Jump to content
Bruno

NEW UPDATES Debian

Recommended Posts

V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1973-1 security@debian.orghttp://www.debian.org/security/ Aurelien JarnoJanuary 19, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : glibc, eglibcVulnerability : information disclosureProblem type : localDebian-specific: noCVE Id : CVE-2010-0015Debian Bug : 560333Christoph Pleger has discovered that the GNU C Library (aka glibc) andits derivatives add information from the passwd.adjunct.byname map toentries in the passwd map, which allows local users to obtain theencrypted passwords of NIS accounts by calling the getpwnam function.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1974-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisJanuary 20, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : gzipVulnerability : severalProblem type : local (remote)Debian-specific: noCVE Ids : CVE-2009-2624 CVE-2010-0001Debian Bug : 507263Several vulnerabilities have been found in gzip, the GNU compressionutilities. The Common Vulnerabilities and Exposures project identifiesthe following problems:CVE-2009-2624Thiemo Nagel discovered a missing input sanitation flaw in the way gzipused to decompress data blocks for dynamic Huffman codes, which couldlead to the execution of arbitrary code when trying to decompress acrafted archive. This issue is a reappearance of CVE-2006-4334 and onlyaffects the lenny version.CVE-2010-0001Aki Helin discovered an integer underflow when decompressing files thatare compressed using the LZW algorithm. This could lead to the executionof arbitrary code when trying to decompress a crafted LZW compressedgzip archive.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

***IMPORTANT NOTICE***Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1975-1 security@debian.orghttp://www.debian.org/security/ Stefan FritschJanuary 20, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Security Support for Debian GNU/Linux 4.0 to be discontinued onFebruary 15thOne year after the release of Debian GNU/Linux 5.0 alias 'lenny' andnearly three years after the release of Debian GNU/Linux 4.0 alias'etch' the security support for the old distribution (4.0 alias'etch') is coming to an end next month. The Debian project is proudto be able to support its old distribution for such a long time andeven for one year after a new version has been released.The Debian project has released Debian GNU/Linux 5.0 alias 'lenny' onthe 14th of February 2009. Users and Distributors have been given aone-year timeframe to upgrade their old installations to the currentstable release. Hence, the security support for the old release of4.0 is going to end in February 2010 as previously announced.Previously announced security updates for the old release will continueto be available on security.debian.org.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- -------------------------------------------------------------------------Debian Security Advisory DSA-1972-2 security@debian.orghttp://www.debian.org/security/ Stefan FritschJanuary 21, 2010 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : audiofileVulnerability : buffer overflowProblem type : local (remote)Debian-specific: noCVE Id : CVE-2008-5824Debian bug : 510205This advisory adds the packages for the old stable distribution (etch),with the exception of the mips packages. The updates for the mipsarchitecture will be released when they become available.The packages for the stable distribution (lenny) have been releasedin DSA-1972-1. For reference, the advisory text is provided below.Max Kellermann discovered a heap-based buffer overflow in the handlingof ADPCM WAV files in libaudiofile. This flaw could result in a denialof service (application crash) or possibly execution of arbitrary codevia a crafted WAV file.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1976-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoJanuary 22, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : dokuwikiVulnerability : several vulnerabilitiesProblem type : remoteDebian-specific: noDebian bugs : 565406CVE Ids : CVE-2010-0287 CVE-2010-0288 CVE-2010-0289Several vulnerabilities have been discovered in dokuwiki, a standards compliantsimple to use wiki.The Common Vulnerabilities and Exposures project identifies thefollowing problems:CVE-2010-0287It was discovered that an internal variable is not properly sanitized beforebeing used to list directories. This can be exploited to list contents ofarbitrary directories.CVE-2010-0288It was discovered that the ACL Manager plugin doesn't properly check theadministrator permissions. This allow an attacker to introduce arbitrary ACLrules and thus gaining access to a closed Wiki.CVE-2010-0289It was discovered that the ACL Manager plugin doesn't have protections againstcross-site request forgeries (CSRF). This can be exploited to change theaccess control rules by tricking a logged in administrator into visitinga malicious web site.