Jump to content

Bruno

Recommended Posts

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3031-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

September 23, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : apt

CVE ID : CVE-2014-6273

 

The Google Security Team discovered a buffer overflow vulnerability in

the HTTP transport code in apt-get. An attacker able to

man-in-the-middle a HTTP request to an apt repository can trigger the

buffer overflow, leading to a crash of the 'http' apt method binary, or

potentially to arbitrary code execution.

 

Two regression fixes were included in this update:

 

* Fix regression from the previous update in DSA-3025-1 when the custom

apt configuration option for Dir::state::lists is set to a relative

path (#762160).

 

* Fix regression in the reverificaiton handling of cdrom: sources that

may lead to incorrect hashsum warnings. Affected users need to run

"apt-cdrom add" again after the update was applied.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.9.7.9+deb7u5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3032-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

September 24, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bash

CVE ID : CVE-2014-6271

 

Stephane Chazelas discovered a vulnerability in bash, the GNU

Bourne-Again Shell, related to how environment variables are

processed. In many common configurations, this vulnerability is

exploitable over the network, especially if bash has been configured

as the system shell.

 

For the stable distribution (wheezy), this problem has been fixed in

version 4.2+dfsg-0.1+deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3033-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

September 25, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nss

CVE ID : CVE-2014-1568

 

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS

(the Mozilla Network Security Service library) was parsing ASN.1 data

used in signatures, making it vulnerable to a signature forgery attack.

 

An attacker could craft ASN.1 data to forge RSA certificates with a

valid certification chain to a trusted CA.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2:3.14.5-1+deb7u2.

 

For the testing distribution (jessie), this problem has been fixed in

version 2:3.17.1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2:3.17.1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3034-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

September 25, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2014-1568

 

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS

(the Mozilla Network Security Service library, embedded in Wheezy's

Iceweasel package), was parsing ASN.1 data used in signatures, making it

vulnerable to a signature forgery attack.

 

An attacker could craft ASN.1 data to forge RSA certificates with a

valid certification chain to a trusted CA.

 

For the stable distribution (wheezy), this problem has been fixed in

version 24.8.1esr-1~deb7u1.

 

For the testing distribution (jessie) and unstable distribution (sid),

Iceweasel uses the system NSS library, handled in DSA 3033-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3035-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

September 25, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bash

CVE ID : CVE-2014-7169

Debian Bug : 762760 762761

 

Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271

released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was

incomplete and could still allow some characters to be injected into

another environment (CVE-2014-7169). With this update prefix and suffix

for environment variable names which contain shell functions are added

as hardening measure.

 

Additionally two out-of-bounds array accesses in the bash parser are

fixed which were revealed in Red Hat's internal analysis for these

issues and also independently reported by Todd Sabin.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.2+dfsg-0.1+deb7u3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3036-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

September 26, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mediawiki

Debian Bug : 762754

 

It was discovered that MediaWiki, a wiki engine, did not sufficiently

filter CSS in uploaded SVG files, allowing for cross site scripting.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1:1.19.19+dfsg-0+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:1.19.19+dfsg-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3037-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

September 26, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

CVE ID : CVE-2014-1568

 

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the

Mozilla Network Security Service library, embedded in Wheezy's Icedove),

was parsing ASN.1 data used in signatures, making it vulnerable to a

signature forgery attack.

 

An attacker could craft ASN.1 data to forge RSA certificates with a valid

certification chain to a trusted CA.

 

For the stable distribution (wheezy), this problem has been fixed in

version 24.8.1esr-1~deb7u1.

 

For the testing distribution (jessie) and unstable distribution (sid),

Icedove uses the system NSS library, handled in DSA 3033-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3038-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

September 27, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libvirt

CVE ID : CVE-2014-0179 CVE-2014-3633

Debian Bug : 762203

 

Several vulnerabilities were discovered in Libvirt, a virtualisation

abstraction library. The Common Vulnerabilities and Exposures project

identifies the following problems:

 

CVE-2014-0179

 

Richard Jones and Daniel P. Berrange found that libvirt passes the

XML_PARSE_NOENT flag when parsing XML documents using the libxml2

library, in which case all XML entities in the parsed documents are

expanded. A user able to force libvirtd to parse an XML document

with an entity pointing to a special file that blocks on read access

could use this flaw to cause libvirtd to hang indefinitely,

resulting in a denial of service on the system.

 

CVE-2014-3633

 

Luyao Huang of Red Hat found that the qemu implementation of

virDomainGetBlockIoTune computed an index into the array of disks

for the live definition, then used it as the index into the array of

disks for the persistent definition, which could result into an

out-of-bounds read access in qemuDomainGetBlockIoTune().

 

A remote attacker able to establish a read-only connection to

libvirtd could use this flaw to crash libvirtd or, potentially, leak

memory from the libvirtd process.

 

For the stable distribution (wheezy), these problems have been fixed in

version 0.9.12.3-1+deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.2.8-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3039-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

September 28, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium-browser

CVE ID : CVE-2014-3160 CVE-2014-3162 CVE-2014-3165 CVE-2014-3166

CVE-2014-3167 CVE-2014-3168 CVE-2014-3169 CVE-2014-3170

CVE-2014-3171 CVE-2014-3172 CVE-2014-3173 CVE-2014-3174

CVE-2014-3175 CVE-2014-3176 CVE-2014-3177 CVE-2014-3178

CVE-2014-3179

 

Several vulnerabilities were discovered in the chromium web browser.

 

CVE-2014-3160

 

Christian Schneider discovered a same origin bypass issue in SVG

file resource fetching.

