Jump to content

Recommended Posts

sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3201-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2015-0817 CVE-2015-0818

 

Multiple security issues have been found in Iceweasel, Debian's version

of the Mozilla Firefox web browser. The Common Vulnerabilities and

Exposures project identifies the following problems:

 

CVE-2015-0817

 

ilxu1a reported a flaw in Mozilla's implementation of typed array

bounds checking in Javascript just-in-time compilation (JIT) and its

management of bounds checking for heap access. This flaw can be

leveraged into the reading and writing of memory allowing for

arbitary code execution on the local system.

 

CVE-2015-0818

 

Mariusz Mlynski discovered a method to run arbitrary scripts in a

privileged context. This bypassed the same-origin policy protections

by using a flaw in the processing of SVG format content navigation.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.5.3esr-1~deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.5.3esr-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3202-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

March 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mono

CVE ID : CVE-2015-2318 CVE-2015-2319 CVE-2015-2320

Debian Bug : 780751

 

Researchers at INRIA and Xamarin discovered several vulnerabilities in

mono, a platform for running and developing applications based on the

ECMA/ISO Standards. Mono's TLS stack contained several problems that

hampered its capabilities: those issues could lead to client

impersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening

(via FREAK).

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.10.8.1-8+deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 3.2.8+dfsg-10.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3203-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

March 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tor

 

Several denial-of-service issues have been discovered in Tor, a

connection-based low-latency anonymous communication system.

 

o Jowr discovered that very high DNS query load on a relay could

trigger an assertion error.

 

o A relay could crash with an assertion error if a buffer of exactly

the wrong layout was passed to buf_pullup() at exactly the wrong

time.

 

For the stable distribution (wheezy), these problems have been fixed

in version 0.2.4.26-1.

 

For the testing distribution (jessie) and unstable distribution (sid),

these problems have been fixed in version 0.2.5.11-1.

 

Furthermore, this update disables support for SSLv3 in Tor. All

versions of OpenSSL in use with Tor today support TLS 1.0 or later.

 

Additionally, this release updates the geoIP database used by Tor as

well as the list of directory authority servers, which Tor clients use

to bootstrap and who sign the Tor directory consensus document.

Link to post
Share on other sites
  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

  • sunrat

    1538

  • V.T. Eric Layton

    171

  • securitybreach

    112

  • Bruno

    65

Top Posters In This Topic

Popular Posts

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 security@debian.org http://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3401-1 security@debian.org https://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4123-1 security@debian.org https://www.debian.org/security/

sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3204-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 24, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : python-django

CVE ID : CVE-2015-2317

Debian Bug : 780873

 

Daniel Chatfield discovered that python-django, a high-level Python web

development framework, incorrectly handled user-supplied redirect URLs.

A remote attacker could use this flaw to perform a cross-site scripting

attack.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.4.5-1+deb7u11.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.7.7-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3197-2 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 24, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openssl

CVE ID : CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288

CVE-2015-0289 CVE-2015-0292

Debian Bug : 781081

 

The openssl update issued as DSA 3197-1 caused regressions. This update

reverts the defective patch applied in that update causing these

problems. Additionally a follow-up fix for CVE-2015-0209 is applied.

For reference the original advisory text follows.

 

Multiple vulnerabilities have been discovered in OpenSSL, a Secure

Sockets Layer toolkit. The Common Vulnerabilities and Exposures project

identifies the following issues:

 

CVE-2015-0286

 

Stephen Henson discovered that the ASN1_TYPE_cmp() function

can be crashed, resulting in denial of service.

 

CVE-2015-0287

 

Emilia Kaesper discovered a memory corruption in ASN.1 parsing.

 

CVE-2015-0289

 

Michal Zalewski discovered a NULL pointer dereference in the

PKCS#7 parsing code, resulting in denial of service.

 

CVE-2015-0292

 

It was discovered that missing input sanitising in base64 decoding

might result in memory corruption.

 

CVE-2015-0209

 

It was discovered that a malformed EC private key might result in

memory corruption.

 

CVE-2015-0288

 

It was discovered that missing input sanitising in the

X509_to_X509_REQ() function might result in denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.0.1e-2+deb7u16.

Link to post
Share on other sites
  • 2 weeks later...
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3205-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

March 27, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : batik

CVE ID : CVE-2015-0250

Debian Bug : 780897

 

Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit

for processing SVG images, would load XML external entities by

default. If a user or automated system were tricked into opening a

specially crafted SVG file, an attacker could possibly obtain access

to arbitrary files or cause resource consumption.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.7+dfsg-3+deb7u1.

 

For the upcoming stable distribution (jessie) and unstable

distribution (sid), this problem has been fixed in version 1.7+dfsg-5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3207-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

March 28, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : shibboleth-sp2

CVE ID : CVE-2015-2684

 

A denial of service vulnerability was found in the Shibboleth (an

federated identity framework) Service Provider. When processing certain

malformed SAML message generated by an authenticated attacker, the

daemon could crash.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.4.3+dfsg-5+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 2.5.3+dfsg-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.5.3+dfsg-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3206-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 28, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dulwich

CVE ID : CVE-2014-9706 CVE-2015-0838

Debian Bug : 780958 780989

 

Multiple vulnerabilities have been discovered in Dulwich, a Python

implementation of the file formats and protocols used by the Git version

control system. The Common Vulnerabilities and Exposures project

identifies the following problems:

 

CVE-2014-9706

 

It was discovered that Dulwich allows writing to files under .git/

when checking out working trees. This could lead to the execution of

arbitrary code with the privileges of the user running an

application based on Dulwich.

 

CVE-2015-0838

 

Ivan Fratric of the Google Security Team has found a buffer

overflow in the C implementation of the apply_delta() function,

used when accessing Git objects in pack files. An attacker could

take advantage of this flaw to cause the execution of arbitrary

code with the privileges of the user running a Git server or client

based on Dulwich.

 

For the stable distribution (wheezy), these problems have been fixed in

version 0.8.5-2+deb7u2.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 0.9.7-3.

 

For the unstable distribution (sid), these problems have been fixed in

version 0.10.1-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3198-2 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

March 28, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : php5

Debian Bug : 781125

 

The previous update for php5, DSA-3198-1, introduced a regression

causing segmentation faults when using SoapClient::__setSoapHeader.

Updated packages are now available to address this regression. For

reference, the original advisory text follows.

 

Multiple vulnerabilities have been discovered in the PHP language:

 

CVE-2015-2301

 

Use-after-free in the phar extension.

 

CVE-2015-2331

 

Emmanuel Law discovered an integer overflow in the processing

of ZIP archives, resulting in denial of service or potentially

the execution of arbitrary code.

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.4.39-0+deb7u2.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3208-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 29, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : freexl

CVE ID : CVE-2015-2753 CVE-2015-2754 CVE-2015-2776

 

Jodie Cunningham discovered multiple vulnerabilities in freexl, a

library to read Microsoft Excel spreadsheets, which might result in

denial of service or the execution of arbitrary code if a malformed Excel

file is opened.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.0.0b-1+deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 1.0.0g-1+deb8u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.0.0g-1+deb8u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3209-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

March 30, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openldap

CVE ID : CVE-2013-4449 CVE-2014-9713 CVE-2015-1545

Debian Bug : 729367 761406 776988

 

Multiple vulnerabilities were found in OpenLDAP, a free implementation

of the Lightweight Directory Access Protocol.

