Jump to content

Recommended Posts

sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2869-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

March 03, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gnutls26

Vulnerability : incorrect certificate verification

CVE ID : CVE-2014-0092

 

Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate

verification issue in GnuTLS, an SSL/TLS library. A certificate

validation could be reported sucessfully even in cases were an error

would prevent all verification steps to be performed.

 

An attacker doing a man-in-the-middle of a TLS connection could use this

vulnerability to present a carefully crafted certificate that would be

accepted by GnuTLS as valid even if not signed by one of the trusted

authorities.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 2.8.6-1+squeeze3.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.12.20-8+deb7u1.

 

For the testing distribution (jessie), this problem has been fixed in

version 2.12.23-13.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.12.23-13.

Link to post
Share on other sites
  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

  • sunrat

    1557

  • V.T. Eric Layton

    171

  • securitybreach

    112

  • Bruno

    65

Top Posters In This Topic

Popular Posts

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 security@debian.org http://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3401-1 security@debian.org https://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4123-1 security@debian.org https://www.debian.org/security/

sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2870-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 08, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libyaml-libyaml-perl

Vulnerability : heap-based buffer overflow

CVE ID : CVE-2013-6393

 

Florian Weimer of the Red Hat Product Security Team discovered a

heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and

emitter library. A remote attacker could provide a YAML document with a

specially-crafted tag that, when parsed by an application using libyaml,

would cause the application to crash or, potentially, execute arbitrary

code with the privileges of the user running the application.

 

This update corrects this flaw in the copy that is embedded in the

libyaml-libyaml-perl package.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 0.33-1+squeeze2.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.38-3+deb7u1.

 

For the testing distribution (jessie), this problem has been fixed in

version 0.41-4.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.41-4.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2871-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 10, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wireshark

CVE ID : CVE-2014-2281 CVE-2014-2283 CVE-2014-2299

 

Multiple vulnerabilities were discovered in Wireshark:

 

CVE-2014-2281

 

Moshe Kaplan discovered that the NFS dissector could be crashed,

resulting in denial of service.

 

CVE-2014-2283

 

It was discovered that the RLC dissector could be crashed, resulting

in denial of service.

 

CVE-2014-2299

 

Wesley Neelen discovered a buffer overflow in the MPEG file parser,

which could lead to the execution of arbitrary code.

 

For the oldstable distribution (squeeze), these problems have been fixed in

version 1.2.11-6+squeeze14.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.8.2-5wheezy10.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.10.6-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2872-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 10, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : udisks

CVE ID : CVE-2014-0004

 

Florian Weimer discovered a buffer overflow in udisks's mount path

parsing code which may result in privilege escalation.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 1.0.1+git20100614-3squeeze1.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.0.4-7wheezy1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.0.5-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2873-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 11, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : file

Vulnerability : several

CVE ID : CVE-2014-2270

Debian Bug : 703993

 

Several vulnerabilities have been found in file, a file type

classification tool.

 

Aaron Reffett reported a flaw in the way the file utility determined the

type of Portable Executable (PE) format files, the executable format

used on Windows. When processing a defective or intentionally prepared

PE executable which contains invalid offset information, the

file_strncmp routine will access memory that is out of bounds, causing

file to crash. The Common Vulnerabilities and Exposures project ID

CVE-2014-2270 has been assigned to identify this flaw.

 

Mike Frysinger reported that file's rule for detecting AWK scripts

significantly slows down file. The regular expression to detect AWK

files contained two star operators, which could be exploited to cause

excessive backtracking in the regex engine.

 

For the oldstable distribution (squeeze), these problems have been fixed

in version 5.04-5+squeeze4.

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.11-2+deb7u2.

 

For the testing distribution (jessie), these problems have been fixed in

version 1:5.17-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:5.17-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2874-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 12, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mutt

CVE ID : CVE-2014-0467

Debian Bug : 708731

 

Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the

mutt mailreader. Malformed RFC2047 header lines could result in denial

of service or potentially the execution of arbitrary code.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 1.5.20-9+squeeze3.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.5.21-6.2+deb7u2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.5.22-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2875-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 12, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : cups-filters

CVE ID : CVE-2013-6474 CVE-2013-6475 CVE-2013-6476

 

Florian Weimer of the Red Hat Product Security Team discovered multiple

vulnerabilities in the pdftoopvp CUPS filter, which could result in the

execution of aribitrary code if a malformed PDF file is processed.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.0.18-2.1+deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.0.47-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2876-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 12, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : cups

CVE ID : CVE-2013-6474 CVE-2013-6475 CVE-2013-6476

 

Florian Weimer of the Red Hat Product Security Team discovered multiple

vulnerabilities in the pdftoopvp CUPS filter, which could result in the

execution of aribitrary code if a malformed PDF file is processed.

 

For the oldstable distribution (squeeze), these problems have been fixed in

version 1.4.4-7+squeeze4.

 

For the stable distribution (wheezy) and the unstable distribution (sid)

the filter is now part of the cups-filters source package.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2877-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

March 12, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : lighttpd

CVE ID : CVE-2014-2323 CVE-2014-2324

Debian Bug : 741493

 

Several vulnerabilities were discovered in the lighttpd web server.

 

CVE-2014-2323

 

Jann Horn discovered that specially crafted host names can be used

to inject arbitrary MySQL queries in lighttpd servers using the

MySQL virtual hosting module (mod_mysql_vhost).

 

This only affects installations with the lighttpd-mod-mysql-vhost

binary package installed and in use.

 

CVE-2014-2324

 

Jann Horn discovered that specially crafted host names can be used

to traverse outside of the document root under certain situations

in lighttpd servers using either the mod_mysql_vhost, mod_evhost,

or mod_simple_vhost virtual hosting modules.

 

Servers not using these modules are not affected.

 

For the oldstable distribution (squeeze), these problems have been fixed in

version 1.4.28-2+squeeze1.6.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.4.31-4+deb7u3.

 

For the testing distribution (jessie), these problems will be fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.4.33-1+nmu3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2878-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 13, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : virtualbox

CVE ID : CVE-2013-5892 CVE-2014-0404 CVE-2014-0406 CVE-2014-0407

Debian Bug : 735410

 

Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86

virtualisation solution, resulting in denial of service, privilege

escalation and an information leak.