 

CVE-2014-3162

 

The Google Chrome development team addressed multiple issues with

potential security impact for chromium 36.0.1985.125.

 

CVE-2014-3165

 

Colin Payne discovered a use-after-free issue in the Web Sockets

implementation.

 

CVE-2014-3166

 

Antoine Delignat-Lavaud discovered an information leak in the SPDY

protocol implementation.

 

CVE-2014-3167

 

The Google Chrome development team addressed multiple issues with

potential security impact for chromium 36.0.1985.143.

 

CVE-2014-3168

 

cloudfuzzer discovered a use-after-free issue in SVG image file

handling.

 

CVE-2014-3169

 

Andrzej Dyjak discovered a use-after-free issue in the Webkit/Blink

Document Object Model implementation.

 

CVE-2014-3170

 

Rob Wu discovered a way to spoof the url of chromium extensions.

 

CVE-2014-3171

 

cloudfuzzer discovered a use-after-free issue in chromium's v8

bindings.

 

CVE-2014-3172

 

Eli Grey discovered a way to bypass access restrictions using

chromium's Debugger extension API.

 

CVE-2014-3173

 

jmuizelaar discovered an uninitialized read issue in WebGL.

 

CVE-2014-3174

 

Atte Kettunen discovered an uninitialized read issue in Web Audio.

 

CVE-2014-3175

 

The Google Chrome development team addressed multiple issues with

potential security impact for chromium 37.0.2062.94.

 

CVE-2014-3176

 

lokihardt@asrt discovered a combination of flaws that can lead to

remote code execution outside of chromium's sandbox.

 

CVE-2014-3177

 

lokihardt@asrt discovered a combination of flaws that can lead to

remote code execution outside of chromium's sandbox.

 

CVE-2014-3178

 

miaubiz discovered a use-after-free issue in the Document Object

Model implementation in Blink/Webkit.

 

CVE-2014-3179

 

The Google Chrome development team addressed multiple issues with

potential security impact for chromium 37.0.2062.120.

 

For the stable distribution (wheezy), these problems have been fixed in

version 37.0.2062.120-1~deb7u1.

 

For the testing (jessie) and unstable (sid) distributions, these

problems have been fixed in version 37.0.2062.120-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3040-1 security@debian.org

http://www.debian.org/security/

September 30, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : rsyslog

CVE ID : CVE-2014-3634

 

Rainer Gerhards, the rsyslog project leader, reported a vulnerability in

Rsyslog, a system for log processing. As a consequence of this

vulnerability an attacker can send malformed messages to a server, if

this one accepts data from untrusted sources, and trigger a denial of

service attack.

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.8.11-3+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 8.4.1-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3041-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 01, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xen

CVE ID : CVE-2013-2072 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156

CVE-2014-7188

 

Multiple security issues have been discovered in the Xen virtualisation

solution which may result in denial of service, information disclosure

or privilege escalation.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.1.4-3+deb7u3.

 

For the unstable distribution (sid), these problems will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3042-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 04, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : exuberant-ctags

CVE ID : CVE-2014-7204

 

Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool

to build tag file indexes of source code definitions: Certain Javascript

files cause ctags to enter an infinite loop until it runs out of disk

space, resulting in denial of service.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1:5.9~svn20110310-4+deb7u1.

 

For the testing distribution (jessie), this problem has been fixed in

version 1:5.9~svn20110310-8.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:5.9~svn20110310-8.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3044-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 04, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu-kvm

CVE ID : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145

CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223

CVE-2014-3615 CVE-2014-3640

 

Several vulnerabilities were discovered in qemu-kvm, a full

virtualization solution on x86 hardware:

 

* Various security issues have been found in the block qemu drivers.

Malformed disk images might result in the execution of arbitrary code.

* A NULL pointer dereference in SLIRP may result in denial of service

* An information leak was discovered in the VGA emulation

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.1.2+dfsg-6+deb7u4.

 

For the unstable distribution (sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3045-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 04, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu

CVE ID : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145

CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223

CVE-2014-3615 CVE-2014-3640

 

Several vulnerabilities were discovered in qemu, a fast processor

emulator:

 

* Various security issues have been found in the block qemu drivers.

Malformed disk images might result in the execution of arbitrary code.

* A NULL pointer dereference in SLIRP may result in denial of service

* An information leak was discovered in the VGA emulation

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.1.2+dfsg-6a+deb7u4.

 

For the unstable distribution (sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3046-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

October 05, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mediawiki

CVE ID : CVE-2014-7295

 

It was reported that MediaWiki, a website engine for collaborative work,

allowed to load user-created CSS on pages where user-created Javascript

is not allowed. A wiki user could be tricked into performing actions by

manipulating the interface from CSS, or Javascript code being executed

from CSS, on security-wise sensitive pages like Special:Preferences and

Special:UserLogin. This update removes the separation of CSS and

Javascript module allowance.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1:1.19.20+dfsg-0+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:1.19.20+dfsg-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3047-1 security@debian.org

http://www.debian.org/security/ Luciano Bello

October 08, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : rsyslog

CVE ID : CVE-2014-3683

 

Mancha discovered a vulnerability in rsyslog, a system for log

processing. This vulnerability is an integer overflow that can be

triggered by malformed messages to a server, if this one accepts data

from untrusted sources, provoking message loss.

 

This vulnerability can be seen as an incomplete fix of CVE-2014-3634

(DSA 3040-1).

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.8.11-3+deb7u2.