 

CVE-2013-4449

 

Michael Vishchers from Seven Principles AG discovered a denial of

service vulnerability in slapd, the directory server implementation.

When the server is configured to used the RWM overlay, an attacker

can make it crash by unbinding just after connecting, because of an

issue with reference counting.

 

CVE-2014-9713

 

The default Debian configuration of the directory database allows

every users to edit their own attributes. When LDAP directories are

used for access control, and this is done using user attributes, an

authenticated user can leverage this to gain access to unauthorized

resources.

.

Please note this is a Debian specific vulnerability.

.

The new package won't use the unsafe access control rule for new

databases, but existing configurations won't be automatically

modified. Administrators are incited to look at the README.Debian

file provided by the updated package if they need to fix the access

control rule.

 

CVE-2015-1545

 

Ryan Tandy discovered a denial of service vulnerability in slapd.

When using the deref overlay, providing an empty attribute list in

a query makes the daemon crashes.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.4.31-2.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 2.4.40-4.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.4.40-4.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3210-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

March 31, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wireshark

CVE ID : CVE-2015-2188 CVE-2015-2189 CVE-2015-2191

 

Multiple vulnerabilities were discovered in the dissectors/parsers for

WCP, pcapng and TNEF, which could result in denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.8.2-5wheezy15.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 1.12.1+g01b65bf-4.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.12.1+g01b65bf-4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3211-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 01, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815

CVE-2015-0816

 

Multiple security issues have been found in Iceweasel, Debian's version

of the Mozilla Firefox web browser: Multiple memory safety errors,

use-after-frees and other implementation errors may lead to the

execution of arbitrary code, the bypass of security restrictions, denial

of service or cross-site request forgery.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.6.0esr-1~deb7u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.6.0esr-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3212-1 security@debian.org

http://www.debian.org/security/ Yves-Alexis Perez

April 02, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icedove

CVE ID : CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815

CVE-2015-0816

 

Multiple security issues have been found in Icedove, Debian's version of

the Mozilla Thunderbird mail client: Multiple memory safety errors,

use-after-frees and other implementation errors may lead to the

execution of arbitrary code, the bypass of security restrictions or

denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 31.6.0-1~deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 31.6.0-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 31.6.0-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3213-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 06, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : arj

CVE ID : CVE-2015-0556 CVE-2015-0557 CVE-2015-2782

Debian Bug : 774015 774434 774435

 

Multiple vulnerabilities have been discovered in arj, an open source

version of the arj archiver. The Common Vulnerabilities and Exposures

project identifies the following problems:

 

CVE-2015-0556

 

Jakub Wilk discovered that arj follows symlinks created during

unpacking of an arj archive. A remote attacker could use this flaw

to perform a directory traversal attack if a user or automated

system were tricked into processing a specially crafted arj archive.

 

CVE-2015-0557

 

Jakub Wilk discovered that arj does not sufficiently protect from

directory traversal while unpacking an arj archive containing file

paths with multiple leading slashes. A remote attacker could use

this flaw to write to arbitrary files if a user or automated system

were tricked into processing a specially crafted arj archive.

 

CVE-2015-2782

 

Jakub Wilk and Guillem Jover discovered a buffer overflow

vulnerability in arj. A remote attacker could use this flaw to cause

an application crash or, possibly, execute arbitrary code with the

privileges of the user running arj.

 

For the stable distribution (wheezy), these problems have been fixed in

version 3.10.22-10+deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 3.10.22-13.

 

For the unstable distribution (sid), these problems have been fixed in

version 3.10.22-13.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3214-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

April 06, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mailman

CVE ID : CVE-2015-2775

Debian Bug : 781626

 

A path traversal vulnerability was discovered in Mailman, the mailing

list manager. Installations using a transport script (such as

postfix-to-mailman.py) to interface with their MTA instead of static

aliases were vulnerable to a path traversal attack. To successfully

exploit this, an attacker needs write access on the local file system.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1:2.1.15-1+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:2.1.18-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3215-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

April 06, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libgd2

CVE ID : CVE-2014-2497 CVE-2014-9709

Debian Bug : 744719

 

Multiple vulnerabilities were discovered in libgd2, a graphics library:

 

CVE-2014-2497

 

The gdImageCreateFromXpm() function would try to dereference a NULL

pointer when reading an XPM file with a special color table. This

could allow remote attackers to cause a denial of service (crash) via

crafted XPM files.

 

CVE-2014-9709

 

Importing an invalid GIF file using the gdImageCreateFromGif() function

would cause a read buffer overflow that could allow remote attackers to

cause a denial of service (crash) via crafted GIF files.

 

For the stable distribution (wheezy), these problems have been fixed in

version 2.0.36~rc1~dfsg-6.1+deb7u1.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 2.1.0-5.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.1.0-5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3216-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 06, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : tor

CVE ID : CVE-2015-2928 CVE-2015-2929

 

Several vulnerabilities have been discovered in Tor, a connection-based

low-latency anonymous communication system:

 

CVE-2015-2928

 

"disgleirio" discovered that a malicious client could trigger an

assertion failure in a Tor instance providing a hidden service,

thus rendering the service inaccessible.

 

CVE-2015-2929

 

"DonnchaC" discovered that Tor clients would crash with an

assertion failure upon parsing specially crafted hidden service

descriptors.

 

Introduction points would accept multiple INTRODUCE1 cells on one

circuit, making it inexpensive for an attacker to overload a hidden

service with introductions. Introduction points now no longer allow

multiple cells of that type on the same circuit.

 

For the stable distribution (wheezy), these problems have been fixed in

version 0.2.4.27-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 0.2.5.12-1.

 

For the experimental distribution, these problems have been

fixed in version 0.2.6.7-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3057-2 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 07, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxml2

Debian Bug : 774358

 

The update for libxml2 issued as DSA-3057-1 caused regressions due to an

incomplete patch to address CVE-2014-3660. Updated packages are

available to address this problem. For reference the original advisory

text follows.

 

Sogeti found a denial of service flaw in libxml2, a library providing

support to read, modify and write XML and HTML files. A remote attacker

could provide a specially crafted XML file that, when processed by an

application using libxml2, would lead to excessive CPU consumption

(denial of service) based on excessive entity substitutions, even if

entity substitution was disabled, which is the parser default behavior.

