Jump to content

Recommended Posts

sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2237-1 security@debian.orghttp://www.debian.org/security/ Stefan FritschMay 15, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : aprVulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0419A flaw was found in the APR library, which could be exploited throughApache HTTPD's mod_autoindex. If a directory indexed by mod_autoindexcontained files with sufficiently long names, a remote attacker couldsend a carefully crafted request which would cause excessive CPUusage. This could be used in a denial of service attack.For the oldstable distribution (lenny), this problem has been fixed inversion 1.2.12-5+lenny3.For the stable distribution (squeeze), this problem has been fixed inversion 1.4.2-6+squeeze1.For the testing distribution (wheezy), this problem will be fixed inversion 1.4.4-1.For the unstable distribution (sid), this problem has been fixed inversion 1.4.4-1.

Link to post
Share on other sites
  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

  • sunrat

    1535

  • V.T. Eric Layton

    171

  • securitybreach

    112

  • Bruno

    65

Top Posters In This Topic

Popular Posts

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 security@debian.org http://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3401-1 security@debian.org https://www.debian.org/security/

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4123-1 security@debian.org https://www.debian.org/security/

sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2238-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMay 19, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : vinoVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0904 CVE-2011-0905 Kevin Chen discovered that incorrect processing of framebuffer requests in the Vino VNC server could lead to denial of service.For the stable distribution (squeeze), this problem has been fixed inversion 2.28.2-2+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 2.28.2-3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2237-2 security@debian.orghttp://www.debian.org/security/ Stefan FritschMay 21, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : aprVulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0419 CVE-2011-1928Debian bug : 627182The recent APR update DSA-2237-1 introduced a regression that couldlead to an endless loop in the apr_fnmatch() function, causing adenial of service. This update fixes this problem (CVE-2011-1928).For reference, the description of the original DSA, which fixedCVE-2011-0419:A flaw was found in the APR library, which could be exploited throughApache HTTPD's mod_autoindex. If a directory indexed by mod_autoindexcontained files with sufficiently long names, a remote attacker couldsend a carefully crafted request which would cause excessive CPUusage. This could be used in a denial of service attack.For the oldstable distribution (lenny), this problem has been fixed inversion 1.2.12-5+lenny4.For the stable distribution (squeeze), this problem has been fixed inversion 1.4.2-6+squeeze2.For the testing distribution (wheezy), this problem will be fixed inversion 1.4.5-1.For the unstable distribution (sid), this problem will be fixed inversion 1.4.5-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2239-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMay 24, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libmojolicious-perlVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2010-4802 CVE-2010-4803 CVE-2011-1841 Several vulnerabilities have been discovered Mojolicious, a Perl Web Application Framework. The link_to helper was affected by cross-site scripting and implementation errors in the MD5 HMAC and CGI environment handling have been corrected.The oldstable distribution (lenny) doesn't include libmojolicious-perl.For the stable distribution (squeeze), this problem has been fixed inversion 0.999926-1+squeeze2.For the unstable distribution (sid), this problem has been fixed inversion 1.12-1.------------------------------------------- -------------------------------------------------------------------------Debian Security Advisory DSA-2241-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMay 24, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : qemu-kvmVulnerability : implementation errorProblem type : localDebian-specific: noCVE ID : CVE-2011-1751 Nelson Elhage discovered that incorrect memory handling during the removal of ISA devices in KVM, a solution for full virtualization onx86 hardware, could lead to denial of service of the execution of arbitrary code.For the stable distribution (squeeze), this problem has been fixed inversion 0.12.5+dfsg-5+squeeze2.For the unstable distribution (sid), this problem will be fixed soon.