 

For the oldstable distribution (squeeze), these problems have been fixed in

version 3.2.10-dfsg-1+squeeze2 of the virtualbox-ose source package.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.1.18-dfsg-2+deb7u2.

 

For the testing distribution (jessie), these problems have been fixed in

version 4.3.6-dfsg-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.3.6-dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2879-1 security@debian.org

http://www.debian.org/security/ Raphael Geissert

March 13, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libssh

CVE ID : CVE-2014-0017

 

It was discovered that libssh, a tiny C SSH library, did not reset the

state of the PRNG after accepting a connection. A server mode

application that forks itself to handle incoming connections could see

its children sharing the same PRNG state, resulting in a cryptographic

weakness and possibly the recovery of the private key.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 0.4.5-3+squeeze2.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.5.4-1+deb7u1.

 

For the testing distribution (jessie), this problem has been fixed in

version 0.5.4-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.5.4-3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2880-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 17, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : python2.7

CVE ID : CVE-2013-4238 CVE-2014-1912

 

Multiple security issues were discovered in Python:

 

CVE-2013-4238

 

Ryan Sleevi that NULL charactors in the subject alternate names of

SSL cerficates were parsed incorrectly.

 

CVE-2014-1912

 

Ryan Smith-Roberts discovered a buffer overflow in the

socket.recvfrom_into() function.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.7.3-6+deb7u2.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.7.6-7.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2881-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 19, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508

CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513

CVE-2014-1514

 

Multiple security issues have been found in Iceweasel, Debian's version

of the Mozilla Firefox web browser: Multiple memory safety errors, out of

bound reads, use-after-frees and other implementation errors may lead to

the execution of arbitrary code, information disclosure, denial of

service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 24.4.0esr-1~deb7u2.

 

For the unstable distribution (sid), these problems have been fixed in

version 24.4.0esr-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2859-2 security@debian.org

http://www.debian.org/security/ Raphael Geissert

March 19, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pidgin

CVE ID : CVE-2013-6485 CVE-2013-6490

 

Multiple vulnerabilities have been discovered in pidgin, a multi-protocol

instant messaging client. In addition to fixing the vulnerabilities,

this revision specific to the oldstable distribution (squeeze),

reduces the supported protocols to: IRC, Jabber/XMPP, Sametime, and

SIMPLE.

 

Users of other protocols are encouraged to either upgrade to the stable

distribution (wheezy) or to use the version in backports. It must be

noted, however, that the latter is not supported by the Security Team.

 

For reference, the original description of the vulnerabilities from

DSA-2859-1 is quoted below:

 

CVE-2013-6485

 

Matt Jones discovered a buffer overflow in the parsing of malformed

HTTP responses.

 

CVE-2013-6490

 

Yves Younan discovered a buffer overflow when parsing SIMPLE

headers.

 

For the oldstable distribution (squeeze), these problems have been fixed in

version 2.7.3-1+squeeze4.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2882-1 security@debian.org

http://www.debian.org/security/ Giuseppe Iuculano

March 20, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : extplorer

CVE ID : CVE-2013-5951

Debian Bug : 741908

 

Multiple cross-site scripting (XSS) vulnerabilities have been discovered

in extplorer, a web file explorer and manager using Ext JS.

A remote attackers can inject arbitrary web script or HTML code via a

crafted string in the URL to application.js.php, admin.php, copy_move.php,

functions.php, header.php and upload.php.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 2.1.0b6+dfsg.2-1+squeeze2.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.1.0b6+dfsg.3-4+deb7u1.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2883-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

March 23, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium-browser

CVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656

CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660

CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665

CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700

CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704

CVE-2014-1705 CVE-2014-1713 CVE-2014-1715

 

Several vulnerabilities have been discovered in the chromium web browser.

 

CVE-2013-6653

 

Khalil Zhani discovered a use-after-free issue in chromium's web

contents color chooser.

 

CVE-2013-6654

 

TheShow3511 discovered an issue in SVG handling.

 

CVE-2013-6655

 

cloudfuzzer discovered a use-after-free issue in dom event handling.

 

CVE-2013-6656

 

NeexEmil discovered an information leak in the XSS auditor.

 

CVE-2013-6657

 

NeexEmil discovered a way to bypass the Same Origin policy in the

XSS auditor.

 

CVE-2013-6658

 

cloudfuzzer discovered multiple use-after-free issues surrounding

the updateWidgetPositions function.

 

CVE-2013-6659

 

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that

it was possible to trigger an unexpected certificate chain during

TLS renegotiation.

 

CVE-2013-6660

 

bishopjeffreys discovered an information leak in the drag and drop

implementation.

 

CVE-2013-6661

 

The Google Chrome team discovered and fixed multiple issues in

version 33.0.1750.117.

 

CVE-2013-6663

 

Atte Kettunen discovered a use-after-free issue in SVG handling.

 

CVE-2013-6664

 

Khalil Zhani discovered a use-after-free issue in the speech

recognition feature.

 

CVE-2013-6665

 

cloudfuzzer discovered a buffer overflow issue in the software

renderer.

 

CVE-2013-6666

 

netfuzzer discovered a restriction bypass in the Pepper Flash

plugin.

 

CVE-2013-6667

 

The Google Chrome team discovered and fixed multiple issues in

version 33.0.1750.146.

 

CVE-2013-6668

 

Multiple vulnerabilities were fixed in version 3.24.35.10 of

the V8 javascript library.

 

CVE-2014-1700

 

Chamal de Silva discovered a use-after-free issue in speech

synthesis.

 

CVE-2014-1701

 

aidanhs discovered a cross-site scripting issue in event handling.

 

CVE-2014-1702

 

Colin Payne discovered a use-after-free issue in the web database

implementation.

 

CVE-2014-1703

 

VUPEN discovered a use-after-free issue in web sockets that

could lead to a sandbox escape.

 

CVE-2014-1704

 

Multiple vulnerabilities were fixed in version 3.23.17.18 of

the V8 javascript library.

 

CVE-2014-1705

 

A memory corruption issue was discovered in the V8 javascript

library.

 

CVE-2014-1713

 

A use-after-free issue was discovered in the AttributeSetter

function.

 

CVE-2014-1715

 

A directory traversal issue was found and fixed.

 

For the stable distribution (wheezy), these problems have been fixed in

version 33.0.1750.152-1~deb7u1.