(CVE-2014-3660)

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.8.0+dfsg1-7+wheezy4.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3217-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 09, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dpkg

CVE ID : CVE-2015-0840

 

Jann Horn discovered that the source package integrity verification in

dpkg-source can be bypassed via a specially crafted Debian source

control file (.dsc). Note that this flaw only affects extraction of

local Debian source packages via dpkg-source but not the installation of

packages from the Debian archive.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.16.16. This update also includes non-security changes

previously scheduled for the next wheezy point release. See the Debian

changelog for details.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.17.25.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3218-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 10, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wesnoth-1.10

CVE ID : CVE-2015-0844

 

Ignacio R. Morelle discovered that missing path restrictions in the

"Battle of Wesnoth" game could result in the disclosure of arbitrary

files in the user's home directory if malicious campaigns/maps are

loaded.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.10.3-3+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:1.10.7-2 and in version 1:1.12.1-1 of the wesnoth-1.12

source package.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3219-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

April 11, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libdbd-firebird-perl

CVE ID : CVE-2015-2788

Debian Bug : 780925

 

Stefan Roas discovered a way to cause a buffer overflow in DBD-FireBird,

a Perl DBI driver for the Firebird RDBMS, in certain error conditions, due

to the use of the sprintf() function to write to a fixed-size memory buffer.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.91-2+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 1.18-2.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.18-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3220-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 11, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libtasn1-3

CVE ID : CVE-2015-2806

 

Hanno Boeck discovered a stack-based buffer overflow in the

asn1_der_decoding function in Libtasn1, a library to manage ASN.1

structures. A remote attacker could take advantage of this flaw to cause

an application using the Libtasn1 library to crash, or potentially to

execute arbitrary code.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.13-2+deb7u2.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3221-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 12, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : das-watchdog

CVE ID : CVE-2015-2831

Debian Bug : 781806

 

Adam Sampson discovered a buffer overflow in the handling of the

XAUTHORITY environment variable in das-watchdog, a watchdog daemon to

ensure a realtime process won't hang the machine. A local user can

exploit this flaw to escalate his privileges and execute arbitrary

code as root.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.9.0-2+deb7u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.9.0-3.1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3222-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

April 12, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chrony

CVE ID : CVE-2015-1821 CVE-2015-1822 CVE-2015-1853

Debian Bug : 782160

 

Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony,

an alternative NTP client and server:

 

CVE-2015-1821

 

Using particular address/subnet pairs when configuring access control

would cause an invalid memory write. This could allow attackers to

cause a denial of service (crash) or execute arbitrary code.

 

CVE-2015-1822

 

When allocating memory to save unacknowledged replies to authenticated

command requests, a pointer would be left uninitialized, which could

trigger an invalid memory write. This could allow attackers to cause a

denial of service (crash) or execute arbitrary code.

 

CVE-2015-1853

 

When peering with other NTP hosts using authenticated symmetric

association, the internal state variables would be updated before the

MAC of the NTP messages was validated. This could allow a remote

attacker to cause a denial of service by impeding synchronization

between NTP peers.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.24-3.1+deb7u3.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.30-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3223-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

April 12, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ntp

CVE ID : CVE-2015-1798 CVE-2015-1799

Debian Bug : 782095

 

Multiple vulnerabilities were discovered in ntp, an implementation of the

Network Time Protocol:

 

CVE-2015-1798

 

When configured to use a symmetric key with an NTP peer, ntpd would

accept packets without MAC as if they had a valid MAC. This could

allow a remote attacker to bypass the packet authentication and send

malicious packets without having to know the symmetric key.

 

CVE-2015-1799

 

When peering with other NTP hosts using authenticated symmetric

association, ntpd would update its internal state variables before

the MAC of the NTP messages was validated. This could allow a remote

attacker to cause a denial of service by impeding synchronization

between NTP peers.

 

Additionally, it was discovered that generating MD5 keys using ntp-keygen

on big endian machines would either trigger an endless loop, or generate

non-random keys.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1:4.2.6.p5+dfsg-2+deb7u4.

 

For the unstable distribution (sid), these problems have been fixed in

version 1:4.2.6.p5+dfsg-7.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3224-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 12, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libx11

CVE ID : CVE-2013-7439

 

Abhishek Arya discovered a buffer overflow in the MakeBigReq macro

provided by libx11, which could result in denial of service or the

execution of arbitrary code.

 

Several other xorg packages (e.g. libxrender) will be recompiled against

the fixed package after the release of this update. For detailed

information on the status of recompiled packages please refer to the

Debian Security Tracker at

https://security-tracker.debian.org/tracker/CVE-2013-7439

 

For the stable distribution (wheezy), this problem has been fixed in

version 2:1.5.0-1+deb7u2.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 2:1.6.0-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2:1.6.0-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3225-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : gst-plugins-bad0.10

CVE ID : CVE-2015-0797

 

Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4

playback, which could lead in the execution of arbitrary code.

 

For the stable distribution (wheezy), this problem has been fixed in

version 0.10.23-7.1+deb7u2.

 

For the unstable distribution (sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3226-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

April 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : inspircd

Debian Bug : 780880

 

adam@anope.org discovered several problems in inspircd, an IRC daemon:

 

- an incomplete patch for CVE-2012-1836 failed to adequately resolve

the problem where maliciously crafted DNS requests could lead to

remote code execution through a heap-based buffer overflow.

 

- the incorrect processing of specific DNS packets could trigger an

infinite loop, thus resulting in a denial of service.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.0.5-1+deb7u1.

 

For the upcoming stable distribution (jessie) and unstable

distribution (sid), this problem has been fixed in version 2.0.16-1.

 

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3227-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 15, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : movabletype-opensource

CVE ID : CVE-2015-0845

 

John Lightsey discovered a format string injection vulnerability in the

localisation of templates in Movable Type, a blogging system. An

unauthenticated remote attacker could take advantage of this flaw to

execute arbitrary code as the web server user.

 

For the stable distribution (wheezy), this problem has been fixed in

version 5.1.4+dfsg-4+deb7u3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3228-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

April 16, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ppp

CVE ID : CVE-2015-3310

Debian Bug : 782450

 

Emanuele Rocca discovered that ppp, a daemon implementing the

Point-to-Point Protocol, was subject to a buffer overflow when

communicating with a RADIUS server. This would allow unauthenticated

users to cause a denial-of-service by crashing the daemon.

 

For the stable distribution (wheezy), this problem has been fixed in

version 2.4.5-5.1+deb7u2.

 

For the upcoming stable distribution (jessie) and unstable

distribution (sid), this problem has been fixed in version 2.4.6-3.1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3229-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 19, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : mysql-5.5

CVE ID : CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501

CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573

Debian Bug : 782645

 

Several issues have been discovered in the MySQL database server. The

vulnerabilities are addressed by upgrading MySQL to the new upstream

version 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's

Critical Patch Update advisory for further details:

 

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

 

For the stable distribution (wheezy), these problems have been fixed in

version 5.5.43-0+deb7u1.

 

For the upcoming stable distribution (jessie), these problems will be

fixed in version 5.5.43-0+deb8u1. Updated packages are already available

through jessie-security.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3230-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

April 20, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : django-markupfield

CVE ID : CVE-2015-0846

 

James P. Turk discovered that the ReST renderer in django-markupfield,

a custom Django field for easy use of markup in text fields, didn't

disable the ..raw directive, allowing remote attackers to include

arbitrary files.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.0.2-2+deb7u1.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 1.2.1-2+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 1.3.2-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3231-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 21, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : subversion

CVE ID : CVE-2015-0248 CVE-2015-0251

 

Several vulnerabilities were discovered in Subversion, a version control

system. The Common Vulnerabilities and Exposures project identifies the

following problems:

 

CVE-2015-0248

 

Subversion mod_dav_svn and svnserve were vulnerable to a remotely

triggerable assertion DoS vulnerability for certain requests with

dynamically evaluated revision numbers.

