Jump to content

Recommended Posts

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3100-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

December 12, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mediawiki

CVE ID : CVE-2014-9277

Debian Bug : 772764

 

A flaw was discovered in mediawiki, a wiki engine: cross-domain-policy

mangling allows an article editor to inject code into API consumers

that deserialize PHP representations of the page from the API.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.19.20+dfsg-0+deb7u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3101-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 13, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : c-icap

CVE ID : CVE-2013-7401 CVE-2013-7402

 

Several vulnerabilities were found in c-icap, an ICAP server

implementation, which could allow a remote attacker to cause c-icap to

crash, or have other, unspecified impacts.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1:0.1.6-1.1+deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 1:0.3.1-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:0.3.1-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3102-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 13, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libyaml

CVE ID : CVE-2014-9130

Debian Bug : 771366

 

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the

way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and

emitter library. An attacker able to load specially crafted YAML input

into an application using libyaml could cause the application to crash.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.1.4-2+deb7u5.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 0.1.6-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.1.6-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3103-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 13, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libyaml-libyaml-perl

CVE ID : CVE-2014-9130

Debian Bug : 771365

 

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the

way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and

emitter library. An attacker able to load specially crafted YAML input

into an application using libyaml could cause the application to crash.

 

This update corrects this flaw in the copy that is embedded in the

libyaml-libyaml-perl package.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.38-3+deb7u3.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 0.41-6.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.41-6.

Link to post
Share on other sites
  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

  • sunrat

    1557

  • V.T. Eric Layton

    171

  • securitybreach

    112

  • Bruno

    65

Top Posters In This Topic

Popular Posts

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 security@debian.org http://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3401-1 security@debian.org https://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4123-1 security@debian.org https://www.debian.org/security/

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3104-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 16, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bsd-mailx

CVE ID : CVE-2014-7844

 

It was discovered that bsd-mailx, an implementation of the "mail"

command, had an undocumented feature which treats syntactically valid

email addresses as shell commands to execute.

 

Users who need this feature can re-enable it using the "expandaddr" in

an appropriate mailrc file. This update also removes the obsolete -T

option. An older security vulnerability, CVE-2004-2771, had already

been addressed in the Debian's bsd-mailx package.

 

Note that this security update does not remove all mailx facilities

for command execution, though. Scripts which send mail to addresses

obtained from an untrusted source (such as a web form) should use the

"--" separator before the email addresses (which was fixed to work

properly in this update), or they should be changed to invoke

"mail -t" or "sendmail -i -t" instead, passing the recipient addresses

as part of the mail header.

 

For the stable distribution (wheezy), this problem has been fixed in

version 8.1.2-0.20111106cvs-1+deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3105-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 16, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : heirloom-mailx

CVE ID : CVE-2004-2771 CVE-2014-7844

 

Two security vulnerabilities were discovered in Heirloom mailx, an

implementation of the "mail" command:

 

CVE-2004-2771

 

mailx interprets interprets shell meta-characters in certain email

addresses.

 

CVE-2014-7844

 

An unexpected feature of mailx treats syntactically valid email

addresses as shell commands to execute.

 

Shell command execution can be re-enabled using the "expandaddr"

option.

 

Note that this security update does not remove all mailx facilities

for command execution, though. Scripts which send mail to addresses

obtained from an untrusted source (such as a web form) should use the

"--" separator before the email addresses (which was fixed to work

properly in this update), or they should be changed to invoke

"mail -t" or "sendmail -i -t" instead, passing the recipient addresses

as part of the mail header.

 

For the stable distribution (wheezy), these problems have been fixed in

version 12.5-2+deb7u1.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3106-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 20, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jasper

CVE ID : CVE-2014-8137 CVE-2014-8138

Debian Bug : 773463

 

Jose Duart of the Google Security Team discovered a double free flaw

(CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138)

in JasPer, a library for manipulating JPEG-2000 files. A specially

crafted file could cause an application using JasPer to crash or,

possibly, execute arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.900.1-13+deb7u2.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), these problems will be fixed soon.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3107-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 20, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : subversion

CVE ID : CVE-2014-3580

Debian Bug : 773263

 

Evgeny Kotkov discovered a NULL pointer dereference while processing

REPORT requests in mod_dav_svn, the Subversion component which is used

to serve repositories with the Apache web server. A remote attacker

could abuse this vulnerability for a denial of service.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.6.17dfsg-4+deb7u7.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.8.10-5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3108-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 20, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ntp

CVE ID : CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296

Debian Bug : 773576

 

Several vulnerabilities were discovered in the ntp package, an

implementation of the Network Time Protocol.

 

CVE-2014-9293

 

ntpd generated a weak key for its internal use, with full

administrative privileges. Attackers could use this key to

reconfigure ntpd (or to exploit other vulnerabilities).

 

CVE-2014-9294

 

The ntp-keygen utility generated weak MD5 keys with insufficient

entropy.

 

CVE-2014-9295

 

ntpd had several buffer overflows (both on the stack and in the

data section), allowing remote authenticated attackers to crash

ntpd or potentially execute arbitrary code.

 

CVE-2014-9296

 

The general packet processing function in ntpd did not handle an

error case correctly.

 

The default ntpd configuration in Debian restricts access to localhost

(and possible the adjacent network in case of IPv6).

 

Keys explicitly generated by "ntp-keygen -M" should be regenerated.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1:4.2.6.p5+dfsg-2+deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3107-2 security@debian.org

http://www.debian.org/security/ Florian Weimer

December 20, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : subversion

Debian Bug : 773610

 

The previous subversion security update, DSA-3107-1, introduced a

regression which causes Apache httpd to fail to start due to an

undefined symbol dav_svn__new_error in configurations which used

mod_dav_svn.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.6.17dfsg-4+deb7u8.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3109-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 21, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : firebird2.5

CVE ID : CVE-2014-9323

Debian Bug : 772880

 

Dmitry Kovalenko discovered that the Firebird database server is prone

to a denial of service vulnerability. An unauthenticated remote attacker

could send a malformed network packet to a firebird server, which would

cause the server to crash.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.5.2.26540.ds4-1~deb7u2.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 2.5.3.26778.ds4-5.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.5.3.26778.ds4-5.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3111-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

December 22, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : cpio

CVE ID : CVE-2014-9112

Debian Bug : 772793

 

Michal Zalewski discovered an out of bounds write issue in cpio, a tool

for creating and extracting cpio archive files. In the process of

fixing that issue, the cpio developers found and fixed additional

range checking and null pointer dereference issues.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.11+dfsg-0.1+deb7u1.

 

For the upcoming stable distribution (jessie), this problem will be

fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.11+dfsg-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3112-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 23, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : sox

CVE ID : CVE-2014-8145

Debian Bug : 773720

 

Michele Spagnuolo of the Google Security Team dicovered two heap-based

buffer overflows in SoX, the Swiss Army knife of sound processing

programs. A specially crafted wav file could cause an application using

SoX to crash or, possibly, execute arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 14.4.0-3+deb7u1.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3110-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

December 23, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mediawiki

Debian Bug : 773654

 

A flaw was discovered in mediawiki, a wiki engine: thumb.php outputs

wikitext messages as raw HTML, potentially leading to cross-site

scripting (XSS).

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.19.20+dfsg-0+deb7u3; this version additionally fixes a

regression introduced in the previous release, DSA-3100-1.

 

For the upcoming stable distribution (jessie) and unstable

distribution (sid), this problem has been fixed in version

1:1.19.20+dfsg-2.2.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3113-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 28, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : unzip

CVE ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141

Debian Bug : 773722

 

Michele Spagnuolo of the Google Security Team discovered that unzip, an

extraction utility for archives compressed in .zip format, is affected

by heap-based buffer overflows within the CRC32 verification function

(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the

getZip64Data() function (CVE-2014-8141), which may lead to the execution

of arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 6.0-8+deb7u1.

 

For the upcoming stable distribution (jessie), these problems will be

fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 6.0-13.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3114-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 29, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mime-support

CVE ID : CVE-2014-7209

 

Timothy D. Morgan discovered that run-mailcap, an utility to execute

programs via entries in the mailcap file, is prone to shell command

injection via shell meta-characters in filenames. In specific scenarios

this flaw could allow an attacker to remotely execute arbitrary code.