 

For the testing distribution (jessie), these problems will be fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 33.0.1750.152-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2873-2 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 24, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : file

Debian Bug : 742262 742265

 

It was discovered that the recent file update, DSA-2873-1, introduced a

regression in the recognition of Perl scripts containing BEGIN code

blocks.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 5.04-5+squeeze5.

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.11-2+deb7u3.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2884-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 26, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libyaml

CVE ID : CVE-2014-2525

Debian Bug : 742732

 

Ivan Fratric of the Google Security Team discovered a heap-based buffer

overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter

library. A remote attacker could provide a specially-crafted YAML

document that, when parsed by an application using libyaml, would cause

the application to crash or, potentially, execute arbitrary code with

the privileges of the user running the application.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 0.1.3-1+deb6u4.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.1.4-2+deb7u4.

 

For the unstable distribution (sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2885-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 26, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libyaml-libyaml-perl

CVE ID : CVE-2014-2525

 

Ivan Fratric of the Google Security Team discovered a heap-based buffer

overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter

library. A remote attacker could provide a specially-crafted YAML

document that, when parsed by an application using libyaml, would cause

the application to crash or, potentially, execute arbitrary code with

the privileges of the user running the application.

 

This update corrects this flaw in the copy that is embedded in the

libyaml-libyaml-perl package.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 0.33-1+squeeze3.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.38-3+deb7u2.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.41-5.

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2886-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

March 26, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxalan2-java

CVE ID : CVE-2014-0107

Debian Bug : 742577

 

Nicolas Gregoire discovered several vulnerabilities in libxalan2-java,

a Java library for XSLT processing. Crafted XSLT programs could

access system properties or load arbitrary classes, resulting in

information disclosure and, potentially, arbitrary code execution.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 2.7.1-5+deb6u1.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.7.1-7+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.7.1-9.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2887-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 27, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby-actionmailer-3.2

CVE ID : CVE-2013-4389

 

Aaron Neyer discovered that missing input sanitising in the logging

component of Ruby Actionmailer could result in denial of service through

a malformed e-mail message.

 

For the stable distribution (wheezy), this problem has been fixed in

version 3.2.6-2+deb7u1.ruby-activesupport-3.2 was updated in a related

change to version 3.2.6-6+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.2.16-3+0 of the rails-3.2 source package.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2888-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 27, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby-actionpack-3.2

CVE ID : CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415

CVE-2013-6417

 

Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes

discovered multiple cross-site scripting and denial of service

vulnerabilities in Ruby Actionpack.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.2.6-6+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.2.16-3+0 of the rails-3.2 source package.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2889-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

March 28, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : postfixadmin

CVE ID : CVE-2014-2655

 

An SQL injection vulnerability was discovered in postfixadmin, a web

administration interface for the Postfix Mail Transport Agent, which

allowed authenticated users to make arbitrary manipulations to the

database.

 

The oldstable distribution (squeeze) does not contain postfixadmin.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.3.5-2+deb7u1.

 

For the testing distribution (jessie), and unstable distribution

(sid), this problem has been fixed in version 2.3.5-3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2890-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

March 29, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libspring-java

CVE ID : CVE-2014-0054 CVE-2014-1904

Debian Bug : 741604

 

Two vulnerabilities were discovered in libspring-java, the Debian

package for the Java Spring framework.

 

CVE-2014-0054

 

Jaxb2RootElementHttpMessageConverter in Spring MVC processes

external XML entities.

 

CVE-2014-1904

 

Spring MVC introduces a cross-site scripting vulnerability if the

action on a Spring form is not specified.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.0.6.RELEASE-6+deb7u3.

 

For the testing distribution (jessie) and the unstable distribution

(sid), these problems have been fixed in version 3.0.6.RELEASE-13.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2891-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

March 30, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mediawiki, mediawiki-extensions

CVE ID : CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572

CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472

CVE-2014-1610

Debian Bug : 729629 706601 742857 742857

 

Several vulnerabilities were discovered in MediaWiki, a wiki engine.

The Common Vulnerabilities and Exposures project describers the followin

issues:

 

CVE-2013-2031

 

Cross-site scripting attack via valid UTF-7 encoded sequences

in a SVG file.

 

CVE-2013-4567 & CVE-2013-4568

 

Kevin Israel (Wikipedia user PleaseStand) reported two ways

to inject Javascript due to an incomplete blacklist in the

CSS sanitizer function.

 

CVE-2013-4572

 

MediaWiki and the CentralNotice extension were incorrectly setting

cache headers when a user was autocreated, causing the user's

session cookies to be cached, and returned to other users.

 

CVE-2013-6452

 

Chris from RationalWiki reported that SVG files could be

uploaded that include external stylesheets, which could lead to

XSS when an XSL was used to include Javascript.

 

CVE-2013-6453

 

MediaWiki's SVG sanitization could be bypassed when the XML was

considered invalid.

 

CVE-2013-6454

 

MediaWiki's CSS sanitization did not filter -o-link attributes,

which could be used to execute Javascript in Opera 12.

 

CVE-2013-6472

 

MediaWiki displayed some information about deleted pages in

the log API, enhanced RecentChanges, and user watchlists.

 

CVE-2014-1610

 

A remote code execution vulnerability existed if file upload

support for DjVu (natively handled) or PDF files (in

combination with the PdfHandler extension) was enabled.

Neither file type is enabled by default in MediaWiki.

 

(ID assignment pending)

 

Cross site request forgery in login form: an attacker could login

a victim as the attacker.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1

of the mediawiki-extensions package.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the

mediawiki-extensions package.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2891-2 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

March 31, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mediawiki, mediawiki-extensions

CVE ID : CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572

CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472

CVE-2014-1610

Debian Bug : 729629 706601 742857 742857

 

In the Mediawiki update issued as DSA 2891-1, a few files were missing

from the package. This update corrects that problem. For reference, the

original advisory text follows.

 

Several vulnerabilities were discovered in MediaWiki, a wiki engine.

The Common Vulnerabilities and Exposures project describers the followin

issues:

 

CVE-2013-2031

 

Cross-site scripting attack via valid UTF-7 encoded sequences

in a SVG file.

 

CVE-2013-4567 & CVE-2013-4568

 

Kevin Israel (Wikipedia user PleaseStand) reported two ways

to inject Javascript due to an incomplete blacklist in the

CSS sanitizer function.