 

CVE-2015-0251

 

Subversion HTTP servers allow spoofing svn:author property values

for new revisions via specially crafted v1 HTTP protocol request

sequences.

 

For the stable distribution (wheezy), these problems have been fixed in

version 1.6.17dfsg-4+deb7u9.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 1.8.10-6.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.8.10-6.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3232-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

April 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : curl

CVE ID : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148

 

Several vulnerabilities were discovered in cURL, an URL transfer library:

 

CVE-2015-3143

 

NTLM-authenticated connections could be wrongly reused for requests

without any credentials set, leading to HTTP requests being sent

over the connection authenticated as a different user. This is

similar to the issue fixed in DSA-2849-1.

 

CVE-2015-3144

 

When parsing URLs with a zero-length hostname (such as "http://:80"),

libcurl would try to read from an invalid memory address. This could

allow remote attackers to cause a denial of service (crash). This

issue only affects the upcoming stable (jessie) and unstable (sid)

distributions.

 

CVE-2015-3145

 

When parsing HTTP cookies, if the parsed cookie's "path" element

consists of a single double-quote, libcurl would try to write to an

invalid heap memory address. This could allow remote attackers to

cause a denial of service (crash). This issue only affects the

upcoming stable (jessie) and unstable (sid) distributions.

 

CVE-2015-3148

 

When doing HTTP requests using the Negotiate authentication method

along with NTLM, the connection used would not be marked as

authenticated, making it possible to reuse it and send requests for

one user over the connection authenticated as a different user.

 

For the stable distribution (wheezy), these problems have been fixed in

version 7.26.0-1+wheezy13.

 

For the upcoming stable distribution (jessie), these problems have been

fixed in version 7.38.0-4+deb8u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 7.42.0-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3233-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

April 24, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wpa

CVE ID : CVE-2015-1863

Debian Bug : 783148

 

The Google security team and the smart hardware research group of

Alibaba security team discovered a flaw in how wpa_supplicant used SSID

information when creating or updating P2P peer entries. A remote

attacker can use this flaw to cause wpa_supplicant to crash, expose

memory contents, and potentially execute arbitrary code.

 

For the stable distribution (wheezy), this problem has been fixed in

version 1.0-3+deb7u2. Note that this issue does not affect the binary

packages distributed in Debian as the CONFIG_P2P is not enabled for

the build.

 

For the upcoming stable distribution (jessie), this problem has been

fixed in version 2.3-1+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.3-2.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3234-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 24, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-6

CVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477

CVE-2015-0478 CVE-2015-0480 CVE-2015-0488

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in the execution

of arbitrary code, breakouts of the Java sandbox, information disclosure

or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 6b35-1.13.7-1~deb7u1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3235-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 24, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : openjdk-7

CVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477

CVE-2015-0478 CVE-2015-0480 CVE-2015-0488

 

Several vulnerabilities have been discovered in OpenJDK, an

implementation of the Oracle Java platform, resulting in the execution

of arbitrary code, breakouts of the Java sandbox, information disclosure

or denial of service.

 

For the stable distribution (wheezy), these problems have been fixed in

version 7u79-2.5.5-1~deb7u1.

 

For the upcoming stable distribution (jessie), these problems will be

fixed soon in version 7u79-2.5.5-1~deb8u1 (the update will be available

shortly after the final jessie release).

 

For the unstable distribution (sid), these problems have been fixed in

version 7u79-2.5.5-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3236-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 25, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libreoffice

CVE ID : CVE-2015-1774

 

It was discovered that missing input sanitising in Libreoffice's filter

for HWP documents may result in the execution of arbitrary code if a

malformed document is opened.

 

For the oldstable distribution (wheezy), this problem has been fixed in

version 1:3.5.4+dfsg2-0+deb7u4.

 

For the stable distribution (jessie), this problem has been fixed in

version 1:4.3.3-2+deb8u1.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3237-1 security@debian.org

http://www.debian.org/security/ Ben Hutchings

April 26, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : linux

CVE ID : CVE-2014-8159 CVE-2014-9715 CVE-2015-2041 CVE-2015-2042

CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331

CVE-2015-3332 CVE-2015-3339

Debian Bug : 741667 782515 782561 782698

 

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service or information

leaks.

 

CVE-2014-8159

 

It was found that the Linux kernel's InfiniBand/RDMA subsystem did

not properly sanitize input parameters while registering memory

regions from user space via the (u)verbs API. A local user with

access to a /dev/infiniband/uverbsX device could use this flaw to

crash the system or, potentially, escalate their privileges on the

system.

 

CVE-2014-9715

 

It was found that the netfilter connection tracking subsystem used

too small a type as an offset within each connection's data

structure, following a bug fix in Linux 3.2.33 and 3.6. In some

configurations, this would lead to memory corruption and crashes

(even without malicious traffic). This could potentially also

result in violation of the netfilter policy or remote code

execution.

 

This can be mitigated by disabling connection tracking accounting:

sysctl net.netfilter.nf_conntrack_acct=0

 

CVE-2015-2041

 

Sasha Levin discovered that the LLC subsystem exposed some variables

as sysctls with the wrong type. On a 64-bit kernel, this possibly

allows privilege escalation from a process with CAP_NET_ADMIN

capability; it also results in a trivial information leak.

 

CVE-2015-2042

 

Sasha Levin discovered that the RDS subsystem exposed some variables

as sysctls with the wrong type. On a 64-bit kernel, this results in

a trivial information leak.

 

CVE-2015-2150

 

Jan Beulich discovered that Xen guests are currently permitted to

modify all of the (writable) bits in the PCI command register of

devices passed through to them. This in particular allows them to

disable memory and I/O decoding on the device unless the device is

an SR-IOV virtual function, which can result in denial of service

to the host.

 

CVE-2015-2830

 

Andrew Lutomirski discovered that when a 64-bit task on an amd64

kernel makes a fork(2) or clone(2) system call using int $0x80, the

32-bit compatibility flag is set (correctly) but is not cleared on

return. As a result, both seccomp and audit will misinterpret the

following system call by the task(s), possibly leading to a

violation of security policy.

 

CVE-2015-2922

 

Modio AB discovered that the IPv6 subsystem would process a router

advertisement that specifies no route but only a hop limit, which

would then be applied to the interface that received it. This can

result in loss of IPv6 connectivity beyond the local network.

 

This may be mitigated by disabling processing of IPv6 router

advertisements if they are not needed:

sysctl net.ipv6.conf.default.accept_ra=0

sysctl net.ipv6.conf.<interface>.accept_ra=0

 

CVE-2015-3331

 

Stephan Mueller discovered that the optimised implementation of

RFC4106 GCM for x86 processors that support AESNI miscalculated

buffer addresses in some cases. If an IPsec tunnel is configured to

use this mode (also known as AES-GCM-ESP) this can lead to memory

corruption and crashes (even without malicious traffic). This could

potentially also result in remote code execution.

 

CVE-2015-3332

 

Ben Hutchings discovered that the TCP Fast Open feature regressed

in Linux 3.16.7-ckt9, resulting in a kernel BUG when it is used.