 

For the stable distribution (wheezy), this problem has been fixed in

version 3.52-1+deb7u1.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3115-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 29, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pyyaml

CVE ID : CVE-2014-9130

Debian Bug : 772815

 

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the

way wrapped strings are parsed in Python-YAML, a YAML parser and emitter

for Python. An attacker able to load specially crafted YAML input into an

application using python-yaml could cause the application to crash.

 

For the stable distribution (wheezy), this problem has been fixed in

version 3.10-4+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 3.11-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.11-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3116-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

December 30, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : polarssl

CVE ID : CVE-2014-8628

 

It was discovered that a memory leak in parsing X.509 certificates may

result in denial of service.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.2.9-1~deb7u4.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 1.3.9-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.3.9-1.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3117-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

December 31, 2014 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

CVE ID : CVE-2014-8142

 

Several vulnerabilities were found in PHP, a general-purpose scripting

language commonly used for web application development.

 

As announced in DSA 3064-1 it has been decided to follow the stable

5.4.x releases for the Wheezy php5 packages. Consequently the

vulnerabilities are addressed by upgrading PHP to a new upstream version

5.4.36, which includes additional bug fixes, new features and possibly

incompatible changes. Please refer to the upstream changelog for more

information:

 

http://php.net/ChangeLog-5.php#5.4.36

 

Two additional patches were applied on top of the imported new upstream

version. An out-of-bounds read flaw was fixed which could lead php5-cgi

to crash. Moreover a bug with php5-pgsql in combination with PostgreSQL

9.1 was fixed (Debian Bug #773182).

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.4.36-0+deb7u1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3118-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

January 05, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : strongswan

CVE ID : CVE-2014-9221

 

Mike Daskalakis reported a denial of service vulnerability in charon,

the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish

IPsec protected links.

 

The bug can be triggered by an IKEv2 Key Exchange (KE) payload that

contains the Diffie-Hellman (DH) group 1025. This identifier is from the

private-use range and only used internally by libtls for DH groups with

custom generator and prime (MODP_CUSTOM). As such the instantiated

method expects that these two values are passed to the constructor. This

is not the case when a DH object is created based on the group in the KE

payload. Therefore, an invalid pointer is dereferenced later, which

causes a segmentation fault.

 

This means that the charon daemon can be crashed with a single

IKE_SA_INIT message containing such a KE payload. The starter process

should restart the daemon after that, but this might increase load on

the system. Remote code execution is not possible due to this issue, nor

is IKEv1 affected in charon or pluto.

 

For the stable distribution (wheezy), this problem has been fixed in

version 4.5.2-1.5+deb7u6.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 5.2.1-5.

 

For the unstable distribution (sid), this problem has been fixed in

version 5.2.1-5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3119-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 06, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libevent

CVE ID : CVE-2014-6272

Debian Bug : 774645

 

Andrew Bartlett of Catalyst reported a defect affecting certain

applications using the Libevent evbuffer API. This defect leaves

applications which pass insanely large inputs to evbuffers open to a

possible heap overflow or infinite loop. In order to exploit this flaw,

an attacker needs to be able to find a way to provoke the program into

trying to make a buffer chunk larger than what will fit into a single

size_t or off_t.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.0.19-stable-3+deb7u1.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3120-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 06, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mantis

CVE ID : CVE-2014-6316 CVE-2014-7146 CVE-2014-8553 CVE-2014-8554

CVE-2014-8598 CVE-2014-8986 CVE-2014-8988 CVE-2014-9089

CVE-2014-9117 CVE-2014-9269 CVE-2014-9270 CVE-2014-9271

CVE-2014-9272 CVE-2014-9280 CVE-2014-9281 CVE-2014-9388

 

Multiple security issues have been found in the Mantis bug tracking

system, which may result in phishing, information disclosure, CAPTCHA

bypass, SQL injection, cross-site scripting or the execution of arbitrary

PHP code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.2.18-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3121-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 08, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : file

CVE ID : CVE-2014-8116 CVE-2014-8117

Debian Bug : 773148

 

Multiple security issues have been found in file, a tool/library to

determine a file type. Processing a malformed file could result in

denial of service. Most of the changes are related to parsing ELF

files.

 

As part of the fixes, several limits on aspects of the detection were

added or tightened, sometimes resulting in messages like "recursion

limit exceeded" or "too many program header sections".

 

To mitigate such shortcomings, these limits are controllable by a new

- -P, --parameter option in the file program.

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.11-2+deb7u7.

 

For the upcoming stable distribution (jessie), these problems will be

fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:5.21+15-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3122-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 08, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : curl

CVE ID : CVE-2014-8150

 

Andrey Labunets of Facebook discovered that cURL, an URL transfer

library, fails to properly handle URLs with embedded end-of-line

characters. An attacker able to make an application using libcurl to

access a specially crafted URL via an HTTP proxy could use this flaw to

do additional requests in a way that was not intended, or insert

additional request headers into the request.

 

For the stable distribution (wheezy), this problem has been fixed in

version 7.26.0-1+wheezy12.

 

For the upcoming stable distribution (jessie), this problem will be

fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 7.38.0-4.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3123-1 security@debian.org

http://www.debian.org/security/ Luciano Bello

January 09, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : binutils

CVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502

CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738

 

Multiple security issues have been found in binutils, a toolbox for

binary file manipulation. These vulnerabilities include multiple memory

safety errors, buffer overflows, use-after-frees and other implementation

errors

may lead to the execution of arbitrary code, the bypass of security

restrictions, path traversal attack or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.22-8+deb7u2.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.25-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3124-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 10, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : otrs2

CVE ID : CVE-2014-9324

 

Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered

a privilege escalation vulnerability in otrs2, the Open Ticket Request

System. An attacker with valid OTRS credentials could access and

manipulate ticket data of other users via the GenericInterface, if a

ticket webservice is configured and not additionally secured.

 

For the stable distribution (wheezy), this problem has been fixed in

version 3.1.7+dfsg1-8+deb7u5.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 3.3.9-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.3.9-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3125-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 11, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

CVE ID : CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572

CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206

 

Multiple vulnerabilities have been discovered in OpenSSL, a Secure

Sockets Layer toolkit. The Common Vulnerabilities and Exposures project

identifies the following issues:

 

CVE-2014-3569

 

Frank Schmirler reported that the ssl23_get_client_hello function in

OpenSSL does not properly handle attempts to use unsupported

protocols. When OpenSSL is built with the no-ssl3 option and a SSL

v3 ClientHello is received, the ssl method would be set to NULL which

could later result in a NULL pointer dereference and daemon crash.

 

CVE-2014-3570

 

Pieter Wuille of Blockstream reported that the bignum squaring

(BN_sqr) may produce incorrect results on some platforms, which

might make it easier for remote attackers to defeat cryptographic

protection mechanisms.

 

CVE-2014-3571

 

Markus Stenberg of Cisco Systems, Inc. reported that a carefully

crafted DTLS message can cause a segmentation fault in OpenSSL due

to a NULL pointer dereference. A remote attacker could use this flaw

to mount a denial of service attack.

 

CVE-2014-3572

 

Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an

OpenSSL client would accept a handshake using an ephemeral ECDH

ciphersuite if the server key exchange message is omitted. This

allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks

and trigger a loss of forward secrecy.

 

CVE-2014-8275

 

Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project

and Konrad Kraszewski of Google reported various certificate

fingerprint issues, which allow remote attackers to defeat a

fingerprint-based certificate-blacklist protection mechanism.

 

CVE-2015-0204

 

Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that

an OpenSSL client will accept the use of an ephemeral RSA key in a

non-export RSA key exchange ciphersuite, violating the TLS

standard. This allows remote SSL servers to downgrade the security

of the session.

 

CVE-2015-0205

 

Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an

OpenSSL server will accept a DH certificate for client

authentication without the certificate verify message. This flaw

effectively allows a client to authenticate without the use of a

private key via crafted TLS handshake protocol traffic to a server

that recognizes a certification authority with DH support.