 

For the testing distribution (jessie), this problem has been fixed in

version 8.4.2-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 8.4.2-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3048-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

October 08, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : apt

CVE ID : CVE-2014-7206

Debian Bug : 763780

 

Guillem Jover discovered that the changelog retrieval functionality in

apt-get used temporary files in an insecure way, allowing a local user

to cause arbitrary files to be overwritten.

 

This vulnerability is neutralized by the fs.protected_symlinks setting in

the Linux kernel, which is enabled by default in Debian 7 Wheezy and up.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.9.7.9+deb7u6.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.0.9.2.

Link to comment
Share on other sites

  • 2 weeks later...

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3049-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 14, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wireshark

CVE ID : CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6427

CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431

CVE-2014-6432

 

Multiple vulnerabilities were discovered in the dissectors/parsers for

RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial

of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.8.2-5wheezy12.

 

For the testing distribution (jessie), these problems have been fixed in

version 1.12.1+g01b65bf-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.12.1+g01b65bf-1.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3051-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 15, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : drupal7

CVE ID : CVE-2014-3704

 

Stefan Horst discovered a vulnerability in the Drupal database

abstraction API, which may result in SQL injection.

 

For the stable distribution (wheezy), this problem has been fixed in

version 7.14-2+deb7u7.

 

For the unstable distribution (sid), this problem has been fixed in

version 7.32-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3052-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

October 15, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wpa

CVE ID : CVE-2014-3686

Debian Bug : 765352

 

Jouni Malinen discovered an input sanitization issue in the wpa_cli and

hostapd_cli tools included in the wpa package. A remote wifi system

within range could provide a crafted string triggering arbitrary code

execution running with privileges of the affected wpa_cli or hostapd_cli

process.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.0-3+deb7u1.

 

For the testing distribution (jessie), this problem will be fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.3-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3053-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

October 16, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

CVE ID : CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

 

Several vulnerabilities have been found in OpenSSL, the Secure Sockets

Layer library and toolkit.

 

CVE-2014-3513

 

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure

Real-time Transport Protocol (SRTP) extension data. A remote attacker

could send multiple specially crafted handshake messages to exhaust

all available memory of an SSL/TLS or DTLS server.

 

CVE-2014-3566 ("POODLE")

 

A flaw was found in the way SSL 3.0 handled padding bytes when

decrypting messages encrypted using block ciphers in cipher block

chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)

attacker to decrypt a selected byte of a cipher text in as few as 256

tries if they are able to force a victim application to repeatedly send

the same data over newly created SSL 3.0 connections.

 

This update adds support for Fallback SCSV to mitigate this issue.

 

CVE-2014-3567

 

A memory leak flaw was found in the way an OpenSSL handled failed

session ticket integrity checks. A remote attacker could exhaust all

available memory of an SSL/TLS or DTLS server by sending a large number

of invalid session tickets to that server.

 

CVE-2014-3568

 

When OpenSSL is configured with "no-ssl3" as a build option, servers

could accept and complete a SSL 3.0 handshake, and clients could be

configured to send them.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.0.1e-2+deb7u13.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.0.1j-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3050-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 15, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578

CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586

 

Multiple security issues have been found in Iceweasel, Debian's version

of the Mozilla Firefox web browser: Multiple memory safety errors, buffer

overflows, use-after-frees and other implementation errors may lead to

the execution of arbitrary code, denial of service, the bypass of the

same-origin policy or a loss of privacy.

 

This update updates Iceweasel to the ESR31 series of Firefox. The new

release introduces a new user interface.

 

In addition, this update also disables SSLv3.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.2.0esr-2~deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.2.0esr-1.

 

For the experimental distribution, these problems have been fixed in

version 33.0-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3054-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

October 20, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mysql-5.5

CVE ID : CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463

CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484

CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496

CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520

CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559

Debian Bug : 765663

 

Several issues have been discovered in the MySQL database server. The

vulnerabilities are addressed by upgrading MySQL to the new upstream

version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's

Critical Patch Update advisory for further details:

 

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.5.40-0+wheezy1.

 

For the unstable distribution (sid), these problems will be fixed soon.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3055-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 23, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pidgin

CVE ID : CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698

 

Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol

instant messaging client:

 

CVE-2014-3694

 

It was discovered that the SSL/TLS plugins failed to validate the

basic constraints extension in intermediate CA certificates.

 

CVE-2014-3695

 

Yves Younan and Richard Johnson discovered that emotictons with

overly large length values could crash Pidgin.

 

CVE-2014-3696

 

Yves Younan and Richard Johnson discovered that malformed Groupwise

messages could crash Pidgin.

 

CVE-2014-3698

 

Thijs Alkemade and Paul Aurich discovered that malformed XMPP

messages could result in memory disclosure.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.10.10-1~deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.10.10-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3056-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

October 26, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libtasn1-3

CVE ID : CVE-2014-3467 CVE-2014-3468 CVE-2014-3469

 

Several vulnerabilities were discovered in libtasn1-3, a library that

manages ASN1 (Abstract Syntax Notation One) structures. An attacker

could use those to cause a denial-of-service via out-of-bounds access

or NULL pointer dereference.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.13-2+deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3057-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

October 26, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxml2

CVE ID : CVE-2014-3660

Debian Bug : 762864 765722 765770

 

Sogeti found a denial of service flaw in libxml2, a library providing

support to read, modify and write XML and HTML files. A remote attacker

could provide a specially crafted XML file that, when processed by an

application using libxml2, would lead to excessive CPU consumption

(denial of service) based on excessive entity substitutions, even if

entity substitution was disabled, which is the parser default behavior.