This can be used as a local denial of service.

 

CVE-2015-3339

 

It was found that the execve(2) system call can race with inode

attribute changes made by chown(2). Although chown(2) clears the

setuid/setgid bits of a file if it changes the respective owner ID,

this race condition could result in execve(2) setting effective

uid/gid to the new owner ID, a privilege escalation.

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 3.2.68-1+deb7u1. The linux package in wheezy is not affected

by CVE-2015-3332.

 

For the stable distribution (jessie), these problems have been fixed in

version 3.16.7-ckt9-3~deb8u1 or earlier versions. Additionally, this

version fixes a regression in the xen-netfront driver (#782698).

 

For the unstable distribution (sid), these problems have been fixed in

version 3.16.7-ckt9-3 or earlier versions. Additionally, this version

fixes a regression in the xen-netfront driver (#782698).

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3238-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

April 26, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium-browser

CVE ID : CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238

CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244

CVE-2015-1245 CVE-2015-1246 CVE-2015-1247 CVE-2015-1248

CVE-2015-1249 CVE-2015-3333 CVE-2015-3334 CVE-2015-3336

 

Several vulnerabilities were discovered in the chromium web browser.

 

CVE-2015-1235

 

A Same Origin Policy bypass issue was discovered in the HTML parser.

 

CVE-2015-1236

 

Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API.

 

CVE-2015-1237

 

Khalil Zhani discovered a use-after-free issue in IPC.

 

CVE-2015-1238

 

cloudfuzzer discovered an out-of-bounds write in the skia library.

 

CVE-2015-1240

 

w3bd3vil discovered an out-of-bounds read in the WebGL implementation.

 

CVE-2015-1241

 

Phillip Moon and Matt Weston discovered a way to trigger local user

interface actions remotely via a crafted website.

 

CVE-2015-1242

 

A type confusion issue was discovered in the v8 javascript library.

 

CVE-2015-1244

 

Mike Ruddy discovered a way to bypass the HTTP Strict Transport Security

policy.

 

CVE-2015-1245

 

Khalil Zhani discovered a use-after-free issue in the pdfium library.

 

CVE-2015-1246

 

Atte Kettunen discovered an out-of-bounds read issue in webkit/blink.

 

CVE-2015-1247

 

Jann Horn discovered that "file:" URLs in OpenSearch documents were not

sanitized, which could allow local files to be read remotely when using

the OpenSearch feature from a crafted website.

 

CVE-2015-1248

 

Vittorio Gambaletta discovered a way to bypass the SafeBrowsing feature,

which could allow the remote execution of a downloaded executable file.

 

CVE-2015-1249

 

The chrome 41 development team found various issues from internal

fuzzing, audits, and other studies.

 

CVE-2015-3333

 

Multiple issues were discovered and fixed in v8 4.2.7.14.

 

CVE-2015-3334

 

It was discovered that remote websites could capture video data from

attached web cameras without permission.

 

CVE-2015-3336

 

It was discovered that remote websites could cause user interface

disruptions like window fullscreening and mouse pointer locking.

 

For the stable distribution (jessie), these problems have been fixed in

version 42.0.2311.90-1~deb8u1.

 

For the testing (stretch) and unstable (sid) distributions, these problems

have been fixed in version 42.0.2311.90-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3239-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

April 29, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : icecast2

CVE ID : CVE-2015-3026

Debian Bug : 782120

 

Juliane Holzt discovered that Icecast2, a streaming media server, could

dereference a NULL pointer when URL authentication is configured and the

stream_auth URL is trigged by a client without setting any credentials.

This could allow remote attackers to cause a denial of service (crash).

 

For the stable distribution (jessie), this problem has been fixed in

version 2.4.0-1.1+deb8u1.

 

For the testing distribution (stretch), this problem will be fixed in

version 2.4.2-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.4.2-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3240-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

April 29, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : curl

CVE ID : CVE-2015-3153

Debian Bug :

 

It was discovered that cURL, an URL transfer library, if configured to

use a proxy server with the HTTPS protocol, by default could send to the

proxy the same HTTP headers it sends to the destination server, possibly

leaking sensitive information.

 

For the stable distribution (jessie), this problem has been fixed in

version 7.38.0-4+deb8u2.

 

For the testing distribution (stretch), this problem will be fixed in

version 7.42.1-1.

 

For the unstable distribution (sid), this problem has been fixed in

version 7.42.1-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3241-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

April 29, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : elasticsearch

CVE ID : CVE-2015-3337

 

John Heasman discovered that the site plugin handling of the

Elasticsearch search engine was susceptible to directory traversal.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.0.3+dfsg-5+deb8u1.

 

For the unstable distribution (sid), this problem will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3242-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

April 30, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium-browser

CVE ID : CVE-2015-1243 CVE-2015-1250

 

Several vulnerabilities were discovered in the chromium web browser.

 

CVE-2015-1243

 

Saif El-Sherei discovered a use-after-free issue.

 

CVE-2015-1250

 

The chrome 42 team found and fixed multiple issues during internal

auditing.

 

For the stable distribution (jessie), these problems have been fixed in

version 42.0.2311.135-1~deb8u1.

 

For the testing distribution (stretch), this problem will be fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 42.0.2311.135-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3243-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

May 01, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libxml-libxml-perl

CVE ID : CVE-2015-3451

Debian Bug : 783443

 

Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface

to the libxml2 library, did not respect the expand_entities parameter to

disable processing of external entities in some circumstances. This may

allow attackers to gain read access to otherwise protected ressources,

depending on how the library is used.

 

For the oldstable distribution (wheezy), this problem has been fixed

in version 2.0001+dfsg-1+deb7u1.

 

For the stable distribution (jessie), this problem has been fixed in

version 2.0116+dfsg-1+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.0116+dfsg-2.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3244-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

May 02, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : owncloud

CVE ID : CVE-2015-3011 CVE-2015-3012 CVE-2015-3013

 

Multiple vulnerabilities were discovered in ownCloud, a cloud storage

web service for files, music, contacts, calendars and many more.

 

CVE-2015-3011

 

Hugh Davenport discovered that the "contacts" application shipped

with ownCloud is vulnerable to multiple stored cross-site

scripting attacks. This vulnerability is effectively exploitable

in any browser.

 

CVE-2015-3012

 

Roy Jansen discovered that the "documents" application shipped with

ownCloud is vulnerable to multiple stored cross-site scripting

attacks. This vulnerability is not exploitable in browsers that

support the current CSP standard.

 

CVE-2015-3013

 

Lukas Reschke discovered a blacklist bypass vulnerability, allowing

authenticated remote attackers to bypass the file blacklist and

upload files such as the .htaccess files. An attacker could leverage

this bypass by uploading a .htaccess and execute arbitrary PHP code

if the /data/ directory is stored inside the web root and a web

server that interprets .htaccess files is used. On default Debian

installations the data directory is outside of the web root and thus

this vulnerability is not exploitable by default.

 

For the stable distribution (jessie), these problems have been fixed in

version 7.0.4+dfsg-4~deb8u1.

 

For the testing distribution (stretch), these problems have been fixed

in version 7.0.4+dfsg-3.