 

CVE-2013-4572

 

MediaWiki and the CentralNotice extension were incorrectly setting

cache headers when a user was autocreated, causing the user's

session cookies to be cached, and returned to other users.

 

CVE-2013-6452

 

Chris from RationalWiki reported that SVG files could be

uploaded that include external stylesheets, which could lead to

XSS when an XSL was used to include Javascript.

 

CVE-2013-6453

 

MediaWiki's SVG sanitization could be bypassed when the XML was

considered invalid.

 

CVE-2013-6454

 

MediaWiki's CSS sanitization did not filter -o-link attributes,

which could be used to execute Javascript in Opera 12.

 

CVE-2013-6472

 

MediaWiki displayed some information about deleted pages in

the log API, enhanced RecentChanges, and user watchlists.

 

CVE-2014-1610

 

A remote code execution vulnerability existed if file upload

support for DjVu (natively handled) or PDF files (in

combination with the PdfHandler extension) was enabled.

Neither file type is enabled by default in MediaWiki.

 

(ID assignment pending)

 

Cross site request forgery in login form: an attacker could login

a victim as the attacker.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1

of the mediawiki-extensions package.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the

mediawiki-extensions package.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2892-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 31, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : a2ps

CVE ID : CVE-2001-1593 CVE-2014-0466

Debian Bug : 737385 742902

 

Several vulnerabilities have been found in a2ps, an 'Anything to

PostScript' converter and pretty-printer. The Common Vulnerabilities and

Exposures project identifies the following problems:

 

CVE-2001-1593

 

The spy_user function which is called when a2ps is invoked with the

--debug flag insecurely used temporary files.

 

CVE-2014-0466

 

Brian M. Carlson reported that a2ps's fixps script does not invoke

gs with the -dSAFER option. Consequently executing fixps on a

malicious PostScript file could result in files being deleted or

arbitrary commands being executed with the privileges of the user

running fixps.

 

For the oldstable distribution (squeeze), these problems have been fixed

in version 1:4.14-1.1+deb6u1.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1:4.14-1.1+deb7u1.

 

For the testing distribution (jessie) and the unstable distribution

(sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2893-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

March 31, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openswan

CVE ID : CVE-2013-2053 CVE-2013-6466

 

Two vulnerabilities were fixed in Openswan, an IKE/IPsec implementation

for Linux.

 

CVE-2013-2053

 

During an audit of Libreswan (with which Openswan shares some code),

Florian Weimer found a remote buffer overflow in the atodn()

function. This vulnerability can be triggered when Opportunistic

Encryption (OE) is enabled and an attacker controls the PTR record

of a peer IP address.

Authentication is not needed to trigger the vulnerability.

 

CVE-2013-6466

 

Iustina Melinte found a vulnerability in Libreswan which also

applies to the Openswan code. By carefuly crafting IKEv2 packets, an

attacker can make the pluto daemon derefeences non-received IKEv2

payload, leading to the daemon crash.

Authentication is not needed to trigger the vulnerability.

 

Patches were originally written to fix the vulnerabilities in Libreswan,

and have been ported to Openswan by Paul Wouters from the Libreswan

Project.

 

Since the Openswan package is not maintained anymore in the Debian

distribution and is not available in testing and unstable suites, it is

recommended for IKE/IPsec users to switch to a supported implementation

like strongSwan.

 

For the oldstable distribution (squeeze), these problems have been fixed in

version 2.6.28+dfsg-5+squeeze2.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.6.37-3.1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2891-3 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

March 31, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mediawiki, mediawiki-extensions

CVE ID : CVE-2013-2031 CVE-2013-4567 CVE-2013-4568 CVE-2013-4572

CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472

CVE-2014-1610 CVE-2014-2665

Debian Bug : 729629 706601 742857 742857

 

The Mediawiki update issued as DSA 2891-1 caused regressions. This

update fixes those problems. For reference the original advisory

text follows.

 

Several vulnerabilities were discovered in MediaWiki, a wiki engine.

The Common Vulnerabilities and Exposures project describers the followin

issues:

 

CVE-2013-2031

 

Cross-site scripting attack via valid UTF-7 encoded sequences

in a SVG file.

 

CVE-2013-4567 & CVE-2013-4568

 

Kevin Israel (Wikipedia user PleaseStand) reported two ways

to inject Javascript due to an incomplete blacklist in the

CSS sanitizer function.

 

CVE-2013-4572

 

MediaWiki and the CentralNotice extension were incorrectly setting

cache headers when a user was autocreated, causing the user's

session cookies to be cached, and returned to other users.

 

CVE-2013-6452

 

Chris from RationalWiki reported that SVG files could be

uploaded that include external stylesheets, which could lead to

XSS when an XSL was used to include Javascript.

 

CVE-2013-6453

 

MediaWiki's SVG sanitization could be bypassed when the XML was

considered invalid.

 

CVE-2013-6454

 

MediaWiki's CSS sanitization did not filter -o-link attributes,

which could be used to execute Javascript in Opera 12.

 

CVE-2013-6472

 

MediaWiki displayed some information about deleted pages in

the log API, enhanced RecentChanges, and user watchlists.

 

CVE-2014-1610

 

A remote code execution vulnerability existed if file upload

support for DjVu (natively handled) or PDF files (in

combination with the PdfHandler extension) was enabled.

Neither file type is enabled by default in MediaWiki.

 

CVE-2014-2665

 

Cross site request forgery in login form: an attacker could login

a victim as the attacker.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.19.15+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u2

of the mediawiki-extensions package.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:1.19.15+dfsg-1 of the mediawiki package and 3.5 of the mediawiki-extensions package.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2894-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 05, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssh

CVE ID : CVE-2014-2532 CVE-2014-2653

Debian Bug : 742513

 

Two vulnerabilities were discovered in OpenSSH, an implementation of the

SSH protocol suite. The Common Vulnerabilities and Exposures project

identifies the following problems:

 

CVE-2014-2532

 

Jann Horn discovered that OpenSSH incorrectly handled wildcards in

AcceptEnv lines. A remote attacker could use this issue to trick

OpenSSH into accepting any environment variable that contains the

characters before the wildcard character.

 

CVE-2014-2653

 

Matthew Vernon reported that if a SSH server offers a

HostCertificate that the ssh client doesn't accept, then the client

doesn't check the DNS for SSHFP records. As a consequence a

malicious server can disable SSHFP-checking by presenting a

certificate.