(CVE-2014-3660)

 

In addition, this update addresses a misapplied chunk for a patch

released in version 2.8.0+dfsg1-7+wheezy1 (#762864), and a memory leak

regression (#765770) introduced in version 2.8.0+dfsg1-7+nmu3.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.8.0+dfsg1-7+wheezy2.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.9.2+dfsg1-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3058-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

October 27, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : torque

CVE ID : CVE-2014-3684

Debian Bug : 763922

 

Chad Vizino reported a vulnerability in torque, a PBS-derived batch

processing queueing system. A non-root user could exploit the flaw in

the tm_adopt() library call to kill any process, including root-owned

ones on any node in a job.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.4.16+dfsg-1+deb7u4.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.4.16+dfsg-1.5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3050-2 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 28, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578

CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586

 

DSA-3050-1 updated the Iceweasel browser to the new ESR31 series of

Firefox. In that version the xulrunner library is no longer included.

This followup update provides xulrunner 24.8.1esr-2~deb7u1 in a separate

source package to ensure that packages build-depending on xulrunner

remain buildable.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3059-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 29, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dokuwiki

CVE ID : CVE-2014-8761 CVE-2014-8762 CVE-2014-8763 CVE-2014-8764

 

Two vulnerabilities have been discovered in dokuwiki. Access control in

the media manager was insufficiently restricted and authentication could

be bypassed when using Active Directory for LDAP authentication.

 

For the stable distribution (wheezy), these problems have been fixed in

version 0.0.20120125b-2+deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 0.0.20140929.a-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3060-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

October 31, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2014-3610 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646

CVE-2014-3647 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688

CVE-2014-3690 CVE-2014-7207

Debian Bug : 766195

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a denial of service:

 

CVE-2014-3610

 

Lars Bull of Google and Nadav Amit reported a flaw in how KVM

handles noncanonical writes to certain MSR registers. A privileged

guest user can exploit this flaw to cause a denial of service

(kernel panic) on the host.

 

CVE-2014-3611

 

Lars Bull of Google reported a race condition in in the PIT

emulation code in KVM. A local guest user with access to PIT i/o

ports could exploit this flaw to cause a denial of service (crash)

on the host.

 

CVE-2014-3645 / CVE-2014-3646

 

The Advanced Threat Research team at Intel Security discovered

that the KVM subsystem did not handle the VM exits gracefully

for the invept (Invalidate Translations Derived from EPT) and

invvpid (Invalidate Translations Based on VPID) instructions. On

hosts with an Intel processor and invept/invppid VM exit

support, an unprivileged guest user could use these instructions

to crash the guest.

 

CVE-2014-3647

 

Nadav Amit reported that KVM mishandles noncanonical addresses when

emulating instructions that change rip, potentially causing a failed

VM-entry. A guest user with access to I/O or the MMIO can use this

flaw to cause a denial of service (system crash) of the guest.

 

CVE-2014-3673

 

Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to

a kernel panic when receiving malformed ASCONF chunks. A remote

attacker could use this flaw to crash the system.

 

CVE-2014-3687

 

A flaw in the sctp stack was discovered leading to a kernel panic

when receiving duplicate ASCONF chunks. A remote attacker could use

this flaw to crash the system.

 

CVE-2014-3688

 

It was found that the sctp stack is prone to a remotely triggerable

memory pressure issue caused by excessive queueing. A remote

attacker could use this flaw to cause denial-of-service conditions

on the system.

 

CVE-2014-3690

 

Andy Lutomirski discovered that incorrect register handling in KVM

may lead to denial of service.

 

CVE-2014-7207

 

Several Debian developers reported an issue in the IPv6 networking

subsystem. A local user with access to tun or macvtap devices, or a

virtual machine connected to such a device, can cause a denial of

service (system crash).

 

This update includes a bug fix related to CVE-2014-7207 that disables

UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net

drivers. This will cause migration of a running VM from a host running

an earlier kernel version to a host running this kernel version to fail,

if the VM has been assigned a virtio network device. In order to migrate

such a VM, it must be shut down first.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.2.63-2+deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3061-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

October 31, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

CVE ID : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578

CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586

 

Multiple security issues have been found in Icedove, Debian's version of

the Mozilla Thunderbird mail and news client: Multiple memory safety

errors, buffer overflows, use-after-frees and other implementation

errors may lead to the execution of arbitrary code or denial of service.

 

This update updates Iceweasel to the ESR31 series of Thunderbird. In

addition Enigmail was updated to version 1.7.2-1~deb7u1 to ensure

compatibility with the new upstream release.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.2.0-1~deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.2.0-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3062-1 security@debian.org

http://www.debian.org/security/ Luciano Bello

November 01, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wget

CVE ID : CVE-2014-4877

Debian Bug : 766981

 

HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line

utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability

allows to create arbitrary files on the user's system when Wget runs in

recursive mode against a malicious FTP server. Arbitrary file creation

may override content of user's files or permit remote code execution with

the user privilege.

 

This update changes the default setting in Wget such that it no longer

creates local symbolic links, but rather traverses them and retrieves the

pointed-to file in such a retrieval.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.13.4-3+deb7u2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.16-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3063-1 security@debian.org

http://www.debian.org/security/ Luciano Bello

November 02, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : quassel

CVE ID : CVE-2014-8483

Debian Bug : 766962

 

An out-of-bounds read vulnerability was discovered in Quassel-core, one

of the components of the distributed IRC client Quassel. An attacker can

send a crafted message that crash to component causing a denial of

services or disclosure of information from process memory.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.8.0-1+deb7u3.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.10.0-2.1 (will be available soon).