 

For the unstable distribution (sid), these problems have been fixed in

version 7.0.4+dfsg-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3245-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

May 02, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby1.8

CVE ID : CVE-2015-1855

 

It was discovered that the Ruby OpenSSL extension, part of the interpreter

for the Ruby language, did not properly implement hostname matching, in

violation of RFC 6125. This could allow remote attackers to perform a

man-in-the-middle attack via crafted SSL certificates.

 

For the oldstable distribution (wheezy), this problem has been fixed

in version 1.8.7.358-7.1+deb7u3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3246-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

May 02, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby1.9.1

CVE ID : CVE-2015-1855

 

It was discovered that the Ruby OpenSSL extension, part of the interpreter

for the Ruby language, did not properly implement hostname matching, in

violation of RFC 6125. This could allow remote attackers to perform a

man-in-the-middle attack via crafted SSL certificates.

 

For the oldstable distribution (wheezy), this problem has been fixed

in version 1.9.3.194-8.1+deb7u5.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3247-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

May 02, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ruby2.1

CVE ID : CVE-2015-1855

 

It was discovered that the Ruby OpenSSL extension, part of the interpreter

for the Ruby language, did not properly implement hostname matching, in

violation of RFC 6125. This could allow remote attackers to perform a

man-in-the-middle attack via crafted SSL certificates.

 

For the stable distribution (jessie), this problem has been fixed in

version 2.1.5-2+deb8u1.

 

For the testing distribution (stretch), this problem has been fixed in

version 2.1.5-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.1.5-3.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3248-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

May 02, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : libphp-snoopy

CVE ID : CVE-2014-5008

 

It was discovered that missing input saniting in Snoopy, a PHP class that

simulates a web browser may result in the execution of arbitrary

commands.

 

For the oldstable distribution (wheezy), this problem has been fixed

in version 2.0.0-1~deb7u1.

 

For the stable distribution (jessie), this problem was fixed before

the initial release.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.0.0-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3249-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

May 03, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : jqueryui

CVE ID : CVE-2010-5312

 

Shadowman131 discovered that jqueryui, a Javascript UI library for

dynamic web applications, failed to properly sanitize its "title"

option. This would allow a remote attacker to inject arbitrary code

through cross-site scripting.

 

For the oldstable distribution (wheezy), this problem has been fixed

in version 1.8.ooops.21+dfsg-2+deb7u1.

 

For the stable distribution (jessie), testing distribution (stretch)

and unstable distribution (sid), this problem has been fixed in

version 1.10.1+dfsg-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3250-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

May 04, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : wordpress

CVE ID : CVE-2015-3438 CVE-2015-3439 CVE-2015-3440

Debian Bug : 783347 783554

 

Multiple security issues have been discovered in Wordpress, a weblog

manager, that could allow remote attackers to upload files with invalid

or unsafe names, mount social engineering attacks or compromise a site

via cross-site scripting, and inject SQL commands.

 

More information can be found in the upstream advisories at

https://wordpress.org/news/2015/04/wordpress-4-1-2/ and

https://wordpress.org/news/2015/04/wordpress-4-2-1/

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 3.6.1+dfsg-1~deb7u6.

 

For the stable distribution (jessie), these problems have been fixed in

version 4.1+dfsg-1+deb8u1.

 

For the testing distribution (stretch), these problems have been fixed in

version 4.2.1+dfsg-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 4.2.1+dfsg-1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3251-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

May 05, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dnsmasq

CVE ID : CVE-2015-3294

Debian Bug : 783459

 

Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and

DHCP/TFTP server, did not properly check the return value of the

setup_reply() function called during a TCP connection, which is used

then as a size argument in a function which writes data on the client's

connection. A remote attacker could exploit this issue via a specially

crafted DNS request to cause dnsmasq to crash, or potentially to obtain

sensitive information from process memory.

 

For the oldstable distribution (wheezy), this problem has been fixed

in version 2.62-3+deb7u2.

 

For the stable distribution (jessie), this problem has been fixed in

version 2.72-3+deb8u1.

 

For the testing distribution (stretch) and the unstable distribution

(sid), this problem will be fixed soon.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3252-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

May 06, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : sqlite3

CVE ID : CVE-2015-3414 CVE-2015-3415 CVE-2015-3416

 

Michal Zalewski discovered multiple vulnerabilities in SQLite, which

may result in denial of service or the execution of arbitrary code.

 

For the stable distribution (jessie), these problems have been fixed in

version 3.8.7.1-1+deb8u1.

 

For the testing distribution (stretch), these problems have been fixed in

version 3.8.9-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 3.8.9-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3253-1 security@debian.org

http://www.debian.org/security/ Thijs Kinkhorst

May 07, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : pound

CVE ID : CVE-2009-3555 CVE-2012-4929 CVE-2014-3566

Debian Bug : 723731 727197 765539 765649

 

Pound, a HTTP reverse proxy and load balancer, had several issues

related to vulnerabilities in the Secure Sockets Layer (SSL) protocol.

 

For Debian 7 (wheezy) this update adds a missing part to make it

actually possible to disable client-initiated renegotiation and

disables it by default (CVE-2009-3555). TLS compression is disabled

(CVE-2012-4929), although this is normally already disabled by the OpenSSL

system library. Finally it adds the ability to disable the SSLv3 protocol

(CVE-2014-3566) entirely via the new "DisableSSLv3" configuration

directive, although it will not disabled by default in this update.

Additionally a non-security sensitive issue in redirect encoding is

addressed.

 

For Debian 8 (jessie) these issues have been fixed prior to the release,

with the exception of client-initiated renegotiation (CVE-2009-3555).

This update addresses that issue for jessie.

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 2.6-2+deb7u1.

 

For the stable distribution (jessie), these problems have been fixed in

version 2.6-6+deb8u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 2.6-6.1.

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3251-2 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

May 07, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : dnsmasq

Debian Bug : 784571

 

The update for dnsmasq issued as DSA-3251-1 introduced a regression for

the armel and armhf builds causing dnsmasq failing to start under

certain configurations. Updated packages are now available to address

this regression. Additionally dnsmasq was patched to handle the case

were the libc headers defined SO_REUSEPORT, but is not supported by the

running kernel. For reference, the original advisory text follows.

 

Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and

DHCP/TFTP server, did not properly check the return value of the

setup_reply() function called during a TCP connection, which is used

then as a size argument in a function which writes data on the client's

connection. A remote attacker could exploit this issue via a specially

crafted DNS request to cause dnsmasq to crash, or potentially to obtain

sensitive information from process memory.

 

For the oldstable distribution (wheezy), this problem has been fixed

in version 2.62-3+deb7u3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3254-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

May 09, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : suricata

CVE ID : CVE-2015-0971

 

Kostya Kortchinsky of the Google Security Team discovered a flaw in the

DER parser used to decode SSL/TLS certificates in suricata. A remote

attacker can take advantage of this flaw to cause suricata to crash.

 

For the stable distribution (jessie), this problem has been fixed in

version 2.0.7-2+deb8u1.