 

Note that a host verification prompt is still displayed before

connecting.

 

For the oldstable distribution (squeeze), these problems have been fixed in

version 1:5.5p1-6+squeeze5.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1:6.0p1-4+deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:6.6p1-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2895-1 security@debian.org

http://www.debian.org/security/ Luciano Bello

April 06, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : prosody

 

A denial-of-service vulnerability has been reported in Prosody, a XMPP

server. If compression is enabled, an attacker might send highly-com-

pressed XML elements (attack known as "zip bomb") over XMPP streams and

consume all the resources of the server.

 

The SAX XML parser lua-expat is also affected by this issues.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.8.2-4+deb7u1 of prosody.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.9.4-1 of prosody.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.2.0-5+deb7u1 of lua-expat.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.3.0-1 lua-expat.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2896-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 07, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

CVE ID : CVE-2014-0160

Debian Bug : 743883

 

A vulnerability has been discovered in OpenSSL's support for the

TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or

server can be recovered by an attacker This vulnerability might allow an

attacker to compromise the private key and other sensitive data in

memory.

 

All users are urged to upgrade their openssl packages (especially

libssl1.0.0) and restart applications as soon as possible.

 

According to the currently available information, private keys should be

considered as compromised and regenerated as soon as possible. More

details will be communicated at a later time.

 

The oldstable distribution (squeeze) is not affected by this

vulnerability.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.0.1e-2+deb7u5.

 

For the testing distribution (jessie), this problem has been fixed in

version 1.0.1g-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.0.1g-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2896-2 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 08, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

CVE ID : CVE-2014-0160

 

This revision to the recent OpenSSL update, DSA-2896-1, checks for some

services that may use OpenSSL in a way that they expose the

vulnerability. Such services are proposed to be restarted during the

upgrade to help in the actual deployment of the fix.

 

The list of services that are checked is not comprehensive. For a more

detailed check, it is recommended to use the checkrestart tool from the

debian-goodies package. Note that client applications also need to be

restarted.

 

In case of doubt a full system restart is recommended.

 

For reference, the original advisory text follows.

 

A vulnerability has been discovered in OpenSSL's support for the

TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or

server can be recovered by an attacker. This vulnerability might allow

an attacker to compromise the private key and other sensitive data in

memory.

 

All users are urged to upgrade their openssl packages (especially

libssl1.0.0) and restart applications as soon as possible.

 

According to the currently available information, private keys should be

considered as compromised and regenerated as soon as possible. More

details will be communicated at a later time.

 

The oldstable distribution (squeeze) is not affected by this

vulnerability.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.0.1e-2+deb7u6.

 

For the unstable distribution (sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2897-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 08, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tomcat7

CVE ID : CVE-2013-2067 CVE-2013-2071 CVE-2013-4286 CVE-2013-4322

CVE-2014-0050

 

Multiple security issues were found in the Tomcat servlet and JSP engine:

 

CVE-2013-2067

 

FORM authentication associates the most recent request requiring

authentication with the current session. By repeatedly sending a request

for an authenticated resource while the victim is completing the login

form, an attacker could inject a request that would be executed using the

victim's credentials.

 

CVE-2013-2071

 

A runtime exception in AsyncListener.onComplete() prevents the request from

being recycled. This may expose elements of a previous request to a current

request.

 

CVE-2013-4286

 

Reject requests with multiple content-length headers or with a content-length

header when chunked encoding is being used.

 

CVE-2013-4322

 

When processing a request submitted using the chunked transfer encoding,

Tomcat ignored but did not limit any extensions that were included. This allows

a client to perform a limited denial of service. by streaming an unlimited amount

of data to the server.

 

CVE-2014-0050

 

Multipart requests with a malformed Content-Type header could trigger an

infinite loop causing a denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 7.0.28-4+deb7u1.

 

For the testing distribution (jessie), these problems have been fixed in

version 7.0.52-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 7.0.52-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2897-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 09, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : imagemagick

CVE ID : CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

 

Several buffer overflows were found in Imagemagick, a suite of image

manipulation programs. Processing malformed PSD files could lead to the

execution of arbitrary code.

 

For the oldstable distribution (squeeze), these problems have been fixed

in version 8:6.6.0.4-3+squeeze4.

 

For the stable distribution (wheezy), these problems have been fixed in

version 8:6.7.7.10-5+deb7u3.

 

For the testing distribution (jessie), these problems have been fixed in

version 8:6.7.7.10+dfsg-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 8:6.7.7.10+dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2899-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

April 09, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openafs

CVE ID : CVE-2014-0159

 

Michael Meffie discovered that in OpenAFS, a distributed filesystem,

an attacker with the ability to connect to an OpenAFS fileserver can

trigger a buffer overflow, crashing the fileserver, and potentially

permitting the execution of arbitrary code.

 

In addition, this update addresses a minor denial of service issue:

the listerer thread of the server will hang for about one second when

receiving an invalid packet, giving the opportunity to slow down

the server to an unusable state by sending such packets.

 

For the oldstable distribution (squeeze), this problem has been fixed

in version 1.4.12.1+dfsg-4+squeeze3.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.6.1-3+deb7u2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.6.7-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2900-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 10, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jbigkit

CVE ID : CVE-2013-6369

 

Florian Weimer of the Red Hat product security team discovered multiple

buffer overflows in jbigkit, which could lead to the execution of

arbitrary code when processing malformed images.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.0-2+deb7u1.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2901-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 12, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wordpress

CVE ID : CVE-2014-0165 CVE-2014-0166

Debian Bug : 744018

 

Several vulnerabilities were discovered in Wordpress, a web blogging

tool. The Common Vulnerabilities and Exposures project identifies the

following problems:

 

CVE-2014-0165

 

A user with a contributor role, using a specially crafted

request, can publish posts, which is reserved for users of the

next-higher role.

 

CVE-2014-0166

 

Jon Cave of the WordPress security team discovered that the

wp_validate_auth_cookie function in wp-includes/pluggable.php does

not properly determine the validity of authentication cookies,

allowing a remote attacker to obtain access via a forged cookie.

 

For the oldstable distribution (squeeze), these problems have been fixed

in version 3.6.1+dfsg-1~deb6u2.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.6.1+dfsg-1~deb7u2.