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3064-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

November 04, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

CVE ID : CVE-2014-3668 CVE-2014-3669 CVE-2014-3670

 

Several vulnerabilities were found in PHP, a general-purpose scripting

language commonly used for web application development. It has been

decided to follow the stable 5.4.x releases for the Wheezy PHP packages.

Consequently the vulnerabilities are addressed by upgrading PHP to a new

upstream version 5.4.34, which includes additional bug fixes, new

features and possibly incompatible changes. Please refer to the upstream

changelog for more information:

 

http://php.net/ChangeLog-5.php#5.4.34

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.4.34-0+deb7u1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3065-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

November 06, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxml-security-java

CVE ID : CVE-2013-2172

Debian Bug : 720375

 

James Forshaw discovered that, in Apache Santuario XML Security for

Java, CanonicalizationMethod parameters were incorrectly validated:

by specifying an arbitrary weak canonicalization algorithm, an

attacker could spoof XML signatures.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.4.5-1+deb7u1.

 

For the testing distribution (jessie), this problem has been fixed in

version 1.5.5-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.5.5-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3066-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

November 06, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu

CVE ID : CVE-2014-3689 CVE-2014-7815

Debian Bug : 765496

 

Several vulnerabilities were discovered in qemu, a fast processor

emulator.

 

CVE-2014-3689

 

The Advanced Threat Research team at Intel Security reported that

guest provided parameter were insufficiently validated in

rectangle functions in the vmware-vga driver. A privileged guest

user could use this flaw to write into qemu address space on the

host, potentially escalating their privileges to those of the

qemu host process.

 

CVE-2014-7815

 

James Spadaro of Cisco reported insufficiently sanitized

bits_per_pixel from the client in the QEMU VNC display driver. An

attacker having access to the guest's VNC console could use this

flaw to crash the guest.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.1.2+dfsg-6a+deb7u5.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.1+dfsg-7.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3067-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

November 06, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu-kvm

CVE ID : CVE-2014-3689 CVE-2014-7815

 

Several vulnerabilities were discovered in qemu-kvm, a full

virtualization solution on x86 hardware.

 

CVE-2014-3689

 

The Advanced Threat Research team at Intel Security reported that

guest provided parameter were insufficiently validated in

rectangle functions in the vmware-vga driver. A privileged guest

user could use this flaw to write into qemu address space on the

host, potentially escalating their privileges to those of the

qemu host process.

 

CVE-2014-7815

 

James Spadaro of Cisco reported insufficiently sanitized

bits_per_pixel from the client in the QEMU VNC display driver. An

attacker having access to the guest's VNC console could use this

flaw to crash the guest.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.1.2+dfsg-6+deb7u5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3068-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 07, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : konversation

CVE ID : CVE-2014-8483

 

It was discovered that Konversation, an IRC client for KDE, could by

crashed when receiving malformed messages using FiSH encryption.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.4-1+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.5-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3069-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

November 07, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : curl

CVE ID : CVE-2014-3707

 

Symeon Paraschoudis discovered that the curl_easy_duphandle() function

in cURL, an URL transfer library, has a bug that can lead to libcurl

eventually sending off sensitive data that was not intended for sending,

while performing a HTTP POST operation.

 

This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be

used in that order, and then the duplicate handle must be used to

perform the HTTP POST. The curl command line tool is not affected by

this problem as it does not use this sequence.

 

For the stable distribution (wheezy), this problem has been fixed in

version 7.26.0-1+wheezy11.

 

For the upcoming stable distribution (jessie), this problem will be

fixed in version 7.38.0-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 7.38.0-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3070-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 07, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : kfreebsd-9

CVE ID : CVE-2014-3711 CVE-2014-3952 CVE-2014-3953 CVE-2014-8476

 

Several vulnerabilities have been discovered in the FreeBSD kernel that

may lead to a denial of service or information disclosure.

 

CVE-2014-3711

 

Denial of service through memory leak in sandboxed namei lookups.

 

CVE-2014-3952

 

Kernel memory disclosure in sockbuf control messages.

 

CVE-2014-3953

 

Kernel memory disclosure in SCTP. This update disables SCTP, since the

userspace tools shipped in Wheezy didn't support SCTP anyway.

 

CVE-2014-8476

 

Kernel stack disclosure in setlogin() and getlogin().

 

For the stable distribution (wheezy), these problems have been fixed in

version 9.0-10+deb70.8.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3071-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

November 11, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nss

CVE ID : CVE-2014-1544

 

In nss, a set of libraries designed to support cross-platform

development of security-enabled client and server applications, Tyson

Smith and Jesse Schwartzentruber discovered a use-after-free

vulnerability that allows remote attackers to execute arbitrary code by

triggering the improper removal of an NSSCertificate structure from a

trust domain.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2:3.14.5-1+deb7u3.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 2:3.16.3-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2:3.16.3-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3072-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

November 11, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : file

CVE ID : CVE-2014-3710

Debian Bug : 768806

 

Francisco Alonso of Red Hat Product Security found an issue in the file

utility: when checking ELF files, note headers are incorrectly checked,

thus potentially allowing attackers to cause a denial of service

(out-of-bounds read and application crash) by supplying a specially

crafted ELF file.

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.11-2+deb7u6.

 

For the upcoming stable distribution (jessie), this problem will be

fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:5.20-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3050-3 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

November 12, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578

CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586

 

The previous update for iceweasel in DSA-3050-1 did not contain builds

for the armhf architecture due to an error in the Debian packaging

specific to the armhf build. This update corrects that problem. For

reference, the original advisory text follows.