 

For the unstable distribution (sid), this problem has been fixed in

version 2.0.8-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3255-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

May 10, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : zeromq3

CVE ID : none assigned yet

Debian Bug : 784366

 

It was discovered that libzmq, a lightweight messaging kernel, is

susceptible to a protocol downgrade attack on sockets using the ZMTP v3

protocol. This could allow remote attackers to bypass ZMTP v3 security

mechanisms by sending ZMTP v2 or earlier headers.

 

For the stable distribution (jessie), this problem has been fixed in

version 4.0.5+dfsg-2+deb8u1.

 

For the testing distribution (stretch), this problem has been fixed in

version 4.0.5+dfsg-3.

 

For the unstable distribution (sid), this problem has been fixed in

version 4.0.5+dfsg-3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3258-1 security@debian.org

http://www.debian.org/security/ Alessandro Ghedini

May 12, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : quassel

CVE ID : CVE-2015-3427

Debian Bug : 783926

 

It was discovered that the fix for CVE-2013-4422 in quassel, a

distributed IRC client, was incomplete. This could allow remote

attackers to inject SQL queries after a database reconnection (e.g.

when the backend PostgreSQL server is restarted).

 

For the stable distribution (jessie), this problem has been fixed in

version 1:0.10.0-2.3+deb8u1.

 

For the testing distribution (stretch), this problem has been fixed in

version 1:0.10.0-2.4.

 

For the unstable distribution (sid), this problem has been fixed in

version 1:0.10.0-2.4.

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3259-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

May 13, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu

CVE ID : CVE-2014-9718 CVE-2015-1779 CVE-2015-2756 CVE-2015-3456

 

Several vulnerabilities were discovered in the qemu virtualisation

solution:

 

CVE-2014-9718

 

It was discovered that the IDE controller emulation is susceptible

to denial of service.

 

CVE-2015-1779

 

Daniel P. Berrange discovered a denial of service vulnerability in

the VNC web socket decoder.

 

CVE-2015-2756

 

Jan Beulich discovered that unmediated PCI command register could

result in denial of service.

 

CVE-2015-3456

 

Jason Geffner discovered a buffer overflow in the emulated floppy

disk drive, resulting in the potential execution of arbitrary code.

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 1.1.2+dfsg-6a+deb7u7 of the qemu source package and in version

1.1.2+dfsg-6+deb7u7 of the qemu-kvm source package. Only CVE-2015-3456

affects oldstable.

 

For the stable distribution (jessie), these problems have been fixed in

version 1:2.1+dfsg-12.

 

For the unstable distribution (sid), these problems will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3260-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

May 13, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : iceweasel

CVE ID : CVE-2011-3079 CVE-2015-0797 CVE-2015-2708 CVE-2015-2710

CVE-2015-2713 CVE-2015-2716

 

Multiple security issues have been found in Iceweasel, Debian's version

of the Mozilla Firefox web browser: Multiple memory safety errors,

buffer overflows and use-after-frees may lead to the execution of

arbitrary code, privilege escalation or denial of service.

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 31.7.0esr-1~deb7u1.

 

For the stable distribution (jessie), these problems have been fixed in

version 31.7.0esr-1~deb8u1.

 

For the unstable distribution (sid), these problems have been fixed in

version 38.0-1.

Link to post
Share on other sites
sunrat

-

 

Debian Security Advisory DSA-3264-1 security@debian.org

http://www.debian.org/security/ Moritz Muehlenhoff

May 19, 2015 http://www.debian.org/security/faq

-

 

 

Package : icedove

CVE ID : CVE-2015-0797 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713

CVE-2015-2716

 

Multiple security issues have been found in Icedove, Debian's version of

the Mozilla Thunderbird mail client: Multiple memory safety errors,

buffer overflows and use-after-frees may lead to the execution of

arbitrary code, privilege escalation or denial of service.

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 31.7.0-1~deb7u1.

 

For the stable distribution (jessie), these problems have been fixed in

version 31.7.0-1~deb8u1.

 

For the unstable distribution (sid), these problems will be fixed soon.

 

 

 

Debian Security Advisory DSA-3263-1 security@debian.org

http://www.debian.org/security/ Sebastien Delafond

May 19, 2015 http://www.debian.org/security/faq

-

 

 

Package : proftpd-dfsg

CVE ID : CVE-2015-3306

Debian Bug : 782781

 

Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the

mod_copy module allowed unauthenticated users to copy files around on

the server, and possibly to execute arbitrary code.

 

For the oldstable distribution (wheezy), this problem has been fixed

in version 1.3.4a-5+deb7u3.

 

For the stable distribution (jessie), this problem has been fixed in

version 1.3.5-1.1+deb8u1.

 

For the testing distribution (stretch) and unstable distribution

(sid), this problem has been fixed in version 1.3.5-2.

 

Debian Security Advisory DSA-3265-1 security@debian.org

http://www.debian.org/security/ David Pr��vot

May 20, 2015 http://www.debian.org/security/faq

-

 

 

Package : zendframework

CVE ID : CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 CVE-2014-2684

CVE-2014-2685 CVE-2014-4914 CVE-2014-8088 CVE-2014-8089

CVE-2015-3154

Debian Bug : 743175 754201

 

Multiple vulnerabilities were discovered in Zend Framework, a PHP

framework. Except for CVE-2015-3154, all these issues were already fixed

in the version initially shipped with Jessie.

 

CVE-2014-2681

 

Lukas Reschke reported a lack of protection against XML External

Entity injection attacks in some functions. This fix extends the

incomplete one from CVE-2012-5657.

 

CVE-2014-2682

 

Lukas Reschke reported a failure to consider that the

libxml_disable_entity_loader setting is shared among threads in the

PHP-FPM case. This fix extends the incomplete one from

CVE-2012-5657.

 

CVE-2014-2683

 

Lukas Reschke reported a lack of protection against XML Entity

Expansion attacks in some functions. This fix extends the incomplete

one from CVE-2012-6532.

 

CVE-2014-2684

 

Christian Mainka and Vladislav Mladenov from the Ruhr-University

Bochum reported an error in the consumer's verify method that lead

to acceptance of wrongly sourced tokens.

 

CVE-2014-2685

 

Christian Mainka and Vladislav Mladenov from the Ruhr-University

Bochum reported a specification violation in which signing of a

single parameter is incorrectly considered sufficient.

 

CVE-2014-4914

 

Cassiano Dal Pizzol discovered that the implementation of the ORDER

BY SQL statement in Zend_Db_Select contains a potential SQL

injection when the query string passed contains parentheses.

 

CVE-2014-8088

 

Yury Dyachenko at Positive Research Center identified potential XML

eXternal Entity injection vectors due to insecure usage of PHP's DOM

extension.

 

CVE-2014-8089

 

Jonas Sandstr��m discovered an SQL injection vector when manually

quoting value for sqlsrv extension, using null byte.

 

CVE-2015-3154

 

Filippo Tessarotto and Maks3w reported potential CRLF injection

attacks in mail and HTTP headers.

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 1.11.13-1.1+deb7u1.

 

For the stable distribution (jessie), these problems have been fixed in

version 1.12.9+dfsg-2+deb8u1.

 

For the testing distribution (stretch), these problems will be fixed

in version 1.12.12+dfsg-1.

 

For the unstable distribution (sid), these problems have been fixed in

version 1.12.12+dfsg-1.