 

For the testing distribution (jessie), these problems have been fixed in

version 3.8.2+dfsg-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 3.8.2+dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2902-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 13, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : curl

CVE ID : CVE-2014-0138 CVE-2014-0139

Debian Bug : 742728

 

Two vulnerabilities have been discovered in cURL, an URL transfer

library. The Common Vulnerabilities and Exposures project identifies the

following problems:

 

CVE-2014-0138

 

Steve Holme discovered that libcurl can in some circumstances re-use

the wrong connection when asked to do transfers using other

protocols than HTTP and FTP.

 

CVE-2014-0139

 

Richard Moore from Westpoint Ltd. reported that libcurl does not

behave compliant to RFC 2828 under certain conditions and

incorrectly validates wildcard SSL certificates containing literal

IP addresses.

 

For the oldstable distribution (squeeze), these problems have been fixed in

version 7.21.0-2.1+squeeze8.

 

For the stable distribution (wheezy), these problems have been fixed in

version 7.26.0-1+wheezy9.

 

For the testing distribution (jessie), these problems have been fixed in

version 7.36.0-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 7.36.0-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2903-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

April 14, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : strongswan

CVE ID : CVE-2014-2338

 

An authentication bypass vulnerability was found in charon, the daemon

handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine

handling the security association (IKE_SA) handled some state transitions

incorrectly.

 

An attacker can trigger the vulnerability by rekeying an unestablished

IKE_SA during the initiation itself. This will trick the IKE_SA state to

'established' without the need to provide any valid credential.

 

Vulnerable setups include those actively initiating IKEv2 IKE_SA (like

”clients” or “roadwarriors”) but also during re-authentication (which

can be initiated by the responder). Installations using IKEv1 (pluto

daemon in strongSwan 4 and earlier, and IKEv1 code in charon 5.x) is not

affected.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 4.4.1-5.5.

 

For the stable distribution (wheezy), this problem has been fixed in

version 4.5.2-1.5+deb7u3.

 

For the unstable distribution (sid), this problem has been fixed in

version 5.1.2-4.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2904-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 15, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : virtualbox

CVE ID : CVE-2014-0981 CVE-2014-0983

 

Francisco Falcon discovered that missing input sanisiting in the 3D

acceleration code in VirtualBox could lead to the execution of arbitrary

code on the host system.

 

For the oldstable distribution (squeeze), these problems have been fixed in

version 3.2.10-dfsg-1+squeeze3.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.1.18-dfsg-2+deb7u3.

 

For the testing distribution (jessie), these problems have been fixed in

version 4.3.10-dfsg-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.3.10-dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2905-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

April 15, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium-browser

CVE ID : CVE-2014-1716 CVE-2014-1717 CVE-2014-1718 CVE-2014-1719

CVE-2014-1720 CVE-2014-1721 CVE-2014-1722 CVE-2014-1723

CVE-2014-1724 CVE-2014-1725 CVE-2014-1726 CVE-2014-1727

CVE-2014-1728 CVE-2014-1729

 

Several vulnerabilities were discovered in the chromium web browser.

 

CVE-2014-1716

 

A cross-site scripting issue was discovered in the v8 javascript

library.

 

CVE-2014-1717

 

An out-of-bounds read issue was discovered in the v8 javascript

library.

 

CVE-2014-1718

 

Aaron Staple discovered an integer overflow issue in chromium's

software compositor.

 

CVE-2014-1719

 

Colin Payne discovered a use-after-free issue in the web workers

implementation.

 

CVE-2014-1720

 

cloudfuzzer discovered a use-after-free issue in the Blink/Webkit

document object model implementation.

 

CVE-2014-1721

 

Christian Holler discovered a memory corruption issue in the v8

javascript library.

 

CVE-2014-1722

 

miaubiz discovered a use-after-free issue in block rendering.

 

CVE-2014-1723

 

George McBay discovered a url spoofing issue.

 

CVE-2014-1724

 

Atte Kettunen discovered a use-after-free issue in freebsoft's

libspeechd library.

 

Because of this issue, the text-to-speech feature is now disabled

by default ("--enable-speech-dispatcher" at the command-line can

re-enable it).

 

CVE-2014-1725

 

An out-of-bounds read was discovered in the base64 implementation.

 

CVE-2014-1726

 

Jann Horn discovered a way to bypass the same origin policy.

 

CVE-2014-1727

 

Khalil Zhani discovered a use-after-free issue in the web color

chooser implementation.

 

CVE-2014-1728

 

The Google Chrome development team discovered and fixed multiple

issues with potential security impact.

 

CVE-2014-1729

 

The Google Chrome development team discovered and fixed multiple

issues in version 3.24.35.22 of the v8 javascript library.

 

For the stable distribution (wheezy), these problems have been fixed in

version 34.0.1847.116-1~deb7u1.

 

For the testing distribution (jessie), these problems will be fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 34.0.1847.116-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2907-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 16, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

This is an advance notice that regular security support for Debian

GNU/Linux 6.0 (code name "squeeze") will be terminated on the 31st of

May.

 

However, we're happy to announce that security support for squeeze is

going to be extended until February 2016, i.e. five years after the

initial release. This effort is driven by various interested parties /

companies which require longer security support. See the "LTS" section

of https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html

for the initial announcement.

 

The details are currently being sorted out and a more detailed

announcement will be made soon.

 

Brief advance FAQ (but you should really wait for the more detailed

announcement):

 

Q: What's the difference between regular security support and the LTS

support?

A: squeeze-lts is only going to support i386 and amd64. If you're

running a different architecture you need to upgrade to Debian 7

(wheezy). Also there are going to be a few packages which will not

be supported in squeeze-lts (e.g. a few web-based applications

which cannot be supported for five years). There will be a tool to

detect such unsupported packages.

 

Q: Does this mean that Debian 7 (wheezy) and/or Debian 8 (jessie) will

have five years security support as well?

A: Likely, we'll see how squeeze-lts turns out. If there's sufficient

support it will be continued for later releases as well. Also, see

below.

 

Q: Is additional help needed?