 

Multiple security issues have been found in Iceweasel, Debian's version

of the Mozilla Firefox web browser: Multiple memory safety errors,

buffer overflows, use-after-frees and other implementation errors may

lead to the execution of arbitrary code, denial of service, the bypass

of the same-origin policy or a loss of privacy.

 

This update updates Iceweasel to the ESR31 series of Firefox. The new

release introduces a new user interface.

 

In addition, this update also disables SSLv3.

 

For the stable distribution (wheezy), this problem has been fixed

in version 31.2.0esr-3~deb7u1.

Link to comment
Share on other sites

  • 2 weeks later...

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3073-1 security@debian.org

http://www.debian.or... Salvatore Bonaccorso

November 16, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libgcrypt11

CVE ID : CVE-2014-5270

 

Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal

encryption subkeys in applications using the libgcrypt11 library, for

example GnuPG 2.x, could be leaked via a side-channel attack.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.5.0-5+deb7u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3074-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

November 18, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

CVE ID : CVE-2014-3710

Debian Bug : 68283

 

Francisco Alonso of Red Hat Product Security found an issue in the file

utility, whose code is embedded in PHP, a general-purpose scripting

language. When checking ELF files, note headers are incorrectly

checked, thus potentially allowing attackers to cause a denial of

service (out-of-bounds read and application crash) by supplying a

specially crafted ELF file.

 

As announced in DSA-3064-1 it has been decided to follow the stable

5.4.x releases for the Wheezy php5 packages. Consequently the

vulnerability is addressed by upgrading PHP to a new upstream version

5.4.35, which includes additional bug fixes, new features and possibly

incompatible changes. Please refer to the upstream changelog for more

information:

 

http://php.net/ChangeLog-5.php#5.4.35

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.4.35-0+deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3074-2 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

November 19, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

 

The previous update for php5, DSA-3074-1, introduced regression in the

sessionclean cron script. The change was intended to fix a potential

symlink attack using filenames including the NULL character (Debian bug

#766147), but depended on sed package version too recent, not in Wheezy.

 

This update reverts the fix, so people are advised to keep kernel

symlink protection (sysctl fs.protected_symlinks=1) enabled as it is by

default on Wheezy, which is enough to prevent successful exploitation.

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.4.35-0+deb7u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3075-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

November 20, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : drupal7

CVE ID : CVE-2014-9015 CVE-2014-9016

 

Two vulnerabilities were discovered in Drupal, a fully-featured content

management framework. The Common Vulnerabilities and Exposures project

identifies the following issues:

 

CVE-2014-9015

 

Aaron Averill discovered that a specially crafted request can give a

user access to another user's session, allowing an attacker to

hijack a random session.

 

CVE-2014-9016

 

Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered

that the password hashing API allows an attacker to send

specially crafted requests resulting in CPU and memory

exhaustion. This may lead to the site becoming unavailable or

unresponsive (denial of service).

 

Custom configured session.inc and password.inc need to be audited as

well to verify if they are prone to these vulnerabilities. More

information can be found in the upstream advisory at

https://www.drupal.org/SA-CORE-2014-006

 

For the stable distribution (wheezy), these problems have been fixed in

version 7.14-2+deb7u8.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3076-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 25, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wireshark

CVE ID : CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713

CVE-2014-8714

 

Multiple vulnerabilities were discovered in the dissectors/parsers for

SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of

service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.8.2-5wheezy13.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 1.12.1+g01b65bf-2.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.12.1+g01b65bf-2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3077-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 26, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-6

CVE ID : CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506

CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519

CVE-2014-6531 CVE-2014-6558

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in the execution

of arbitrary code, information disclosure or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 6b33-1.13.5-2~deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3078-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

November 27, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libksba

CVE ID : CVE-2014-9087

Debian Bug : 770972

 

An integer underflow flaw, leading to a heap-based buffer overflow, was

found in the ksba_oid_to_str() function of libksba, an X.509 and CMS

(PKCS#7) library. By using special crafted S/MIME messages or ECC based

OpenPGP data, it is possible to create a buffer overflow, which could

cause an application using libksba to crash (denial of service), or

potentially, execute arbitrary code.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.2.0-2+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 1.3.2-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.3.2-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3079-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

November 28, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ppp

CVE ID : CVE-2014-3158

Debian Bug : 762789

 

A vulnerability was discovered in ppp, an implementation of the

Point-to-Point Protocol: an integer overflow in the routine

responsible for parsing user-supplied options potentially allows a

local attacker to gain root privileges.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.4.5-5.1+deb7u1.

 

For the upcoming stable distribution (jessie) and unstable

distribution (sid), this problem has been fixed in version 2.4.6-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3080-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

November 29, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-7

CVE ID : CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506

CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519

CVE-2014-6531 CVE-2014-6558

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in the execution

of arbitrary code, information disclosure or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 7u71-2.5.3-2~deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 7u71-2.5.3-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 7u71-2.5.3-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3081-1 security@debian.org

http://www.debian.org/security/ Luciano Bello

November 29, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libvncserver

CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054

CVE-2014-6055

Debian Bug : 762745

 

Several vulnerabilities have been discovered in libvncserver, a library to

implement VNC server functionality. These vulnerabilities might result in the

execution of arbitrary code or denial of service in both the client and the

server side.