 

CVE-2015-0206

 

Chris Mueller discovered a memory leak in the dtls1_buffer_record

function. A remote attacker could exploit this flaw to mount a

denial of service through memory exhaustion by repeatedly sending

specially crafted DTLS records.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.0.1e-2+deb7u14.

 

For the upcoming stable distribution (jessie), these problems will be

fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.0.1k-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3126-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

January 12, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

 

It was discovered that libmagic as used by PHP, would trigger an out

of bounds memory access when trying to identify a crafted file.

 

Additionally, this updates fixes a potential dependency loop in dpkg

trigger handling.

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.4.36-0+deb7u3.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3123-2 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

January 13, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : binutils-mingw-w64

CVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502

CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738

Debian Bug : 775165

 

In DSA 3123 the binutils package was updated for several security issues.

This update adds rebuilt packages for binutils-mingw-w64, so these will

take advantage of the fixes. For reference the original advisory text

follows.

 

Multiple security issues have been found in binutils, a toolbox for

binary file manipulation. These vulnerabilities include multiple memory

safety errors, buffer overflows, use-after-frees and other implementation

errors may lead to the execution of arbitrary code, the bypass of

security restrictions, path traversal attack or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2+deb7u1.

 

For the unstable distribution (sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3127-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 14, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2014-8634 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641

 

Multiple security issues have been found in Iceweasel, Debian's version

of the Mozilla Firefox web browser: Multiple memory safety errors

and implementation errors may lead to the execution of arbitrary code,

information leaks or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.4.0esr-1~deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.4.0esr-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3128-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2013-6885 CVE-2014-8133 CVE-2014-9419 CVE-2014-9529

CVE-2014-9584

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a denial of service or information leaks.

 

CVE-2013-6885

 

It was discovered that under specific circumstances, a combination

of write operations to write-combined memory and locked CPU

instructions may cause a core hang on AMD 16h 00h through 0Fh

processors. A local user can use this flaw to mount a denial of

service (system hang) via a crafted application.

 

For more information please refer to the AMD CPU erratum 793 in

http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf

 

CVE-2014-8133

 

It was found that the espfix funcionality can be bypassed by

installing a 16-bit RW data segment into GDT instead of LDT (which

espfix checks for) and using it for stack. A local unprivileged user

could potentially use this flaw to leak kernel stack addresses and

thus allowing to bypass the ASLR protection mechanism.

 

CVE-2014-9419

 

It was found that on Linux kernels compiled with the 32 bit

interfaces (CONFIG_X86_32) a malicious user program can do a

partial ASLR bypass through TLS base addresses leak when attacking

other programs.

 

CVE-2014-9529

 

It was discovered that the Linux kernel is affected by a race

condition flaw when doing key garbage collection, allowing local

users to cause a denial of service (memory corruption or panic).

 

CVE-2014-9584

 

It was found that the Linux kernel does not validate a length value

in the Extensions Reference (ER) System Use Field, which allows

local users to obtain sensitive information from kernel memory via a

crafted iso9660 image.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume

regression introduced with 3.2.65.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3129-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : rpm

CVE ID : CVE-2013-6435 CVE-2014-8118

 

Two vulnerabilities have been discovered in the RPM package manager.

 

CVE-2013-6435

 

Florian Weimer discovered a race condition in package signature

validation.

 

CVE-2014-8118

 

Florian Weimer discovered an integer overflow in parsing CPIO headers

which might result in the execution of arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.10.0-5+deb7u2.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 4.11.3-1.1.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.11.3-1.1.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3130-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 16, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : lsyncd

CVE ID : CVE-2014-8990

 

It was discovered that lsyncd, a daemon to synchronize local directories

using rsync, performed insufficient sanitising of filenames which might

result in the execution of arbitrary commands.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.0.7-3+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 2.1.5-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.1.5-2.

Link to post
Share on other sites
  • 2 weeks later...

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3131-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

January 18, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xdg-utils

CVE ID : CVE-2014-9622

Debian Bug : 773085

 

John Houwer discovered a way to cause xdg-open, a tool that automatically

opens URLs in a user's preferred application, to execute arbitrary

commands remotely.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.1.0~rc1+git20111210-6+deb7u2.

 

For the upcoming stable (jessie) and unstable (sid) distributions,

this problem has been fixed in version 1.1.0~rc1+git20111210-7.3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3132-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 19, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

CVE ID : CVE-2014-8634 CVE-2014-8638 CVE-2014-8639

 

Multiple security issues have been found in Icedove, Debian's version of

the Mozilla Thunderbird mail and news client: Multiple memory safety

errors and implementation errors may lead to the execution of arbitrary

code, information leaks or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.4.0-1~deb7u1.

 

For the upcoming stable distribution (jessie), these problems will be

fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.4.0-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3133-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 20, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : privoxy

CVE ID : CVE-2015-1031

 

Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing

HTTP proxy.

 

For the stable distribution (wheezy), this problem has been fixed in

version 3.0.19-2+deb7u1.

 

For the upcoming stable distribution (jessie), this problem will be

fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.0.21-5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3134-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 20, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : sympa

 

A vulnerability has been discovered in the web interface of sympa, a

mailing list manager. An attacker could take advantage of this flaw in

the newsletter posting area, which allows sending to a list, or to

oneself, any file located on the server filesystem and readable by the

sympa user.

 

For the stable distribution (wheezy), this problem has been fixed in

version 6.1.11~dfsg-5+deb7u2.

 

For the upcoming stable distribution (jessie), this problem will be

fixed soon.

 

For the unstable distribution (sid), this problem has been fixed in

version 6.1.23~dfsg-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3135-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 23, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mysql-5.5

CVE ID : CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382

CVE-2015-0411 CVE-2015-0432

Debian Bug : 775881

 

Several issues have been discovered in the MySQL database server. The

vulnerabilities are addressed by upgrading MySQL to the new upstream

version 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle's

Critical Patch Update advisory for further details:

 

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.5.41-0+wheezy1.

 

For the unstable distribution (sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3136-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 24, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : polarssl

CVE ID : CVE-2015-1182

Debian Bug : 775776

 

A vulnerability was discovered in PolarSSL, a lightweight crypto and

SSL/TLS library. A remote attacker could exploit this flaw using

specially crafted certificates to mount a denial of service against an

application linked against the library (application crash), or

potentially, to execute arbitrary code.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.2.9-1~deb7u5.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3137-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

January 24, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : websvn

CVE ID : CVE-2013-6892

Debian Bug : 775682

 

James Clawson discovered that websvn, a web viewer for Subversion

repositories, would follow symlinks in a repository when presenting a

file for download. An attacker with repository write access could

thereby access any file on disk readable by the user the webserver

runs as.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.3.3-1.1+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.3.3-1.2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3138-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 25, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jasper

CVE ID : CVE-2014-8157 CVE-2014-8158

Debian Bug : 775970

 

An off-by-one flaw, leading to a heap-based buffer overflow

(CVE-2014-8157), and an unrestricted stack memory use flaw

(CVE-2014-8158) were found in JasPer, a library for manipulating

JPEG-2000 files. A specially crafted file could cause an application

using JasPer to crash or, possibly, execute arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.900.1-13+deb7u3.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), these problems will be fixed soon.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3139-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

January 25, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : squid

CVE ID : CVE-2014-3609

Debian Bug : 776194

 

Matthew Daley discovered that squid, a web proxy cache, does not

properly perform input validation when parsing requests. A remote

attacker could use this flaw to mount a denial of service attack, by

sending specially crafted Range requests.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.7.STABLE9-4.1+deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3140-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 27, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xen

CVE ID : CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867

CVE-2014-9030

 

Multiple security issues have been discovered in the Xen virtualisation

solution which may result in denial of service, information disclosure

or privilege escalation.

 

CVE-2014-8594

 

Roger Pau Monne and Jan Beulich discovered that incomplete

restrictions on MMU update hypercalls may result in privilege

escalation.

 

CVE-2014-8595

 

Jan Beulich discovered that missing privilege level checks in the

x86 emulation of far branches may result in privilege escalation.