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1977-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoJanuary 25, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Packages : python2.4 python2.5Vulnerability : several vulnerabilitiesProblem type : local (remote)Debian-specific: noCVE Id : CVE-2008-2316 CVE-2009-3560 CVE-2009-3720Debian Bug : 493797 560912 560913Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copyin the interpreter for the Python language, does not properly process malformed orcrafted XML files. (CVE-2009-3560 CVE-2009-3720)This vulnerability could allow an attacker to cause a denial of service while parsinga malformed XML file.In addition, this update fixes an integer overflow in the hashlib module in python2.5.This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)It only affects the oldstable distribution (etch).~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1978-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJanuary 26, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : phpgroupwareVulnerability : severalProblem-Type : remoteDebian-specific: noCVE ID : CVE-2009-4414 CVE-2009-4415 CVE-2009-4416Several remote vulnerabilities have been discovered in phpgroupware, aWeb based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems:CVE-2009-4414 An SQL injection vulnerability was found in the authentication module.CVE-2009-4415 Multiple directory traversal vulnerabilities were found in the addressbook module.CVE-2009-4416 The authentication module is affected by cross-site scripting.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1979-1 security@debian.orghttp://www.debian.org/security/ Raphael GeissertJanuary 27, 2009 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : lintianVulnerability : multipleProblem type : localDebian-specific: noCVE Id(s) : CVE-2009-4013 CVE-2009-4014 CVE-2009-4015Multiple vulnerabilities have been discovered in lintian,a Debian package checker. The following Common Vulnerabilities andExposures project ids have been assigned to identify them:CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems' control files were not sanitised before using them in certain operations that could lead to directory traversals. An attacker could exploit these vulnerabilities to overwrite arbitrary files or disclose system information.CVE-2009-4014: format string vulnerabilities Multiple check scripts and the Lintian::Schedule module were using user-provided input as part of the sprintf/printf format string.CVE-2009-4015: arbitrary command execution File names were not properly escaped when passing them as arguments to certain commands, allowing the execution of other commands as pipes or as a set of shell commands.- ------------------------------------------------------------------------Debian Security Advisory DSA-1980-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisJanuary 27, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : ircd-hybrid/ircd-ratboxVulnerability : integer underflow/denial of serviceProblem type : remoteDebian-specific: noCVE Ids : CVE-2009-4016 CVE-2010-0300David Leadbeater discovered an integer underflow that could be triggeredvia the LINKS command and can lead to a denial of service or theexecution of arbitrary code (CVE-2009-4016). This issue affects both,ircd-hybrid and ircd-ratbox.It was discovered that the ratbox IRC server is prone to a denial ofservice attack via the HELP command. The ircd-hybrid package is notvulnerable to this issue (CVE-2010-0300).~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1981-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisJanuary 28, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : maildropVulnerability : privilege escalationProblem type : localDebian-specific: noCVE Id : No CVE id yetDebian Bug : 564601Christoph Anton Mitterer discovered that maildrop, a mail delivery agentwith filtering abilities, is prone to a privilege escalation issue thatgrants a user root group privileges.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1984-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoJanuary 30, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Packages : libxerces2-javaVulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE Id : CVE-2009-2625Debian Bug : 548358It was discovered that libxerces2-java, a validating XML parser for Java,does not properly process malformed XML files.This vulnerability could allow an attacker to cause a denial of service while parsinga malformed XML file.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1841-2 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstJanuary 31, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : git-coreVulnerability : severalProblem type : remoteDebian-specific: noDebian bug : 532935CVE ID : CVE-2009-2108A bug in git-core caused the security update in DSA 1841 to fail tobuild on a number of architectures Debian supports. This update correctsthe bug and releases builds for all supported architectures. The originaladvisory is quoted in full below for reference.It was discovered that git-daemon which is part of git-core, a populardistributed revision control system, is vulnerable to denial of serviceattacks caused by a programming mistake in handling requests containingextra unrecognized arguments which results in an infinite loop. Whilethis is no problem for the daemon itself as every request will spawn anew git-daemon instance, this still results in a very high CPU consumptionand might lead to denial of service conditions.