A: Absolutely. squeeze-lts is not handled by the Debian security team,

but by a separate group of volunteers and companies interested in

making it a success (with some overlap in people involved). So, if

you're a company using Debian and seeing a benefit in security

support for five years, get in touch with team@security.debian.org

and we'll see how you can help (if you e.g. don't have the manpower /

know how but are willing to contribute, we can point you to a list

of Debian consultants)

 

Mailing list: debian-security-announce@lists.debian.org

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2908-1 security@debian.org

http://www.debian.org/security/ Raphael Geissert

April 17, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

CVE ID : CVE-2010-5298 CVE-2014-0076

Debian Bug : 742923

 

Multiple vulnerabilities have been discovered in OpenSSL. The following

Common Vulnerabilities and Exposures project ids identify them:

 

CVE-2010-5298

 

A read buffer can be freed even when it still contains data that is

used later on, leading to a use-after-free. Given a race condition in a

multi-threaded application it may permit an attacker to inject data from

one connection into another or cause denial of service.

 

CVE-2014-0076

 

ECDSA nonces can be recovered through the Yarom/Benger FLUSH+RELOAD

cache side-channel attack.

 

A third issue, with no CVE id, is the missing detection of the

"critical" flag for the TSA extended key usage under certain cases.

 

 

Additionally, this update checks for more services that might need to

be restarted after upgrades of libssl, corrects the detection of

apache2 and postgresql, and adds support for the

'libraries/restart-without-asking' debconf configuration. This allows

services to be restarted on upgrade without prompting.

 

 

The oldstable distribution (squeeze) is not affected by CVE-2010-5298

and it might be updated at a later time to address the remaining

vulnerabilities.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.0.1e-2+deb7u7.

 

For the testing distribution (jessie), these problems will be fixed

soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.0.1g-3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2909-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 18, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu

CVE ID : CVE-2014-0150

Debian Bug : 744221

 

Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the

way qemu processed MAC addresses table update requests from the guest.

 

A privileged guest user could use this flaw to corrupt qemu process

memory on the host, which could potentially result in arbitrary code

execution on the host with the privileges of the qemu process.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 0.12.5+dfsg-3squeeze4.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.1.2+dfsg-6a+deb7u1.

 

For the testing distribution (jessie), this problem has been fixed in

version 1.7.0+dfsg-8.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.7.0+dfsg-8.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2910-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 18, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu-kvm

CVE ID : CVE-2014-0150

 

Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the

way qemu processed MAC addresses table update requests from the guest.

 

A privileged guest user could use this flaw to corrupt qemu process

memory on the host, which could potentially result in arbitrary code

execution on the host with the privileges of the qemu process.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 0.12.5+dfsg-5+squeeze11.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.1.2+dfsg-6+deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2901-2 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

April 18, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wordpress

CVE ID : CVE-2014-0165 CVE-2014-0166

Debian Bug : 744018

 

The update for wordpress in DSA 2901 caused a regression in the Quick

Drafts functionality. This update corrects that problem. For reference,

the original advisory text follows.

 

Several vulnerabilities were discovered in Wordpress, a web blogging

tool. The Common Vulnerabilities and Exposures project identifies the

following problems:

 

CVE-2014-0165

 

A user with a contributor role, using a specially crafted

request, can publish posts, which is reserved for users of the

next-higher role.

 

CVE-2014-0166

 

Jon Cave of the WordPress security team discovered that the

wp_validate_auth_cookie function in wp-includes/pluggable.php does

not properly determine the validity of authentication cookies,

allowing a remote attacker to obtain access via a forged cookie.

 

For the oldstable distribution (squeeze), these problems have been fixed

in version 3.6.1+dfsg-1~deb6u3.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.6.1+dfsg-1~deb7u3.

 

For the unstable distribution (sid), these problems have been fixed in

version 3.8.3+dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2895-2 security@debian.org

http://www.debian.org/security/ Luciano Bello

April 21, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : prosody

CVE ID : CVE-2014-2744 CVE-2014-2745

Debian Bug : 743836

 

The update for prosody in DSA 2895 caused a regression when a client

logins with the compression functionality activated. This update corrects

that problem. For reference, the original advisory text follows.

 

A denial-of-service vulnerability has been reported in Prosody, a XMPP

server. If compression is enabled, an attacker might send highly-com-

pressed XML elements (attack known as "zip bomb") over XMPP streams and

consume all the resources of the server.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.8.2-4+deb7u2 of prosody.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2901-3 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 21, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wordpress

CVE ID : CVE-2014-0165 CVE-2014-0166

Debian Bug : 744018

 

The update of wordpress in DSA-2901-2 introduced a wrong versioned

dependency on libjs-cropper, making the package uninstallable in the

oldstable distribution (squeeze). This update corrects that problem.

 

For reference the original advisory text follows.

 

Several vulnerabilities were discovered in Wordpress, a web blogging

tool. The Common Vulnerabilities and Exposures project identifies the

following problems:

 

CVE-2014-0165

 

A user with a contributor role, using a specially crafted

request, can publish posts, which is reserved for users of the

next-higher role.

 

CVE-2014-0166

 

Jon Cave of the WordPress security team discovered that the

wp_validate_auth_cookie function in wp-includes/pluggable.php does

not properly determine the validity of authentication cookies,

allowing a remote attacker to obtain access via a forged cookie.

 

For the oldstable distribution (squeeze), this problem has been fixed

in version 3.6.1+dfsg-1~deb6u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2911-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 22, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

CVE ID : CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508

CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513

CVE-2014-1514

 

Multiple security issues have been found in Icedove, Debian's version of

the Mozilla Thunderbird mail and news client. Multiple memory safety

errors, out of bound reads, use-after-frees and other implementation

errors may lead to the execution of arbitrary code, information

disclosure or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 24.4.0-1~deb7u1. This updates Icedove to the Extended Support

Release (ESR) branch 24. An updated and compatible version of Enigmail

is included with this update.

 

For the testing distribution (jessie), these problems have been fixed in

version 24.4.0esr-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 24.4.0esr-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2808-2 security@debian.org

http://www.debian.org/security/ Raphael Geissert

April 22, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjpeg

 

A regression in the decoding of chroma-subsampled images in OpenJPEG

was introduced by one of the patches for CVE-2013-6045. This update

fixes the regression.

 

For reference, the original text of DSA-2808-1 is reproduced below:

 

Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000

image library, that may lead to denial of service (CVE-2013-1447) via

application crash or high memory consumption, possible code execution

through heap buffer overflows (CVE-2013-6045), information disclosure

(CVE-2013-6052), or yet another heap buffer overflow that only appears

to affect OpenJPEG 1.3 (CVE-2013-6054).