 

For the stable distribution (wheezy), these problems have been fixed in

version 0.9.9+dfsg-1+deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 0.9.9+dfsg-6.1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3082-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

November 30, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : flac

CVE ID : CVE-2014-8962 CVE-2014-9028

Debian Bug : 770918

 

Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of

Red Hat, discovered two issues in flac, a library handling Free

Lossless Audio Codec media: by providing a specially crafted FLAC

file, an attacker could execute arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.2.1-6+deb7u1.

 

For the testing distribution (jessie) and unstable distribution (sid),

these problems have been fixed in version 1.3.0-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3083-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

November 30, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mutt

CVE ID : CVE-2014-9116

Debian Bug : 771125

 

A flaw was discovered in mutt, a text-based mailreader. A specially

crafted mail header could cause mutt to crash, leading to a denial of

service condition.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.5.21-6.2+deb7u3.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.5.23-2.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3084-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 01, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openvpn

CVE ID : CVE-2014-8104

 

Dragana Damjanovic discovered that an authenticated client could crash

an OpenVPN server by sending a control packet containing less than

four bytes as payload.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.2.1-8+deb7u3.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.3.4-5.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3085-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

December 03, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wordpress

CVE ID : CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035

CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039

Debian Bug : 770425

 

Multiple security issues have been discovered in Wordpress, a web

blogging tool, resulting in denial of service or information disclosure.

More information can be found in the upstream advisory at

https://wordpress.org/news/2014/11/wordpress-4-0-1/

 

CVE-2014-9031

 

Jouko Pynnonen discovered an unauthenticated cross site scripting

vulnerability (XSS) in wptexturize(), exploitable via comments or

posts.

 

CVE-2014-9033

 

Cross site request forgery (CSRF) vulnerability in the password

changing process, which could be used by an attacker to trick an

user into changing her password.

 

CVE-2014-9034

 

Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential

denial of service in the way the phpass library is used to handle

passwords, since no maximum password length was set.

 

CVE-2014-9035

 

John Blackbourn reported an XSS in the "Press This" function (used

for quick publishing using a browser "bookmarklet").

 

CVE-2014-9036

 

Robert Chapin reported an XSS in the HTML filtering of CSS in posts.

 

CVE-2014-9037

 

David Anderson reported a hash comparison vulnerability for

passwords stored using the old-style MD5 scheme. While unlikely,

this could be exploited to compromise an account, if the user had

not logged in after a Wordpress 2.5 update (uploaded to Debian on 2

Apr, 2008) and the password MD5 hash could be collided with due to

PHP dynamic comparison.

 

CVE-2014-9038

 

Ben Bidner reported a server side request forgery (SSRF) in the core

HTTP layer which unsufficiently blocked the loopback IP address

space.

 

CVE-2014-9039

 

Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a

vulnerability in the password reset process: an email address change

would not invalidate a previous password reset email.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.6.1+dfsg-1~deb7u5.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 4.0.1+dfsg-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.0.1+dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3086-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 03, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tcpdump

CVE ID : CVE-2014-8767 CVE-2014-8769 CVE-2014-9140

Debian Bug : 770424 770434

 

Several vulnerabilities have been discovered in tcpdump, a command-line

network traffic analyzer. These vulnerabilities might result in denial

of service, leaking sensitive information from memory or, potentially,

execution of arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.3.0-1+deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 4.6.2-3.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.6.2-3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3087-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 04, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu

CVE ID : CVE-2014-8106

 

Paolo Bonzini of Red Hat discovered that the blit region checks were

insufficient in the Cirrus VGA emulator in qemu, a fast processor

emulator. A privileged guest user could use this flaw to write into qemu

address space on the host, potentially escalating their privileges to

those of the qemu host process.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.1.2+dfsg-6a+deb7u6.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3088-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 04, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu-kvm

CVE ID : CVE-2014-8106

 

Paolo Bonzini of Red Hat discovered that the blit region checks were

insufficient in the Cirrus VGA emulator in qemu-kvm, a full

virtualization solution on x86 hardware. A privileged guest user could

use this flaw to write into qemu address space on the host, potentially

escalating their privileges to those of the qemu host process.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.1.2+dfsg-6+deb7u6.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3089-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 04, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jasper

CVE ID : CVE-2014-9029

Debian Bug : 772036

 

Josh Duart of the Google Security Team discovered heap-based buffer

overflow flaws in JasPer, a library for manipulating JPEG-2000 files,

which could lead to denial of service (application crash) or the

execution of arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed

in version 1.900.1-13+deb7u1.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3090-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 04, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593

CVE-2014-1594

 

Multiple security issues have been found in Iceweasel, Debian's version

of the Mozilla Firefox web browser: Multiple memory safety errors, buffer

overflows, use-after-frees and other implementation errors may lead to

the execution of arbitrary code, the bypass of security restrictions or

denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.3.0esr-1~deb7u1.

 

For the upcoming stable distribution (jessie), these problems will be

fixe soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.3.0esr-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3091-1 security@debian.org

http://www.debian.org/security/ Giuseppe Iuculano

December 07, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : getmail4

CVE ID : CVE-2014-7273 CVE-2014-7274 CVE-2014-7275

Debian Bug : 766670

 

Several vulnerabilities have been discovered in getmail4, a mail

retriever with support for POP3, IMAP4 and SDPS, that could allow

man-in-the-middle attacks.

 

CVE-2014-7273

 

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0

does not verify X.509 certificates from SSL servers, which allows

man-in-the-middle attackers to spoof IMAP servers and obtain

sensitive information via a crafted certificate.

 

CVE-2014-7274

 

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify

that the server hostname matches a domain name in the subject's

Common Name (CN) field of the X.509 certificate, which allows

man-in-the-middle attackers to spoof IMAP servers and obtain

sensitive information via a crafted certificate from a recognized

Certification Authority.