 

CVE-2014-8866

 

Jan Beulich discovered that an error in compatibility mode hypercall

argument translation may result in denial of service.

 

CVE-2014-8867

 

Jan Beulich discovered that an insufficient restriction in

acceleration support for the "REP MOVS" instruction may result in

denial of service.

 

CVE-2014-9030

 

Andrew Cooper discovered a page reference leak in MMU_MACHPHYS_UPDATE

handling, resulting in denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.1.4-3+deb7u4.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 4.4.1-4.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.4.1-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3141-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 27, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wireshark

CVE ID : CVE-2015-0562 CVE-2015-0564

 

Multiple vulnerabilities were discovered in the dissectors/parsers for

SSL/TLS and DEC DNA, which could result in denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.8.2-5wheezy14.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 1.12.1+g01b65bf-3.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.12.1+g01b65bf-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3142-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

January 27, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : eglibc

CVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2015-0235

 

Several vulnerabilities have been fixed in eglibc, Debian's version of

the GNU C library:

 

CVE-2015-0235

 

Qualys discovered that the gethostbyname and gethostbyname2

functions were subject to a buffer overflow if provided with a

crafted IP address argument. This could be used by an attacker to

execute arbitrary code in processes which called the affected

functions.

 

The original glibc bug was reported by Peter Klotz.

 

CVE-2014-7817

 

Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the

wordexp function did not suppress command execution in all cases.

This allows a context-dependent attacker to execute shell

commands.

 

CVE-2012-6656

CVE-2014-6040

 

The charset conversion code for certain IBM multi-byte code pages

could perform an out-of-bounds array access, causing the process

to crash. In some scenarios, this allows a remote attacker to

cause a persistent denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.13-38+deb7u7.

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), the CVE-2015-0235 issue has been fixed in version

2.18-1 of the glibc package.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3143-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 28, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : virtualbox

CVE ID : CVE-2015-0377 CVE-2015-0418

 

Two vulnerabilities have been discovered in VirtualBox, a x86

virtualisation solution, which might result in denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.1.18-dfsg-2+deb7u4.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.3.18-dfsg-2.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3144-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 29, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-7

CVE ID : CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591

CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395

CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in the execution

of arbitrary code, information disclosure or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 7u75-2.5.4-1~deb7u1.

 

For the upcoming stable distribution (jessie), these problems will be

fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 7u75-2.5.4-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3145-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

January 30, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : privoxy

CVE ID : CVE-2015-1381 CVE-2015-1382

Debian Bug : 776490

 

Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing

HTTP proxy, which might result in denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.0.19-2+deb7u2.

 

For the upcoming stable distribution (jessie), these problems will be

fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 3.0.21-7.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3146-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

January 30, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : requests

CVE ID : CVE-2014-1829 CVE-2014-1830

Debian Bug : 733108

 

Jakub Wilk discovered that in requests, an HTTP library for the Python

language, authentication information was improperly handled when a

redirect occured. This would allow remote servers to obtain two

different types of sensitive information: proxy passwords from the

Proxy-Authorization header (CVE-2014-1830), or netrc passwords from

the Authorization header (CVE-2014-1829).

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.12.1-1+deb7u1.

 

For the upcoming stable distribution (jessie) and unstable

distribution (sid), this problem has been fixed in version 2.3.0-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3147-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

January 30, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-6

CVE ID : CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591

CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395

CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in the execution

of arbitrary code, information disclosure or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 6b34-1.13.6-1~deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3148-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

January 31, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium-browser

 

Security support for the chromium web browser is now discontinued

for the stable distribution (wheezy). Chromium upstream stopped

supporting wheezy's build environment (gcc 4.7, make, etc.), so

there is no longer any practical way to continue building security

updates.

 

Chromium users that desire continued security updates are encouraged

to upgrade early to the upcoming stable release (jessie), Debian 8.

 

An alternative is to switch to the iceweasel web browser, which will

continue to recieve security updates in wheezy for some time.

 

Note that until the official release happens, chromium package updates

for jessie may have a larger than usual delay due to possible bugs and

testing migration rules.

 

Also, there will be no more DSAs announcing chromium package updates

until jessie becomes officially released.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3150-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

February 02, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : vlc

CVE ID : CVE-2014-9626 CVE-2014-9627 CVE-2014-9628 CVE-2014-9629

CVE-2014-9630

 

Fabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia

player and streamer:

 

CVE-2014-9626

 

The MP4 demuxer, when parsing string boxes, did not properly check

the length of the box, leading to a possible integer underflow when

using this length value in a call to memcpy(). This could allow

remote attackers to cause a denial of service (crash) or arbitrary

code execution via crafted MP4 files.

 

CVE-2014-9627

 

The MP4 demuxer, when parsing string boxes, did not properly check

that the conversion of the box length from 64bit integer to 32bit

integer on 32bit platforms did not cause a truncation, leading to

a possible buffer overflow. This could allow remote attackers to

cause a denial of service (crash) or arbitrary code execution via

crafted MP4 files.

 

CVE-2014-9628

 

The MP4 demuxer, when parsing string boxes, did not properly check

the length of the box, leading to a possible buffer overflow. This

could allow remote attackers to cause a denial of service (crash)

or arbitrary code execution via crafted MP4 files.

 

CVE-2014-9629

 

The Dirac and Schroedinger encoders did not properly check for an

integer overflow on 32bit platforms, leading to a possible buffer

overflow. This could allow remote attackers to cause a denial of

service (crash) or arbitrary code execution.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.0.3-5+deb7u2.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 2.2.0~rc2-2.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.2.0~rc2-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3149-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

February 02, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : condor

CVE ID : CVE-2014-8126

Debian Bug : 775276

 

Florian Weimer, of Red Hat Product Security, discovered an issue in

condor, a distributed workload management system. Upon job completion,

it can optionally notify a user by sending an email; the mailx

invocation used in that process allowed for any authenticated user

able to submit jobs, to execute arbitrary code with the privileges of

the condor user.

 

For the stable distribution (wheezy), this problem has been fixed in

version 7.8.2~dfsg.1-1+deb7u3.

 

For the upcoming stable distribution (jessie) and unstable

distribution (sid), this problem has been fixed in version

8.2.3~dfsg.1-6.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3151-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 03, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : python-django

CVE ID : CVE-2015-0219 CVE-2015-0220 CVE-2015-0221

Debian Bug : 775375

 

Several vulnerabilities were discovered in Django, a high-level Python

web development framework. The Common Vulnerabilities and Exposures

project identifies the following problems:

 

CVE-2015-0219

 

Jedediah Smith reported that the WSGI environ in Django does not

distinguish between headers containing dashes and headers containing

underscores. A remote attacker could use this flaw to spoof WSGI

headers.

 

CVE-2015-0220

 

Mikko Ohtamaa discovered that the django.util.http.is_safe_url()

function in Django does not properly handle leading whitespaces in

user-supplied redirect URLs. A remote attacker could potentially use

this flaw to perform a cross-site scripting attack.

 

CVE-2015-0221

 

Alex Gaynor reported a flaw in the way Django handles reading files

in the django.views.static.serve() view. A remote attacker could

possibly use this flaw to mount a denial of service via resource

consumption.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.4.5-1+deb7u9.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 1.7.1-1.1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.7.1-1.1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3152-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 03, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : unzip

CVE ID : CVE-2014-9636

Debian Bug : 776589

 

A flaw was found in the test_compr_eb() function allowing out-of-bounds

read and write access to memory locations. By carefully crafting a

corrupt ZIP archive an attacker can trigger a heap overflow, resulting

in application crash or possibly having other unspecified impact.

 

For the stable distribution (wheezy), this problem has been fixed in

version 6.0-8+deb7u2. Additionally this update corrects a defective

patch applied to address CVE-2014-8139, which caused a regression with

executable jar files.

 

For the unstable distribution (sid), this problem has been fixed in

version 6.0-15. The defective patch applied to address CVE-2014-8139 was

corrected in version 6.0-16.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3153-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 03, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : krb5

CVE ID : CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423

 

Multiples vulnerabilities have been found in krb5, the MIT

implementation of Kerberos:

 

CVE-2014-5352

 

Incorrect memory management in the libgssapi_krb5 library might

result in denial of service or the execution of arbitrary code.

