrat Posted March 13, 2012 Posted March 13, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2432-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 12, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml-libyaml-perl Vulnerability : format string vulnerabilities Problem type : remote Debian-specific: no CVE ID : CVE-2012-1152 Debian Bug : 661548 Dominic Hargreaves and Niko Tyni discovered two format string vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml library. For the stable distribution (squeeze), this problem has been fixed in version 0.33-1+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 0.38-2.
sunrat Posted March 15, 2012 Posted March 15, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2433-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 15, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. CVE-2012-0458 Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page. CVE-2012-0461 Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-13. For the unstable distribution (sid), this problem has been fixed in version 10.0.3esr-1. For the experimental distribution, this problem has been fixed in version 11.0-1.
sunrat Posted March 19, 2012 Posted March 19, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2436-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst March 19, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libapache2-mod-fcgid Vulnerability : inactive resource limits Problem type : remote Debian-specific: no CVE ID : CVE-2012-1181 Debian Bug : 615814 It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources. For the stable distribution (squeeze), this problem has been fixed in version 1:2.3.6-1+squeeze1. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1:2.3.6-1.1.
sunrat Posted March 20, 2012 Posted March 20, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2434-1 security@debian.org http://www.debian.org/security/ Luciano Bello March 19, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx Vulnerability : sensitive information leak Problem type : remote Debian-specific: no CVE ID : CVE-2012-1180 Debian Bug : 664137 Matthew Daley discovered a memory disclosure vulnerability in nginx. In previous versions of this web server, an attacker can receive the content of previously freed memory if an upstream server returned a specially crafted HTTP response, potentially exposing sensitive information. For the stable distribution (squeeze), this problem has been fixed in version 0.7.67-3+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 1.1.17-1. - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2435-1 security@debian.org http://www.debian.org/security/ Gabriele Giacone March 19, 2012 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : gnash Vulnerability : several Problem type : local / local (remote) Debian-specific: no CVE ID : CVE-2010-4337 CVE-2011-4328 CVE-2012-1175 Debian Bug : 605419 649384 664023 Several vulnerabilities have been identified in Gnash, the GNU Flash player. CVE-2012-1175 Tielei Wang from Georgia Tech Information Security Center discovered a vulnerability in GNU Gnash which is caused due to an integer overflow error and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted SWF file. CVE-2011-4328 Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie files are stored under /tmp and have predictable names, vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for, and are also world-readable which may cause information leak. CVE-2010-4337 Jakub Wilk discovered an unsafe management of temporary files during the build process. Files are stored under /tmp and have predictable names, vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for. For the stable distribution (squeeze), this problem has been fixed in version 0.8.8-5+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 0.8.10-5.
sunrat Posted March 22, 2012 Posted March 22, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2437-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 21, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461 Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. CVE-2012-0458 Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page. CVE-2012-0461 Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version icedove 3.0.11-1+squeeze8. For the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted March 22, 2012 Posted March 22, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2438-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 22, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : raptor Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2012-0037 It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure. For the stable distribution (squeeze), this problem has been fixed in version 1.4.21-2+squeeze1. For the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted March 22, 2012 Posted March 22, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2439-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 22, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpng Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-3045 Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. For the stable distribution (squeeze), this problem has been fixed in version 1.2.44-1+squeeze3. Packages for i386 are not yet available, but will be provided shortly. For the unstable distribution (sid), this problem will be fixed soon.
sunrat Posted March 24, 2012 Posted March 24, 2012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2440-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 24, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtasn1-3 Vulnerability : missing bounds check Problem type : remote Debian-specific: no CVE ID : CVE-2012-1569 Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue. For the stable distribution (squeeze), this problem has been fixed in version 2.7-1+squeeze+1. For the unstable distribution (sid), this problem has been fixed in version 2.12-1.
Recommended Posts