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-1983-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJanuary 30, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : wiresharkVulnerability : severalProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2009-4337 CVE-2010-0304Several remote vulnerabilities have been discovered in the Wiresharknetwork traffic analyzer, which may lead to the execution of arbitrarycode or denial of service. The Common Vulnerabilities and Exposuresproject identifies the following problems: CVE-2009-4337 A NULL pointer dereference was found in the SMB/SMB2 dissectors.CVE-2010-0304 Several buffer overflows were found in the LWRES dissector.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-1985-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoJanuary 31, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : sendmailVulnerability : insufficient input validationProblem type : remoteDebian-specific: noCVE ID : CVE-2009-4565Debian bug : 564581It was discovered that sendmail, a Mail Transport Agent, does not properly handlea '\0' character in a Common Name (CN) field of an X.509 certificate.This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted servercertificate issued by a legitimate Certification Authority, and to bypass intendedaccess restrictions via a crafted client certificate issued by a legitimateCertification Authority.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- --------------------------------------------------------------------------Debian Security Advisory DSA-1987-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeFebruary 2nd, 2010 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : lighttpdVulnerability : denial of serviceProblem type : remoteDebian-specific: noDebian bug : noneCVE ID : CVE-2010-0295Li Ming discovered that lighttpd, a small and fast webserver with minimalmemory footprint, is vulnerable to a denial of service attack due to badmemory handling. Slowly sending very small chunks of request data causeslighttpd to allocate new buffers for each read instead of appending toold ones. An attacker can abuse this behaviour to cause denial of serviceconditions due to memory exhaustion.=====- ------------------------------------------------------------------------Debian Security Advisory DSA-1986-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisFebruary 02, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : moodle Vulnerability : several vulnerabilitiesProblem type : remote Debian-specific: no CVE IDs : CVE-2009-4297 CVE-2009-4298 CVE-2009-4299 CVE-2009-4301 CVE-2009-4302 CVE-2009-4303 CVE-2009-4305 Debian Bugs : 559531 Several vulnerabilities have been discovered in Moodle, an onlinecourse management system. The Common Vulnerabilities and Exposuresproject identifies the following problems: CVE-2009-4297Multiple cross-site request forgery (CSRF) vulnerabilities have beendiscovered. CVE-2009-4298It has been discovered that the LAMS module is prone to the disclosureof user account information. CVE-2009-4299The Glossary module has an insufficient access control mechanism.CVE-2009-4301Moodle does not properly check permissions when the MNET service isenabled, which allows remote authenticated servers to execute arbitraryMNET functions.CVE-2009-4302The login/index_form.html page links to an HTTP page instead of using anSSL secured connection.CVE-2009-4303Moodle stores sensitive data in backup files, which might make itpossible for attackers to obtain them.CVE-2009-4305It has been discovered that the SCORM module is prone to an SQLinjection.Additionally, an SQL injection in the update_record function, a problemwith symbolic links and a verification problem with Glossary, databaseand forum ratings have been fixed.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1988-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoFebruary 02, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Packages : qt4-x11Vulnerability : several vulnerabilitiesProblem type : local (remote)Debian-specific: noCVE Ids : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713 CVE-2009-1725 CVE-2009-2700Debian Bugs : 532718 534946 538347 545793Several vulnerabilities have been discovered in qt4-x11, a cross-platformC++ application framework.The Common Vulnerabilities and Exposures project identifies thefollowing problems:CVE-2009-0945Array index error in the insertItemBefore method in WebKit, as used in qt4-x11,allows remote attackers to execute arbitrary code.CVE-2009-1687The JavaScript garbage collector in WebKit, as used in qt4-x11 does notproperly handle allocation failures, which allows remote attackers toexecute arbitrary code or cause a denial of service (memory corruptionand application crash) via a crafted HTML document that triggers writeaccess to an "offset of a NULL pointer.CVE-2009-1690Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remoteattackers to execute arbitrary code or cause a denial of service (memorycorruption and application crash) by setting an unspecified property ofan HTML tag that causes child elements to be freed and later accessedwhen an HTML error occurs.CVE-2009-1698WebKit in qt4-x11 does not initialize a pointer during handling of aCascading Style Sheets (CSS) attr function call with a large numericalargument, which allows remote attackers to execute arbitrary code orcause a denial of service (memory corruption and application crash) viaa crafted HTML document.CVE-2009-1699The XSL stylesheet implementation in