 

CVE-2014-9421

 

Incorrect memory management in kadmind's processing of XDR data

might result in denial of service or the execution of arbitrary code.

 

CVE-2014-9422

 

Incorrect processing of two-component server principals might result

in impersonation attacks.

 

CVE-2014-9423

 

An information leak in the libgssrpc library.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.10.1+dfsg-5+deb7u3.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.12.1+dfsg-17.

Link to post
Share on other sites
  • 2 weeks later...

Sorry, got a bit behind on these.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3154-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 05, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ntp

CVE ID : CVE-2014-9297 CVE-2014-9298

 

Several vulnerabilities were discovered in the ntp package, an

implementation of the Network Time Protocol. The Common Vulnerabilities

and Exposures project identifies the following problems:

 

CVE-2014-9297

 

Stephen Roettger of the Google Security Team, Sebastian Krahmer of

the SUSE Security Team and Harlan Stenn of Network Time Foundation

discovered that the length value in extension fields is not properly

validated in several code paths in ntp_crypto.c, which could lead to

information leakage or denial of service (ntpd crash).

 

CVE-2014-9298

 

Stephen Roettger of the Google Security Team reported that ACLs

based on IPv6 ::1 addresses can be bypassed.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1:4.2.6.p5+dfsg-2+deb7u2.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:4.2.6.p5+dfsg-4.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3155-1 security@debian.org

http://www.debian.org/security/ Luciano Bello

February 06, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : postgresql-9.1

CVE ID : CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244

 

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database

system.

 

CVE-2014-8161: Information leak

A user with limited clearance on a table might have access to information

in columns without SELECT rights on through server error messages.

 

CVE-2015-0241: Out of boundaries read/write

The function to_char() might read/write past the end of a buffer. This

might crash the server when a formatting template is processed.

 

CVE-2015-0243: Buffer overruns in contrib/pgcrypto

The pgcrypto module is vulnerable to stack buffer overrun that might

crash the server.

 

CVE-2015-0244: SQL command injection

Emil Lenngren reported that an attacker can inject SQL commands when the

synchronization between client and server is lost.

 

For the stable distribution (wheezy), these problems have been fixed in

version 9.1.15-0+deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 9.1.14-0+deb8u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 9.1.15-0+deb8u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-2978-2 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

February 06, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxml2

CVE ID : CVE-2014-0191 CVE-2014-3660

Debian Bug : 768089

 

It was discovered that the update released for libxml2 in DSA 2978 fixing

CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external

entities regardless of whether entity substitution or validation is

enabled.

 

In addition, this update addresses a regression introduced in DSA 3057 by

the patch fixing CVE-2014-3660. This caused libxml2 to not parse an

entity when it's used first in another entity referenced from an

attribute value.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.8.0+dfsg1-7+wheezy3.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 2.9.1+dfsg1-4.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.9.1+dfsg1-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3154-2 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 07, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ntp

CVE ID : CVE-2014-9297

 

Marc Deslauriers reported that the patch applied to ntp for CVE-2014-9297

in DSA 3154-1 was incomplete. This update corrects that problem. For

reference, the relevant part of the original advisory text follows.

 

Several vulnerabilities were discovered in the ntp package, an

implementation of the Network Time Protocol. The Common Vulnerabilities

and Exposures project identifies the following problems:

 

CVE-2014-9297

 

Stephen Roettger of the Google Security Team, Sebastian Krahmer of

the SUSE Security Team and Harlan Stenn of Network Time Foundation

discovered that the length value in extension fields is not properly

validated in several code paths in ntp_crypto.c, which could lead to

information leakage or denial of service (ntpd crash).

 

For the stable distribution (wheezy), this problem has been fixed in

version 1:4.2.6.p5+dfsg-2+deb7u3.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:4.2.6.p5+dfsg-5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3156-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

February 07, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : liblivemedia

CVE ID : CVE-2013-6933

 

A vulnerability was found in liveMedia, a set of C++ libraries for

multimedia streaming. RTSP messages starting with whitespace were assumed

to have a zero length, triggering an integer underflow, infinite loop,

and then a buffer overflow. This could allow remote attackers to cause a

denial of service (crash) or arbitrary code execution via crafted RTSP

messages.

 

The packages vlc and mplayer have also been updated to reflect this

improvement.

 

For the stable distribution (wheezy), this problem has been fixed in

liblivemedia version 2012.05.17-1+wheezy1, vlc version 2.0.3-5+deb7u2+b1,

and mplayer version 2:1.0~rc4.dfsg1+svn34540-1+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in liblivemedia version 2014.01.13-1.

 

For the unstable distribution (sid), this problem has been fixed in

liblivemedia version 2014.01.13-1.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3157-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

February 09, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby1.9.1

CVE ID : CVE-2014-4975 CVE-2014-8080 CVE-2014-8090

 

Multiple vulnerabilities were discovered in the interpreter for the Ruby

language:

 

CVE-2014-4975

 

The encodes() function in pack.c had an off-by-one error that could

lead to a stack-based buffer overflow. This could allow remote

attackers to cause a denial of service (crash) or arbitrary code

execution.

 

CVE-2014-8080, CVE-2014-8090

 

The REXML parser could be coerced into allocating large string

objects that could consume all available memory on the system. This

could allow remote attackers to cause a denial of service (crash).

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.9.3.194-8.1+deb7u3.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 2.1.5-1 of the ruby2.1 source package.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.1.5-1 of the ruby2.1 source package.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3158-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 09, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : unrtf

CVE ID : CVE-2014-9274 CVE-2014-9275

Debian Bug : 772811

 

Michal Zalewski and Hanno Boeck discovered several vulnerabilities in

unrtf, a RTF to other formats converter, leading to a denial of service

(application crash) or, potentially, the execution of arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 0.21.5-3~deb7u1. This update is based on a new upstream version

of unrtf including additional bug fixes, new features and incompatible

changes (especially PostScript support is dropped).

 

For the upcoming stable distribution (jessie) and the unstable

distribution (sid), these problems have been fixed in version 0.21.5-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3159-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

February 10, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby1.8

CVE ID : CVE-2014-8080 CVE-2014-8090

 

It was discovered that the REXML parser, part of the interpreter for the

Ruby language, could be coerced into allocating large string objects that

could consume all available memory on the system. This could allow remote

attackers to cause a denial of service (crash).

 

For the stable distribution (wheezy), this problem has been fixed in version

1.8.7.358-7.1+deb7u2.

 

For the upcoming stable distribution (jessie), this problem has been fixed in

version 2.1.5-1 of the ruby2.1 source package.

 

For the unstable distribution (sid), this problem has been fixed in version

2.1.5-1 of the ruby2.1 source package.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3160-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 11, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xorg-server

CVE ID : CVE-2015-0255

 

Olivier Fourdan discovered that missing input validation in the Xserver's

handling of XkbSetGeometry requests may result in an information leak

or denial of service.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2:1.12.4-6+deb7u6.

 

For the unstable distribution (sid), this problem has been fixed in

version 2:1.16.4-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3161-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 11, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dbus

CVE ID : CVE-2015-0245

Debian Bug : 777545

 

Simon McVittie discovered a local denial of service flaw in dbus, an

asynchronous inter-process communication system. On systems with

systemd-style service activation, dbus-daemon does not prevent forged

ActivationFailure messages from non-root processes. A malicious local

user could use this flaw to trick dbus-daemon into thinking that systemd

failed to activate a system service, resulting in an error reply back to

the requester.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.6.8-1+deb7u6.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.8.16-1.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3162-1 security@debian.org

http://www.debian.org/security/ Florian Weimer

February 18, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : bind9

CVE ID : CVE-2015-1349

 

Jan-Piet Mens discovered that the BIND DNS server would crash when

processing an invalid DNSSEC key rollover, either due to an error on

the zone operator's part, or due to interference with network traffic

by an attacker. This issue affects configurations with the directives

"dnssec-validation auto;" (as enabled in the Debian default

configuration) or "dnssec-lookaside auto;".