Link to post
Share on other sites
sunrat

-

 

Debian Security Advisory DSA-3261-2 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

May 20, 2015 http://www.debian.org/security/faq

-

 

 

Package : libmodule-signature-perl

Debian Bug : 785701

 

The update for libmodule-signature-perl issued as DSA-3261-1 introduced

a regression in the handling of the --skip option of cpansign. Updated

packages are now available to address this regression. For reference,

the original advisory text follows.

 

Multiple vulnerabilities were discovered in libmodule-signature-perl, a

Perl module to manipulate CPAN SIGNATURE files. The Common

Vulnerabilities and Exposures project identifies the following problems:

 

CVE-2015-3406

 

John Lightsey discovered that Module::Signature could parses the

unsigned portion of the SIGNATURE file as the signed portion due to

incorrect handling of PGP signature boundaries.

 

CVE-2015-3407

 

John Lightsey discovered that Module::Signature incorrectly handles

files that are not listed in the SIGNATURE file. This includes some

files in the t/ directory that would execute when tests are run.

 

CVE-2015-3408

 

John Lightsey discovered that Module::Signature uses two argument

open() calls to read the files when generating checksums from the

signed manifest. This allows to embed arbitrary shell commands into

the SIGNATURE file that would execute during the signature

verification process.

 

CVE-2015-3409

 

John Lightsey discovered that Module::Signature incorrectly handles

module loading, allowing to load modules from relative paths in

@INC. A remote attacker providing a malicious module could use this

issue to execute arbitrary code during signature verification.

 

For the oldstable distribution (wheezy), this problem has been fixed in

version 0.68-1+deb7u3.

 

For the stable distribution (jessie), this problem has been fixed in

version 0.73-1+deb8u2.

 

For the unstable distribution (sid), this problem has been fixed in

version 0.79-1.

Link to post
Share on other sites
securitybreach

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3266-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

May 21, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : fuse

CVE ID : CVE-2015-3202

 

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not

scrub the environment before executing mount or umount with elevated

privileges. A local user can take advantage of this flaw to overwrite

arbitrary files and gain elevated privileges by accessing debugging

features via the environment that would not normally be safe for

unprivileged users.

 

For the oldstable distribution (wheezy), this problem has been fixed

in version 2.9.0-2+deb7u2.

 

For the stable distribution (jessie), this problem has been fixed in

version 2.9.3-15+deb8u1.

 

For the testing distribution (stretch) and the unstable distribution

(sid), this problem will be fixed soon.

Link to post
Share on other sites
securitybreach

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3267-1 security@debian.org

http://www.debian.org/security/ Michael Gilbert

May 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : chromium-browser

CVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254

CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258

CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262

CVE-2015-1263 CVE-2015-1264 CVE-2015-1265

 

Several vulnerabilities were discovered in the chromium web browser.

 

CVE-2015-1251

 

SkyLined discovered a use-after-free issue in speech recognition.

 

CVE-2015-1252

 

An out-of-bounds write issue was discovered that could be used to

escape from the sandbox.

 

CVE-2015-1253

 

A cross-origin bypass issue was discovered in the DOM parser.

 

CVE-2015-1254

 

A cross-origin bypass issue was discovered in the DOM editing feature.

 

CVE-2015-1255

 

Khalil Zhani discovered a use-after-free issue in WebAudio.

 

CVE-2015-1256

 

Atte Kettunen discovered a use-after-free issue in the SVG

implementation.

 

CVE-2015-1257

 

miaubiz discovered an overflow issue in the SVG implementation.

 

CVE-2015-1258

 

cloudfuzzer discovered an invalid size parameter used in the

libvpx library.

 

CVE-2015-1259

 

Atte Kettunen discovered an uninitialized memory issue in the

pdfium library.

 

CVE-2015-1260

 

Khalil Zhani discovered multiple use-after-free issues in chromium's

interface to the WebRTC library.

 

CVE-2015-1261

 

Juho Nurminen discovered a URL bar spoofing issue.

 

CVE-2015-1262

 

miaubiz discovered the use of an uninitialized class member in

font handling.

 

CVE-2015-1263

 

Mike Ruddy discovered that downloading the spellcheck dictionary

was not done over HTTPS.

 

CVE-2015-1264

 

K0r3Ph1L discovered a cross-site scripting issue that could be

triggered by bookmarking a site.

 

CVE-2015-1265

 

The chrome 43 development team found and fixed various issues

during internal auditing. Also multiple issues were fixed in

the libv8 library, version 4.3.61.21.

 

For the stable distribution (jessie), these problems have been fixed in

version 43.0.2357.65-1~deb8u1.

 

For the testing distribution (stretch), these problems will be fixed soon.

 

For the unstable distribution (sid), these problems have been fixed in

version 43.0.2357.65-1.

Link to post
Share on other sites
securitybreach

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3268-1 security@debian.org

http://www.debian.org/security/ Salvatore Bonaccorso

May 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : ntfs-3g

CVE ID : CVE-2015-3202

Debian Bug : 786475

 

Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for

FUSE, does not scrub the environment before executing mount or umount

with elevated privileges. A local user can take advantage of this flaw

to overwrite arbitrary files and gain elevated privileges by accessing

debugging features via the environment that would not normally be safe

for unprivileged users.

 

For the oldstable distribution (wheezy), this problem has been fixed in

version 1:2012.1.15AR.5-2.1+deb7u1. Note that this issue does not affect

the binary packages distributed in Debian in wheezy as ntfs-3g does not

use the embedded fuse-lite library.

 

For the stable distribution (jessie), this problem has been fixed in

version 1:2014.2.15AR.2-1+deb8u1.

 

For the testing distribution (stretch) and the unstable distribution

(sid), this problem will be fixed soon.

Link to post
Share on other sites
securitybreach

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3269-1 security@debian.org

http://www.debian.org/security/ Christoph Berg

May 22, 2015 http://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : postgresql-9.1

CVE ID : CVE-2015-3165 CVE-2015-3166 CVE-2015-3167

 

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL

database system.

 

CVE-2015-3165 (Remote crash)

 

SSL clients disconnecting just before the authentication timeout

expires can cause the server to crash.

 

CVE-2015-3166 (Information exposure)

 

The replacement implementation of snprintf() failed to check for

errors reported by the underlying system library calls; the main

case that might be missed is out-of-memory situations. In the worst

case this might lead to information exposure.

 

CVE-2015-3167 (Possible side-channel key exposure)

 

In contrib/pgcrypto, some cases of decryption with an incorrect key

could report other error message texts. Fix by using a

one-size-fits-all message.

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 9.1.16-0+deb7u1.

 

For the stable distribution (jessie), these problems have been fixed in

version 9.1.16-0+deb8u1. (Jessie contains a reduced postgresql-9.1

package; only CVE-2015-3166 is fixed in the produced binary package

postgresql-plperl-9.1. We recommend to upgrade to postgresql-9.4 to get

the full set of fixes. See the Jessie release notes for details.)

 

The testing distribution (stretch) and the unstable distribution (sid)

do not contain the postgresql-9.1 package.

Link to post
Share on other sites

×
×
  • Create New...