WebKit, as used in qt4-x11 doesnot properly handle XML external entities, which allows remote attackers to readarbitrary files via a crafted DTD.CVE-2009-1711WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects,which allows remote attackers to execute arbitrary code or cause a denialof service (application crash) via a crafted HTML document.CVE-2009-1712WebKit in qt4-x11 does not prevent remote loading of local Java applets,which allows remote attackers to execute arbitrary code, gain privileges, orobtain sensitive information via an APPLET or OBJECT element.CVE-2009-1713The XSLT functionality in WebKit, as used in qt4-x11 does not properlyimplement the document function, which allows remote attackers to readarbitrary local files and files from different security zones.CVE-2009-1725WebKit in qt4-x11 does not properly handle numeric character references,which allows remote attackers to execute arbitrary code or cause adenial of service (memory corruption and application crash) via acrafted HTML document.CVE-2009-2700qt4-x11 does not properly handle a '\0' character in a domain name in theSubject Alternative Name field of an X.509 certificate, which allowsman-in-the-middle attackers to spoof arbitrary SSL servers via a craftedcertificate issued by a legitimate Certification Authority.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1989-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoFebruary 02, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Packages : fuseVulnerability : denial of serviceProblem type : localDebian-specific: noCVE Id : CVE-2009-3297Debian Bug : 567633Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace.A local attacker, with access to use FUSE, could unmount arbitrarylocations, leading to a denial of service.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1990-2 security@debian.orghttp://www.debian.org/security/ Stefan FritschFebruary 04, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : trac-gitVulnerability : shell command injectionProblem type : remoteDebian-specific: yesCVE Id(s) : CVE-2010-0394Debian Bug : 567039The trac-git package released in DSA-1990-1 had a wrong dependency thatcould not be satisfied in Debian stable. This update corrects thisproblem. For reference, the original advisory text is provided below.Stefan Goebel discovered that the Debian version of trac-git, the Gitadd-on for the Trac issue tracking system, contains a flaw whichenables attackers to execute code on the web server running trac-gitby sending crafted HTTP queries.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1991-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisFebruary 04, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : squid/squid3Vulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE Ids : CVE-2009-2855 CVE-2010-0308Debian Bug : 534982Two denial of service vulnerabilities have been discovered insquid and squid3, a web proxy. The Common Vulnerabilities and Exposuresproject identifies the following problems:CVE-2009-2855Bastian Blank discovered that it is possible to cause a denial ofservice via a crafted auth header with certain comma delimiters.CVE-2010-0308Tomas Hoger discovered that it is possible to cause a denial of servicevia invalid DNS header-only packets.=====- --------------------------------------------------------------------------Debian Security Advisory DSA-1992-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeFebruary 4th, 2010 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : chronyVulnerability : severalProblem type : remoteDebian-specific: noDebian bug : noneCVE ID : CVE-2010-0292 CVE-2010-0293 CVE-2010-0294Several vulnerabilities have been discovered in chrony, a pair of programswhich are used to maintain the accuracy of the system clock on a computer.This issues are similar to the NTP security flaw CVE-2009-3563. The CommonVulnerabilities and Exposures project identifies the following problems:CVE-2010-0292 chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorized hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions.CVE-2010-0293 The client logging facility of chronyd doesn't limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion.CVE-2010-0294 chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorized hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1993-1 security@debian.orghttp://www.debian.org/security/ Raphael GeissertFebruary 10, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : otrs2Vulnerability : sql injectionProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2010-0438It was discovered that otrs2, the Open Ticket Request System, does notproperly sanitise input data that is used on SQL queries, which might beused to inject arbitrary SQL to, for example, escalate privileges on asystem that uses otrs2.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1994-1 security@debian.orghttp://www.debian.org/security/ Raphael GeissertFebruary 11, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : ajaxtermVulnerability : weak session IDsProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2009-1629It was discovered that ajaxterm, a web-based terminal, generates weakand predictable session IDs, which might be used to hijack a session orcause a denial of service attack on a system that uses ajaxterm.