 

For the stable distribution (wheezy), this problem has been fixed in

version 1:9.8.4.dfsg.P1-6+nmu2+deb7u4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3163-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

February 19, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libreoffice

CVE ID : CVE-2014-9093

Debian Bug : 771163

 

It was discovered that LibreOffice, an office productivity suite, could

try to write to invalid memory areas when importing malformed RTF files.

This could allow remote attackers to cause a denial of service (crash)

or arbitrary code execution via crafted RTF files.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1:3.5.4+dfsg2-0+deb7u3.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 1:4.3.3-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:4.3.3-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3164-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 21, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : typo3-src

CVE ID : not yet available

 

Pierrick Caillon discovered that the authentication could be bypassed in

the Typo 3 content management system. Please refer to the upstream

advisory for additional information:

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/

 

For the stable distribution (wheezy), this problem has been fixed in

version 4.5.19+dfsg1-5+wheezy4.

The upcoming stable distribution (jessie) no longer includes Typo 3.

 

For the unstable distribution (sid), this problem has been fixed in

version 4.5.40+dfsg1-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3165-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

February 21, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xdg-utils

CVE ID : CVE-2015-1877

Debian Bug : 777722

 

Jiri Horner discovered a way to cause xdg-open, a tool that automatically

opens URLs in a user's preferred application, to execute arbitrary

commands remotely.

 

This problem only affects /bin/sh implementations that don't sanitize

local variables. Dash, which is the default /bin/sh in Debian is

affected. Bash as /bin/sh is known to be unaffected.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.1.0~rc1+git20111210-6+deb7u3.

 

For the upcoming stable (jessie) and unstable (sid) distributions,

this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3166-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

February 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : e2fsprogs

CVE ID : CVE-2015-0247 CVE-2015-1572

Debian Bug : 778948

 

Jose Duart of the Google Security Team discovered a buffer overflow in

in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file

systems. This issue can possibly lead to arbitrary code execution if

a malicious device is plugged in, the system is configured to

automatically mount it, and the mounting process chooses to run fsck

on the device's malicious filesystem.

 

CVE-2015-0247

 

Buffer overflow in the ext2/ext3/ext4 file system open/close routines.

 

CVE-2015-1572

 

Incomplete fix for CVE-2015-0247.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.42.5-1.1+deb7u1.

 

For the upcoming stable (jessie) and unstable (sid) distributions,

these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3167-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : sudo

CVE ID : CVE-2014-9680

Debian Bug : 772707

 

Jakub Wilk reported that sudo, a program designed to provide limited

super user privileges to specific users, preserves the TZ variable from

a user's environment without any sanitization. A user with sudo access

may take advantage of this to exploit bugs in the C library functions

which parse the TZ environment variable or to open files that the user

would not otherwise be able to open. The later could potentially cause

changes in system behavior when reading certain device special files or

cause the program run via sudo to block.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.8.5p2-1+nmu2.

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3168-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

February 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby-redcloth

CVE ID : CVE-2012-6684

Debian Bug : 774748

 

Kousuke Ebihara discovered that redcloth, a Ruby module used to

convert Textile markup to HTML, did not properly sanitize its

input. This allowed a remote attacker to perform a cross-site

scripting attack by injecting arbitrary Javascript code into the

generated HTML.

 

For the stable distribution (wheezy), this problem has been fixed in

version 4.2.9-2+deb7u2.

 

For the unstable distribution (sid), this problem has been fixed in

version 4.2.9-4.

 

- ----------------------------------------------------------------------

Debian Security Advisory DSA-3169-1 security@debian.org

http://www.debian.org/security/ Aurelien Jarno

February 23, 2015 http://www.debian.org/security/faq

- ----------------------------------------------------------------------

 

Package : eglibc

CVE ID : CVE-2012-3406 CVE-2013-7424 CVE-2014-4043 CVE-2014-9402

CVE-2015-1472 CVE-2015-1473

Debian Bug : 681888 751774 775572 777197

 

Several vulnerabilities have been fixed in eglibc, Debian's version of

the GNU C library:

 

CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka

glibc) 2.5, 2.12, and probably other versions does not "properly restrict

the use of" the alloca function when allocating the SPECS array, which

allows context-dependent attackers to bypass the FORTIFY_SOURCE

format-string protection mechanism and cause a denial of service (crash)

or possibly execute arbitrary code via a crafted format string using

positional parameters and a large number of format specifiers, a different

vulnerability than CVE-2012-3404 and CVE-2012-3405.

 

CVE-2013-7424

An invalid free flaw was found in glibc's getaddrinfo() function when used

with the AI_IDN flag. A remote attacker able to make an application call

this function could use this flaw to execute arbitrary code with the

permissions of the user running the application. Note that this flaw only

affected applications using glibc compiled with libidn support.

 

CVE-2014-4043

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not

copy its path argument in accordance with the POSIX specification, which

allows context-dependent attackers to trigger use-after-free

vulnerabilities.

 

CVE-2014-9402

The getnetbyname function in glibc 2.21 in earlier will enter an infinite

loop if the DNS backend is activated in the system Name Service Switch

configuration, and the DNS resolver receives a positive answer while

processing the network name.

 

CVE-2015-1472

CVE-2015-1473

Under certain conditions wscanf can allocate too little memory for the

to-be-scanned arguments and overflow the allocated buffer. The incorrect

use of "__libc_use_alloca (newsize)" caused a different (and weaker)

policy to be enforced which could allow a denial of service attack.

 

For the unstable distribution (sid), all the above issues are fixed in version

2.19-15 of the glibc package.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3171-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 23, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : samba

CVE ID : CVE-2015-0240

 

Richard van Eeden of Microsoft Vulnerability Research discovered that

Samba, a SMB/CIFS file, print, and login server for Unix, contains a

flaw in the netlogon server code which allows remote code execution with

root privileges from an unauthenticated connection.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2:3.6.6-6+deb7u5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3160-1 security@debian.org

http://www.debian.org/security/ Ben Hutchings

February 23, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559

CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239

CVE-2015-1420 CVE-2015-1421 CVE-2015-1593

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a denial of service, information leaks or privilege

escalation.

 

CVE-2013-7421 / CVE-2014-9644

 

It was discovered that the Crypto API allowed unprivileged users

to load arbitrary kernel modules. A local user can use this flaw

to exploit vulnerabilities in modules that would not normally be

loaded.

 

CVE-2014-7822

 

Akira Fujita found that the splice() system call did not validate

the given file offset and length. A local unprivileged user can use

this flaw to cause filesystem corruption on ext4 filesystems, or

possibly other effects.

 

CVE-2014-8160

 

Florian Westphal discovered that a netfilter (iptables/ip6tables) rule

accepting packets to a specific SCTP, DCCP, GRE or UDPlite

port/endpoint could result in incorrect connection tracking state.

If only the generic connection tracking module (nf_conntrack) was

loaded, and not the protocol-specific connection tracking module,

this would allow access to any port/endpoint of the specified

protocol.

 

CVE-2014-8559

 

It was found that kernel functions that iterate over a directory

tree can dead-lock or live-lock in case some of the directory

entries were recently deleted or dropped from the cache. A local

unprivileged user can use this flaw for denial of service.

 

CVE-2014-9585

 

Andy Lutomirski discovered that address randomisation for the vDSO

in 64-bit processes is extremely biased. A local unprivileged user

could potentially use this flaw to bypass the ASLR protection

mechanism.

 

CVE-2014-9683

 

Dmitry Chernenkov discovered that eCryptfs writes past the end of

the allocated buffer during encrypted filename decoding, resulting

in local denial of service.

 

CVE-2015-0239

 

It was found that KVM did not correctly emulate the x86 SYSENTER

instruction. An unprivileged user within a guest system that has

not enabled SYSENTER, for example because the emulated CPU vendor

is AMD, could potentially use this flaw to cause a denial of

service or privilege escalation in that guest.

 

CVE-2015-1420

 

It was discovered that the open_by_handle_at() system call reads

the handle size from user memory a second time after validating

it. A local user with the CAP_DAC_READ_SEARCH capability could use

this flaw for privilege escalation.