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 1.3+dfsg-4+squeeze3.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.3+dfsg-4.8.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2912-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 24, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-6

CVE ID : CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452

CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458

CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0462

CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403

CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421

CVE-2014-2423 CVE-2014-2427

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in the execution

of arbitrary code, breakouts of the Java sandbox, information disclosure

or denial of service.

 

For the oldstable distribution (squeeze), these problems have been fixed

in version 6b31-1.13.3-1~deb6u1.

 

For the stable distribution (wheezy), these problems have been fixed in

version 6b31-1.13.3-1~deb7u1.

 

For the testing distribution (jessie), these problems have been fixed in

version 6b31-1.13.3-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 6b31-1.13.3-1.

 

- ----------------------------------------------------------------------

Debian Security Advisory DSA-2906-1 security@debian.org

http://www.debian.org/security/ Dann Frazier

April 24, 2014 http://www.debian.org/security/faq

- ----------------------------------------------------------------------

 

Package : linux-2.6

Vulnerability : privilege escalation/denial of service/information leak

Problem type : local/remote

Debian-specific: no

CVE Id(s) : CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893

CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4512

CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6381

CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7264

CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-1444

CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2039

CVE-2014-2523 CVE-2103-2929

 

Several vulnerabilities have been discovered in the Linux kernel that may lead

to a denial of service, information leak or privilege escalation. The Common

Vulnerabilities and Exposures project identifies the following problems:

 

CVE-2013-0343

 

George Kargiotakis reported an issue in the temporary address handling

of the IPv6 privacy extensions. Users on the same LAN can cause a denial

of service or obtain access to sensitive information by sending router

advertisement messages that cause temporary address generation to be

disabled.

 

CVE-2013-2147

 

Dan Carpenter reported issues in the cpqarray driver for Compaq

Smart2 Controllers and the cciss driver for HP Smart Array controllers

allowing users to gain access to sensitive kernel memory.

 

CVE-2013-2889

 

Kees Cook discovered missing input sanitization in the HID driver for

Zeroplus game pads that could lead to a local denial of service.

 

CVE-2013-2893

 

Kees Cook discovered that missing input sanitization in the HID driver

for various Logitech force feedback devices could lead to a local denial

of service.

 

CVE-2013-2929

 

Vasily Kulikov discovered that a flaw in the get_dumpable() function of

the ptrace subsytsem could lead to information disclosure. Only systems

with the fs.suid_dumpable sysctl set to a non-default value of '2' are

vulnerable.

 

CVE-2013-4162

 

Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets

using the UDP_CORK option could result in denial of service.

 

CVE-2013-4299

 

Fujitsu reported an issue in the device-mapper subsystem. Local users

could gain access to sensitive kernel memory.

 

CVE-2013-4345

 

Stephan Mueller found in bug in the ANSI pseudo random number generator

which could lead to the use of less entropy than expected.

 

CVE-2013-4512

 

Nico Golde and Fabian Yamaguchi reported an issue in the user mode

linux port. A buffer overflow condition exists in the write method

for the /proc/exitcode file. Local users with sufficient privileges

allowing them to write to this file could gain further elevated

privileges.

 

CVE-2013-4587

 

Andrew Honig of Google reported an issue in the KVM virtualization

subsystem. A local user could gain elevated privileges by passing

a large vcpu_id parameter.

 

CVE-2013-6367

 

Andrew Honig of Google reported an issue in the KVM virtualization

subsystem. A divide-by-zero condition could allow a guest user to

cause a denial of service on the host (crash).

 

CVE-2013-6380

 

Mahesh Rajashekhara reported an issue in the aacraid driver for storage

products from various vendors. Local users with CAP_SYS_ADMIN privileges

could gain further elevated privileges.

 

CVE-2013-6381

 

Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet

device support for s390 systems. Local users could cause a denial of

service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL

ioctl.

 

CVE-2013-6382

 

Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem.

Local users with CAP_SYS_ADMIN privileges could gain further elevated

privileges.

 

CVE-2013-6383

 

Dan Carpenter reported an issue in the aacraid driver for storage devices

from various vendors. A local user could gain elevated privileges due to

a missing privilege level check in the aac_compat_ioctl function.

 

CVE-2013-7263 CVE-2013-7264 CVE-2013-7265

 

mpb reported an information leak in the recvfrom, recvmmsg and recvmsg

system calls. A local user could obtain access to sensitive kernel memory.

 

CVE-2013-7339

 

Sasha Levin reported an issue in the RDS network protocol over Infiniband.

A local user could cause a denial of service condition.

 

CVE-2014-0101

 

Nokia Siemens Networks reported an issue in the SCTP network protocol

subsystem. Remote users could cause a denial of service (NULL pointer

dereference).

 

CVE-2014-1444

 

Salva Peiro reported an issue in the FarSync WAN driver. Local users

with the CAP_NET_ADMIN capability could gain access to sensitive kernel

memory.

 

CVE-2014-1445

 

Salva Peiro reported an issue in the wanXL serial card driver. Local

users could gain access to sensitive kernel memory.

 

CVE-2014-1446

 

Salva Peiro reported an issue in the YAM radio modem driver. Local users

with the CAP_NET_ADMIN capability could gain access to sensitive kernel

memory.

 

CVE-2014-1874

 

Matthew Thode reported an issue in the SELinux subsystem. A local user

with CAP_MAC_ADMIN privileges could cause a denial of service by setting

an empty security context on a file.

 

CVE-2014-2039

 

Martin Schwidefsky reported an issue on s390 systems. A local user

could cause a denial of service (kernel oops) by executing an application

with a linkage stack instruction.

 

CVE-2014-2523

 

Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp

module. Remote users could cause a denial of service (system crash)

or potentially gain elevated privileges.

 

For the oldstable distribution (squeeze), this problem has been fixed in

version 2.6.32-48squeeze5.

 

The following matrix lists additional source packages that were rebuilt for

compatibility with or to take advantage of this update:

 

Debian 6.0 (squeeze)

user-mode-linux 2.6.32-1um-4+48squeeze5

 

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

 

Note: Debian carefully tracks all known security issues across every

linux kernel package in all releases under active security support.

However, given the high frequency at which low-severity security

issues are discovered in the kernel and the resource requirements of

doing an update, updates for lower priority issues will normally not

be released for all kernels at the same time. Rather, they will be

released in a staggered or "leap-frog" fashion.

Link to post
Share on other sites

×
×
  • Create New...