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1995-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffFebruary 12, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : openoffice.orgVulnerability : severalProblem type : local(remote)Debian-specific: noCVE Id(s) : CVE-2010-0136 CVE-2009-0217 CVE-2009-2949 CVE-2009-2950 CVE-2009-3301 CVE-2009-3302Several vulnerabilities have been discovered in the OpenOffice.org officesuite. The Common Vulnerabilities and Exposures project identifies thefollowing problems:CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros.CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library.CVE-2009-2949 Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code.CVE-2009-2950 Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code.CVE-2009-3301/CVE-2009-3302 Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ----------------------------------------------------------------------Debian Security Advisory DSA-1996-1 security@debian.orghttp://www.debian.org/security/ dann frazierFebruary 12, 2010 http://www.debian.org/security/faq- ----------------------------------------------------------------------Package : linux-2.6Vulnerability : privilege escalation/denial of service/sensitive memory leakProblem type : local/remoteDebian-specific: noCVE Id(s) : CVE-2009-3939 CVE-2009-4027 CVE-2009-4536 CVE-2009-4538 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0298 CVE-2010-0306 CVE-2010-0307 CVE-2010-0309 CVE-2010-0410 CVE-2010-0415 Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a denial of service, sensitive memory leak or privilegeescalation. The Common Vulnerabilities and Exposures projectidentifies the following problems:CVE-2009-3939 Joseph Malicki reported that the dbg_lvl sysfs attribute for the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings.CVE-2009-4027 Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service (system crash) on a system connected to the same wireless network.CVE-2009-4536 & CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default.CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules.CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service (system panic) or obtain elevated privileges.CVE-2010-0298 & CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to denial of service a guest (system crash) or gain escalated privileges with the guest.CVE-2010-0307 Mathias Krause reported an issue with the load_elf_binary code on the amd64 flavor kernels that allows local users to cause a denial of service (system crash).CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service (crash) of the host system.CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory).CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1997-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoFebruary 14, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : mysql-dfsg-5.0Vulnerability : severalProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2009-4019 CVE-2009-4030 CVE-2009-4484Several vulnerabilities have been discovered in the MySQLdatabase server.The Common Vulnerabilities and Exposures project identifies thefollowing problems:CVE-2009-4019Domas Mituzas discovered that mysqld does not properly handle errors duringexecution of certain SELECT statements with subqueries, and does not preservecertain null_value flags during execution of statements that use theGeomFromWKB function, which allows remote authenticated users to cause adenial of service (daemon crash) via a crafted statement.CVE-2009-4030Sergei Golubchik discovered that MySQL allows local users to bypass certainprivilege checks by calling CREATE TABLE on a MyISAM table with modifiedDATA DIRECTORY or INDEX DIRECTORY arguments that are originally associatedwith pathnames without symlinks, and that can point to tables created ata future time at which a pathname is modified to contain a symlink to asubdirectory of the MySQL data home directory.CVE-2009-4484Multiple stack-based buffer overflows in the CertDecoder::GetName functionin src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allowremote attackers to execute arbitrary code or cause a denial of service(memory corruption and daemon crash) by establishing an SSL connection andsending an X.509 client certificate with a crafted name field.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1998-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffFebruary 17, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : kdelibsVulnerability : buffer overflowProblem type : local(remote)Debian-specific: noCVE Id(s) : CVE-2009-0689Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-1999-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffFebruary 18, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : xulrunnerVulnerability : severalProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel webbrowser. The Common Vulnerabilities and Exposures project identifies the following problems:CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code.CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments.CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code.CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code.CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents.- ------------------------------------------------------------------------Debian Security Advisory DSA-2000-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffFebruary 18, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : ffmpeg-debianVulnerability : severalProblem type : local(remote)Debian-specific: noCVE Id(s) : CVE-2009-4631 CVE-2009-4632 CVE-2009-4633 CVE-2009-4634 CVE-2009-4635 CVE-2009-4636 CVE-2009-4637 CVE-2009-4638 CVE-2009-4640Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedialibraries used in applications like MPlayer:Various programming errors in container and codec implementationsmay lead to denial of service or the execution of arbitrary codeif the user is tricked into opening a malformed media file or stream.Affected and updated have been the implementations of the followingcodecs and container formats:- - the Vorbis audio codec- - the Ogg container implementation- - the FF Video 1 codec- - the MPEG audio codec- - the H264 video codec- - the MOV container implementation- - the Oggedc container implementation~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2001-1 security@debian.orghttp://www.debian.org/security/ Raphael GeissertFebruary 19, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : php5Vulnerability : multipleProblem type : remote(local)Debian-specific: noCVE Id(s) : CVE-2009-4142 CVE-2009-4143Several remote vulnerabilities have been discovered in PHP 5, anhypertext preprocessor. The Common Vulnerabilities and Exposuresproject identifies the following problems:CVE-2009-4142 The htmlspecialchars function does not properly handle invalid multi-byte sequences.CVE-2009-4143 Memory corruption via session interruption.In the stable distribution (lenny), this update also includes bug fixes(bug #529278, #556459, #565387, #523073) that were to be included in astable point release as version 5.2.6.dfsg.1-1+lenny5.- ------------------------------------------------------------------------Debian Security Advisory DSA-2002-1 security@debian.orghttp://www.debian.org/security/ Stefan FritschFebruary 19, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : polipoVulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE Id(s) : CVE-2009-3305 CVE-2009-4413Debian bug : 547047 560779Several denial of service vulnerabilities have been discovered in polipo, asmall, caching web proxy. The Common Vulnerabilities and Exposures projectidentifies the following problems:CVE-2009-3305 A malicous remote sever could cause polipo to crash by sending an invalid Cache-Control header.CVE-2009-4143 A malicous client could cause polipo to crash by sending a large Content-Length value.This upgrade also fixes some other bugs that could lead to a daemon crashor an infinite loop and may be triggerable remotely.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ----------------------------------------------------------------------Debian Security Advisory DSA-2003-1 security@debian.orghttp://www.debian.org/security/ Dann FrazierFebruary 22, 2010 http://www.debian.org/security/faq- ----------------------------------------------------------------------Package : linux-2.6Vulnerability : privilege escalation/denial of serviceProblem type : local/remoteDebian-specific: noCVE Id(s) : CVE-2009-3080 CVE-2009-3726 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4536 CVE-2010-0007 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622NOTE: This kernel update marks the final planned kernel securityupdate for the 2.6.18 kernel in the Debian release 'etch'.Although security support for 'etch' officially ended onFeburary 15th, 2010, this update was already in preparationbefore that date. A final update that includes fixes for theseissues in the 2.6.24 kernel is also in preparation and will bereleased shortly.Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a denial of service or privilege escalation. The CommonVulnerabilities and Exposures project identifies the followingproblems:CVE-2009-3080 Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges.CVE-2009-3726 Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call.CVE-2009-4005 Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops).CVE-2009-4020 Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. CVE-2009-4021 Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges.CVE-2009-4536 Fabian Yamaguchi reported an issue in the e1000 driver for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames.CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules.CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory).CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory.CVE-2010-0622 Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops).This update also fixes a regression introduced by a previous securityupdate that caused problems booting on certain s390 systems.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ----------------------------------------------------------------------Debian Security Advisory DSA-2004-1 security@debian.orghttp://www.debian.org/security/ Dann FrazierFebruary 27, 2010 http://www.debian.org/security/faq- ----------------------------------------------------------------------Package : linux-2.6.24Vulnerability : privilege escalation/denial of service/sensitive memory leakProblem type : local/remoteDebian-specific: noCVE Id(s) : CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726 CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622NOTE: This kernel update marks the final planned kernel securityupdate for the 2.6.24 kernel in the Debian release 'etch'. Althoughsecurity support for 'etch' officially ended on Feburary 15th, 2010,this update was already in preparation before that date.Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a denial of service, sensitive memory leak or privilegeescalation. The Common Vulnerabilities and Exposures projectidentifies the following problems:CVE-2009-2691 Steve Beattie and Kees Cook reported an information leak in the maps and smaps files available under /proc. Local users may be able to read this data for setuid processes while the ELF binary is being loaded.CVE-2009-2695 Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities.CVE-2009-3080 Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges.CVE-2009-3726 Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call.CVE-2009-3889 Joe Malicki discovered an issue in the megaraid_sas driver. Insufficient permissions on the sysfs dbg_lvl interface allow local users to modify the debug logging behavior.CVE-2009-4005 Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops).CVE-2009-4020 Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. CVE-2009-4021 Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges.CVE-2009-4138 Jay Fenlason discovered an issue in the firewire stack that allows local users to cause a denial of service (oops or crash) by making a specially crafted ioctl call.CVE-2009-4308 Ted Ts'o discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (NULL pointer dereference). For this to be exploitable, the local user must have sufficient privileges to mount a filesystem.CVE-2009-4536 & CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted Ethernet frames. CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default.CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules.CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service (system panic) or obtain elevated privileges.CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory).CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory.CVE-2010-0622 Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops).~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2006-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMarch 02, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : sudoVulnerability : severalProblem type : localDebian-specific: noCVE Id(s) : CVE-2010-0426 CVE-2010-0427Debian Bugs : 570737Several vulnerabilities have been discovered in sudo, a programdesigned to allow a sysadmin to give limited root privileges to usersdatabase server.The Common Vulnerabilities and Exposures project identifies thefollowing problems:CVE-2010-0426:It was discovered that sudo when a pseudo-command is enabled, permits amatch between the name of the pseudo-command and the name of anexecutable file in an arbitrary directory, which allows local users togain privileges via a crafted executable file.CVE-2010-0427:It was discovered that sudo when the runas_default option is used, doesnot properly set group memberships, which allows local users to gain privilegesvia a sudo command.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- --------------------------------------------------------------------------Debian Security Advisory DSA-2007-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeMarch 3rd, 2010 http://www.debian.org/security/faq- --------------------------------------------------------------------------Package : cupsVulnerability : format string vulnerabilityProblem type : localDebian-specific: noDebian bug : noneCVE ID : CVE-2010-0393Ronald Volgers discovered that the lppasswd component of the cups suite,the Common UNIX Printing System, is vulnerable to format string attacksdue to insecure use of the LOCALEDIR environment variable. An attackercan abuse this behaviour to execute arbitrary code via crafted localizationfiles and triggering calls to _cupsLangprintf(). This works as the lppasswdbinary happens to be installed with setuid 0 permissions.~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2008-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMarch 08, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : typo3-srcVulnerability : severalProblem type : local/remoteDebian-specific: noCVE Id(s) : not yet availableDebian Bug : 571151Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities havebeen discovered in both the frontend and the backend. Also, user datacould be leaked. More details can be found in the Typo3 securityadvisory:http://typo3.org/teams/security/security-b...o3-sa-2010-004/ ~Eric

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Updates Debian Lenny- ------------------------------------------------------------------------Debian Security Advisory DSA-2009-1 security@debian.orghttp://www.debian.org/security/ Steffen JoerisMarch 09, 2010 http://www.debian.org/security/faq- ------------------------------------------------------------------------Package : tdiaryVulnerability : insufficient input sanitisingProblem type : remoteDebian-specific: noCVE Id : CVE-2010-0726Debian Bug : 572417It was discovered that tdiary, a communication-friendly weblog system,is prone to a cross-site scripting vulnerability due to insuficientinput sanitising in the TrackBack transmission plugin.~Eric

Share this post


Link to post
Share on other sites

×
×
  • Create New...