 

CVE-2015-1421

 

It was found that the SCTP implementation could free an

authentication state while it was still in use, resulting in heap

corruption. This could allow remote users to cause a denial of

service or privilege escalation.

 

CVE-2015-1593

 

It was found that address randomisation for the initial stack in

64-bit processes was limited to 20 rather than 22 bits of entropy.

A local unprivileged user could potentially use this flaw to

bypass the ASLR protection mechanism.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.2.65-1+deb7u2. Additionally this update fixes regressions

introduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.

 

For the upcoming stable distribution (jessie), these problems will be fixed

soon (a subset is fixed already).

 

For the unstable distribution (sid), these problems will be fixed soon

(a subset is fixed already).

Link to post
Share on other sites

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3172-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

February 25, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : cups

CVE ID : CVE-2014-9679

Debian Bug : 778387

 

Peter De Wachter discovered that CUPS, the Common UNIX Printing

System, did not correctly parse compressed raster files. By submitting

a specially crafted raster file, a remote attacker could use this

vulnerability to trigger a buffer overflow.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.5.3-5+deb7u5.

 

For the upcoming stable distribution (jessie) and unstable

distribution (sid), this problem has been fixed in version 1.7.5-11.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3173-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 25, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libgtk2-perl

 

It was discovered that libgtk2-perl, a Perl interface to the 2.x series

of the Gimp Toolkit library, incorrectly frees memory which GTK+ still

holds onto and might access later, leading to denial of service

(application crash) or, potentially, to arbitrary code execution.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2:1.244-1+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 2:1.2492-4.

 

For the unstable distribution (sid), this problem has been fixed in

version 2:1.2492-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3174-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 25, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836

 

Multiple security issues have been found in Iceweasel, Debian's version

of the Mozilla Firefox web browser: Multiple memory safety errors and

implementation errors may lead to the execution of arbitrary code or

information disclosure.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.5.0esr-1~deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.5.0esr-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3175-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

February 25, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : kfreebsd-9

CVE ID : CVE-2015-1414

 

Mateusz Kocielski and Marek Kroemeke discovered that an integer overflow

in IGMP processing may result in denial of service through malformed

IGMP packets.

 

For the stable distribution (wheezy), this problem has been fixed in

version 9.0-10+deb70.9.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3176-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

February 26, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : request-tracker4

CVE ID : CVE-2014-9472 CVE-2015-1165 CVE-2015-1464

 

Multiple vulnerabilities have been discovered in Request Tracker, an

extensible trouble-ticket tracking system. The Common Vulnerabilities

and Exposures project identifies the following problems:

 

CVE-2014-9472

 

Christian Loos discovered a remote denial of service vulnerability,

exploitable via the email gateway and affecting any installation

which accepts mail from untrusted sources. Depending on RT's

logging configuration, a remote attacker can take advantage of

this flaw to cause CPU and excessive disk usage.

 

CVE-2015-1165

 

Christian Loos discovered an information disclosure flaw which may

reveal RSS feeds URLs, and thus ticket data.

 

CVE-2015-1464

 

It was discovered that RSS feed URLs can be leveraged to perform

session hijacking, allowing a user with the URL to log in as the

user that created the feed.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.0.7-5+deb7u3.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.2.8-3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3178-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 02, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : unace

CVE ID : CVE-2015-2063

Debian Bug : 775003

 

Jakub Wilk discovered that unace, an utility to extract, test and view

.ace archives, contained an integer overflow leading to a buffer

overflow. If a user or automated system were tricked into processing a

specially crafted ace archive, an attacker could cause a denial of

service (application crash) or, possibly, execute arbitrary code.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.2b-10+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 1.2b-12.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.2b-12.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3179-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 03, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

CVE ID : CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836

 

Multiple security issues have been found in Icedove, Debian's version of

the Mozilla Thunderbird mail and news client: Multiple memory safety

errors and implementation errors may lead to the execution of arbitrary

code or information disclosure.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.5.0-1~deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.5.0-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3180-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

March 05, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libarchive

CVE ID : no yet available

Debian Bug : 778266

 

Alexander Cherepanov discovered that bsdcpio, an implementation of the

'cpio' program part of the libarchive project, is susceptible to a

directory traversal vulnerability via absolute paths.

 

For the stable distribution (wheezy), this problem has been fixed in

version 3.0.4-3+wheezy1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 3.1.2-11.

 

For the unstable distribution (sid), this problem has been fixed in

version 3.1.2-11.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3181-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 10, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xen

CVE ID : CVE-2015-2044 CVE-2015-2045 CVE-2015-2151

 

Multiple security issues have been found in the Xen virtualisation

solution:

 

CVE-2015-2044

 

Information leak via x86 system device emulation.

 

CVE-2015-2045

 

Information leak in the HYPERVISOR_xen_version() hypercall.

 

CVE-2015-2151

 

Missing input sanitising in the x86 emulator could result in

information disclosure, denial of service or potentially

privilege escalation.

 

In addition the Xen developers reported an unfixable limitation in the

handling of non-standard PCI devices. Please refer to

http://xenbits.xen.org/xsa/advisory-124.html for further information.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.1.4-3+deb7u5.

 

For the unstable distribution (sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3177-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

March 10, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mod-gnutls

CVE ID : CVE-2015-2091

Debian Bug : 578663

 

Thomas Klute discovered that in mod-gnutls, an Apache module providing

SSL and TLS encryption with GnuTLS, a bug caused the server's client

verify mode not to be considered at all, in case the directory's

configuration was unset. Clients with invalid certificates were then

able to leverage this flaw in order to get access to that directory.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.5.10-1.1+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.6-1.3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3182-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 11, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libssh2

CVE ID : CVE-2015-1782

Debian Bug : 780249

 

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was

reading and using the SSH_MSG_KEXINIT packet without doing sufficient

range checks when negotiating a new SSH session with a remote server. A

malicious attacker could man in the middle a real server and cause a

client using the libssh2 library to crash (denial of service) or

otherwise read and use unintended memory areas in this process.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.4.2-1.1+deb7u1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3183-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 12, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : movabletype-opensource

CVE ID : CVE-2013-2184 CVE-2014-9057 CVE-2015-1592

Debian Bug : 712602 774192

 

Multiple vulnerabilities have been discovered in Movable Type, a

blogging system. The Common Vulnerabilities and Exposures project

identifies the following problems:

 

CVE-2013-2184

 

Unsafe use of Storable::thaw in the handling of comments to blog

posts could allow remote attackers to include and execute arbitrary

local Perl files or possibly remotely execute arbitrary code.

 

CVE-2014-9057

 

Netanel Rubin from Check Point Software Technologies discovered a

SQL injection vulnerability in the XML-RPC interface allowing

remote attackers to execute arbitrary SQL commands.

 

CVE-2015-1592

 

The Perl Storable::thaw function is not properly used, allowing

remote attackers to include and execute arbitrary local Perl files

and possibly remotely execute arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.1.4+dfsg-4+deb7u2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3184-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

March 12, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gnupg

CVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606

 

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:

 

CVE-2014-3591

 

The Elgamal decryption routine was susceptible to a side-channel

attack discovered by researchers of Tel Aviv University. Ciphertext

blinding was enabled to counteract it. Note that this may have a

quite noticeable impact on Elgamal decryption performance.

 

CVE-2015-0837

 

The modular exponentiation routine mpi_powm() was susceptible to a

side-channel attack caused by data-dependent timing variations when

accessing its internal pre-computed table.

 

CVE-2015-1606

 

The keyring parsing code did not properly reject certain packet

types not belonging in a keyring, which caused an access to memory

already freed. This could allow remote attackers to cause a denial

of service (crash) via crafted keyring files.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.4.12-7+deb7u7.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 1.4.18-7.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.4.18-7.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3185-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

March 12, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libgcrypt11

CVE ID : CVE-2014-3591 CVE-2015-0837

 

Multiple vulnerabilities were discovered in libgcrypt:

 

CVE-2014-3591

 

The Elgamal decryption routine was susceptible to a side-channel

attack discovered by researchers of Tel Aviv University. Ciphertext

blinding was enabled to counteract it. Note that this may have a

quite noticeable impact on Elgamal decryption performance.