 

CVE-2014-7275

 

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0

does not verify X.509 certificates from SSL servers, which allows

man-in-the-middle attackers to spoof POP3 servers and obtain

sensitive information via a crafted certificate.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.46.0-1~deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 4.46.0-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.46.0-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3092-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 07, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

CVE ID : CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593

CVE-2014-1594

 

Multiple security issues have been found in Icedove, Debian's version of

the Mozilla Thunderbird mail and news client: Multiple memory safety

errors, buffer overflows, use-after-frees and other implementation errors

may lead to the execution of arbitrary code, the bypass of security

restrictions or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.3.0-1~deb7u1.

 

For the upcoming stable distribution (jessie), these problems will be

fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.3.0-1.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3093-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 08, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2014-7841 CVE-2014-8369 CVE-2014-8884 CVE-2014-9090

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a denial of service or privilege escalation:

 

CVE-2014-7841

 

Liu Wei of Red Hat discovered that a SCTP server doing ASCONF will

panic on malformed INIT chunks by triggering a NULL pointer

dereference.

 

CVE-2014-8369

 

A flaw was discovered in the way iommu mapping failures were handled

in the kvm_iommu_map_pages() function in the Linux kernel. A guest

OS user could exploit this flaw to cause a denial of service (host

OS memory corruption) or possibly have other unspecified impact on

the host OS.

 

CVE-2014-8884

 

A stack-based buffer overflow flaw was discovered in the

TechnoTrend/Hauppauge DEC USB driver. A local user with write access

to the corresponding device could use this flaw to crash the kernel

or, potentially, elevate their privileges.

 

CVE-2014-9090

 

Andy Lutomirski discovered that the do_double_fault function in

arch/x86/kernel/traps.c in the Linux kernel did not properly handle

faults associated with the Stack Segment (SS) segment register,

which allows local users to cause a denial of service (panic).

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.2.63-2+deb7u2. This update also includes fixes for regressions

introduced by previous updates.

 

For the unstable distribution (sid), these problems will be fixed soon

in version 3.16.7-ckt2-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3094-1 security@debian.org

http://www.debian.org/security/ Giuseppe Iuculano

December 08, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bind9

CVE ID : CVE-2014-8500

 

It was discovered that BIND, a DNS server, is prone to a denial of

service vulnerability.

By making use of maliciously-constructed zones or a rogue server, an

attacker can exploit an oversight in the code BIND 9 uses to follow

delegations in the Domain Name Service, causing BIND to issue unlimited

queries in an attempt to follow the delegation.

This can lead to resource exhaustion and denial of service

(up to and including termination of the named server process.)

 

For the stable distribution (wheezy), this problem has been fixed in

version 1:9.8.4.dfsg.P1-6+nmu2+deb7u3.

 

For the upcoming stable distribution (jessie), this problem will be

fixed soon.

 

For the unstable distribution (sid), this problem will be fixed soon.

  • Like 1
Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3095-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 10, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xorg-server

CVE ID : CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094

CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098

CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102

 

Ilja van Sprundel of IOActive discovered several security issues in the

X.org X server, which may lead to privilege escalation or denial of

service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.12.4-6+deb7u5.

 

For the upcoming stable distribution (jessie), these problems will be

fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 2:1.16.2.901-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3097-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

December 10, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : unbound

CVE ID : CVE-2014-8602

Debian Bug : 772622

 

Florian Maury from ANSSI discovered that unbound, a validating,

recursive, and caching DNS resolver, was prone to a denial of service

vulnerability. An attacker crafting a malicious zone and able to emit

(or make emit) queries to the server can trick the resolver into

following an endless series of delegations, leading to ressource

exhaustion and huge network usage.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.4.17-3+deb7u2.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 1.4.22-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.4.22-3.

Link to comment
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3096-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

December 11, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pdns-recursor

CVE ID : CVE-2014-8601

 

Florian Maury from ANSSI discovered a flaw in pdns-recursor, a

recursive DNS server : a remote attacker controlling

maliciously-constructed zones or a rogue server could affect the

performance of pdns-recursor, thus leading to resource exhaustion and

a potential denial-of-service.

 

For the stable distribution (wheezy), this problem has been fixed in

version 3.3-3+deb7u1.

 

For the upcoming stable distribution (jessie) and unstable

distribution (sid), this problem has been fixed in version 3.6.2-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3098-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 11, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : graphviz

CVE ID : CVE-2014-9157

Debian Bug : 772648

 

Joshua Rogers discovered a format string vulnerability in the yyerror

function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing

tools. An attacker could use this flaw to cause graphviz to crash or

possibly execute arbitrary code.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.26.3-14+deb7u2.

 

For the upcoming stable distribution (jessie), this problem will be

fixed soon in version 2.38.0-7.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.38.0-7.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3099-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 11, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dbus

CVE ID : CVE-2014-7824

 

Simon McVittie discovered that the fix for CVE-2014-3636 was

incorrect, as it did not fully address the underlying

denial-of-service vector. This update starts the D-Bus daemon as root

initially, so that it can properly raise its file descriptor count.

 

In addition, this update reverts the auth_timeout change in the

previous security update to its old value because the new value causes

boot failures on some systems. See the README.Debian file for details

how to harden the D-Bus daemon against malicious local users.

 

For the stable distribution (wheezy), these problem have been fixed in

version 1.6.8-1+deb7u5.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), these problem have been fixed in version 1.8.10-1.

Link to comment
Share on other sites

×
×
  • Create New...