 

CVE-2015-0837

 

The modular exponentiation routine mpi_powm() was susceptible to a

side-channel attack caused by data-dependent timing variations when

accessing its internal pre-computed table.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.5.0-5+deb7u3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3186-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 13, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : nss

CVE ID : CVE-2014-1569

Debian Bug : 773625

 

It was discovered that the Mozilla Network Security Service library

(nss) incorrectly handled certain ASN.1 lengths. A remote attacker could

possibly use this issue to perform a data-smuggling attack.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2:3.14.5-1+deb7u4.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 2:3.17.2-1.1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2:3.17.2-1.1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3187-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

March 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icu

CVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419

CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926

CVE-2014-7940 CVE-2014-9654

Debian Bug : 775884 776264 776265 776719

 

Several vulnerabilities were discovered in the International Components

for Unicode (ICU) library.

 

CVE-2013-1569

 

Glyph table issue.

 

CVE-2013-2383

 

Glyph table issue.

 

CVE-2013-2384

 

Font layout issue.

 

CVE-2013-2419

 

Font processing issue.

 

CVE-2014-6585

 

Out-of-bounds read.

 

CVE-2014-6591

 

Additional out-of-bounds reads.

 

CVE-2014-7923

 

Memory corruption in regular expression comparison.

 

CVE-2014-7926

 

Memory corruption in regular expression comparison.

 

CVE-2014-7940

 

Uninitialized memory.

 

CVE-2014-9654

 

More regular expression flaws.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.8.1.1-12+deb7u2.

 

For the upcoming stable (jessie) and unstable (sid) distributions, these

problems have been fixed in version 52.1-7.1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3188-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : freetype

CVE ID : CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660

CVE-2014-9661 CVE-2014-9663 CVE-2014-9664 CVE-2014-9666

CVE-2014-9667 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671

CVE-2014-9672 CVE-2014-9673 CVE-2014-9675

 

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening

malformed fonts may result in denial of service or the execution of

arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.4.9-1.1+deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 2.5.2-3.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.5.2-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3189-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libav

CVE ID : CVE-2014-7933 CVE-2014-8543 CVE-2014-8544 CVE-2014-8547

CVE-2014-8548 CVE-2014-9604

 

Several security issues have been corrected in multiple demuxers and

decoders of the libav multimedia library. A full list of the changes is

available at

http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.17

 

For the stable distribution (wheezy), these problems have been fixed in

version 6:0.8.17-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 6:11.3-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3190-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : putty

CVE ID : CVE-2015-2157

 

Patrick Coleman discovered that the Putty SSH client failed to wipe out

unused sensitive memory.

 

In addition Florent Daigniere discovered that exponential values in

Diffie Hellman exchanges were insufficienty restricted.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.62-9+deb7u2.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 0.63-10.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.63-10.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3191-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gnutls26

CVE ID : CVE-2015-0282 CVE-2015-0294

 

Multiple vulnerabilities have been discovered in GnuTLS, a library

implementing the TLS and SSL protocols. The Common Vulnerabilities and

Exposures project identifies the following problems:

 

CVE-2015-0282

 

GnuTLS does not verify the RSA PKCS #1 signature algorithm to match

the signature algorithm in the certificate, leading to a potential

downgrade to a disallowed algorithm without detecting it.

 

CVE-2015-0294

 

It was reported that GnuTLS does not check whether the two signature

algorithms match on certificate import.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.12.20-8+deb7u3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3192-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 17, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : checkpw

CVE ID : CVE-2015-0885

Debian Bug : 780139

 

Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password

authentication program, has a flaw in processing account names which

contain double dashes. A remote attacker can use this flaw to cause a

denial of service (infinite loop).

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.02-1+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 1.02-1.1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.02-1.1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3193-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 17, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tcpdump

CVE ID : CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155

 

Several vulnerabilities have been discovered in tcpdump, a command-line

network traffic analyzer. These vulnerabilities might result in denial

of service (application crash) or, potentially, execution of arbitrary

code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 4.3.0-1+deb7u2.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 4.6.2-4.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.6.2-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3194-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 17, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxfont

CVE ID : CVE-2015-1802 CVE-2015-1803 CVE-2015-1804

 

Ilja van Sprundel, Alan Coopersmith and William Robinet discovered

multiple issues in libxfont's code to process BDF fonts, which might

result in privilege escalation.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.4.5-5.

 

For the unstable distribution (sid), these problems will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3195-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 18, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

CVE ID : CVE-2014-9705 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273

CVE-2015-2305

 

Multiple vulnerabilities have been discovered in the PHP language:

 

CVE-2015-2305

 

Guido Vranken discovered a heap overflow in the ereg extension

(only applicable to 32 bit systems).

 

CVE-2014-9705

 

Buffer overflow in the enchant extension.

 

CVE-2015-0231

 

Stefan Esser discovered a use-after-free in the unserialisation

of objects.

 

CVE-2015-0232

 

Alex Eubanks discovered incorrect memory management in the exif

extension.

 

CVE-2015-0273

 

Use-after-free in the unserialisation of DateTimeZone.

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.4.38-0+deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 5.6.6+dfsg-2.

 

For the unstable distribution (sid), these problems have been fixed in

version 5.6.6+dfsg-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3196-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 18, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : file

CVE ID : CVE-2014-9653

 

Hanno Boeck discovered that file's ELF parser is suspectible to denial

of service.

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.11-2+deb7u8.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 1:5.22+15-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:5.22+15-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3197-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 19, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

CVE ID : CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288

CVE-2015-0289 CVE-2015-0292

 

Multiple vulnerabilities have been discovered in OpenSSL, a Secure

Sockets Layer toolkit. The Common Vulnerabilities and Exposures project

identifies the following issues:

 

CVE-2015-0286

 

Stephen Henson discovered that the ASN1_TYPE_cmp() function

can be crashed, resulting in denial of service.

 

CVE-2015-0287

 

Emilia Kaesper discovered a memory corruption in ASN.1 parsing.

 

CVE-2015-0289

 

Michal Zalewski discovered a NULL pointer dereference in the

PKCS#7 parsing code, resulting in denial of service.

 

CVE-2015-0292

 

It was discovered that missing input sanitising in base64 decoding

might result in memory corruption.

 

CVE-2015-0209

 

It was discovered that a malformed EC private key might result in

memory corruption.

 

CVE-2015-0288

 

It was discovered that missing input sanitising in the

X509_to_X509_REQ() function might result in denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.0.1e-2+deb7u15. In this update the export ciphers are removed

from the default cipher list.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3198-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 20, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

CVE ID : CVE-2015-2301 CVE-2015-2331

 

Multiple vulnerabilities have been discovered in the PHP language:

 

CVE-2015-2301

 

Use-after-free in the phar extension.

 

CVE-2015-2331

 

Emmanuel Law discovered an integer overflow in the processing

of ZIP archives, resulting in denial of service or potentially

the execution of arbitrary code.

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.4.39-0+deb7u1. This update also fixes a regression in the

curl support introduced in DSA 3195.

 

For the unstable distribution (sid), these problems will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3199-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 20, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : xerces-c

CVE ID : CVE-2015-0252

Debian Bug : 780827

 

Anton Rager and Jonathan Brossard from the Salesforce.com Product

Security Team and Ben Laurie of Google discovered a denial of service

vulnerability in xerces-c, a validating XML parser library for C++. The

parser mishandles certain kinds of malformed input documents, resulting

in a segmentation fault during a parse operation. An unauthenticated

attacker could use this flaw to cause an application using the

xerces-c library to crash.

 

For the stable distribution (wheezy), this problem has been fixed in

version 3.1.1-3+deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3200-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 20, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : drupal7

CVE ID : CVE-2015-2559

 

Multiple vulnerabilities have been found the Drupal content management

framework. More information can be found at

https://www.drupal.org/SA-CORE-2015-001

 

For the stable distribution (wheezy), this problem has been fixed in

version 7.14-2+deb7u9.

 

For the unstable distribution (sid), this problem has been fixed in

version 7.32-1+deb8u2.

Link to post
Share on other sites

×
×
  • Create New...