Link to post
Share on other sites
sunrat

- ----------------------------------------------------------------------Debian Security Advisory DSA-2240-1 security@debian.orghttp://www.debian.org/security/ dann frazierMay 24, 2011 http://www.debian.org/security/faq- ----------------------------------------------------------------------Package : linux-2.6Vulnerability : privilege escalation/denial of service/information leakProblem type : local/remoteDebian-specific: noCVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478 CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770 CVE-2011-1776 CVE-2011-2022Debian Bug(s) : Several vulnerabilities have been discovered in the Linux kernel that may leadto a denial of service or privilege escalation. The Common Vulnerabilities andExposures project identifies the following problems:CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory.CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service (kernel panic).CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory.CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR).CVE-2011-1016 Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video chips. Local users could pass arbitrary values to video memory and the graphics translation table, resulting in denial of service or escalated privileges. On default Debian installations, this is exploitable only by members of the 'video' group.CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory.CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service (kernel Oops). CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory.CVE-2011-1090 Neil Horman discovered a memory leak in the setacl() call on NFSv4 filesystems. Local users can explot this to cause a denial of service (Oops).CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory.CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition.CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory.CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware.CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges.CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information.CVE-2011-1476 Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to cause a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable.CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable.CVE-2011-1478 Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in the Linux networking subsystem. If an interface has GRO enabled and is running in promiscuous mode, remote users can cause a denial of service (NULL pointer dereference) by sending packets on an unknown VLAN.CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service by providing specially crafted facilities fields.CVE-2011-1494 Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges by specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root.CVE-2011-1495 Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges and ready arbitrary kernel memory by using specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root.CVE-2011-1585 Jeff Layton reported an issue in the Common Internet File System (CIFS). Local users can bypass authentication requirements for shares that are already mounted by another user.CVE-2011-1593 Robert Swiecki reported a signednes issue in the next_pidmap() function, which can be exploited my local users to cause a denial of service.CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network (CAN/BCM) protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service.CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian installations, this is exploitable only by users in the video group.CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. On default Debian installations, this is exploitable only by users in the video group.CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call.CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialization.CVE-2011-1770 Dan Rosenberg reported an issue in the Datagram Congestion Control Protocol (DCCP). Remote users can cause a denial of service or potentially obtain access to sensitive kernel memory.CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table.CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian installations, this is exploitable only by users in the video group.This update also includes changes queued for the next point release ofDebian 6.0, which also fix various non-security issues. These additionalchanges are described in the package changelog which can be viewed at: http://packages.debian.org/changelogs/pool...32-34/changelogFor the stable distribution (squeeze), this problem has been fixed in version2.6.32-34squeeze1. Updates for issues impacting the oldstable distribution(lenny) will be available soon.The following matrix lists additional source packages that were rebuilt forcompatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+34squeeze1

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2242-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffMay 25, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : cyrus-imapd-2.2Vulnerability : implementation errorProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1926 Debian Bug : 627081It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.For the oldstable distribution (lenny), this problem has been fixed inversion 2.2.13-14+lenny4.For the stable distribution (squeeze), this problem has been fixed inversion 2.2.13-19+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 2.2.13p1-11 for cyrus-imapd-2.2 and in version 2.4.7-1for cyrus-imapd-2.4.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2243-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerMay 27, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : unboundVulnerability : design flawProblem type : remoteDebian-specific: noCVE ID : CVE-2009-4008It was discovered that Unbound, a caching DNS resolver, ceases toprovide answers for zones signed using DNSSEC after it has processed acrafted query. (CVE-2009-4008)In addition, this update improves the level of DNSSEC support in thelenny version of Unbound so that it is possible for systemadministrators to configure the trust anchor for the root zone.For the oldstable distribution (lenny), this problem has been fixed inversion 1.4.6-1~lenny1.For the other distributions (squeeze, wheezy, sid), this problem hasbeen fixed in version 1.4.4-1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2244-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerMay 27, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : bind9Vulnerability : incorrect boundary conditionProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1910It was discovered that BIND, an implementation of the DNS protocol,does not correctly process certain large RRSIG record sets in DNSSECresponses. The resulting assertion failure causes the name serverprocess to crash, making name resolution unavailable. (CVE-2011-1910)In addition, this update fixes handling of certain signed/unsignedzone combinations when a DLV service is used. Previously, data fromcertain affected zones could become unavailable from the resolver.For the oldstable distribution (lenny), this problem has been fixed inversion 1:9.6.ESV.R4+dfsg-0+lenny2.For the stable distribution (squeeze), this problem has been fixed inversion 1:9.7.3.dfsg-1~squeeze2.The testing distribution (wheezy) and the unstable distribution (sid)will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2245-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMay 29, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromium-browserVulnerability : several vulnerabilitiesProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444 CVE-2011-1797 CVE-2011-1799 Several vulnerabilities were discovered in the Chromium browser.The Common Vulnerabilities and Exposures project identifies thefollowing problems:CVE-2011-1292 Use-after-free vulnerability in the frame-loader implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.CVE-2011-1293 Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.CVE-2011-1440 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.CVE-2011-1444 Race condition in the sandbox launcher implementation in Google Chrome on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.CVE-2011-1797 Google Chrome does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."CVE-2011-1799 Google Chrome does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.For the stable distribution (squeeze), these problems have been fixed inversion 6.0.472.63~r59945-5+squeeze5.For the testing distribution (wheezy), these problems will be fixed soon.For the unstable distribution (sid), these problems have been fixed inversion 11.0.696.68~r84545-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2246-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoMay 29, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : maharaVulnerability : several vulnerabilitiesProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1402 CVE-2011-1403 CVE-2011-1404 CVE-2011-1405 CVE-2011-1406Several vulnerabilities were discovered in mahara, an electronic portfolio,weblog, and resume builder. The following Common Vulnerabilities andExposures project ids identify them:CVE-2011-1402 It was discovered that previous versions of Mahara did not check user credentials before adding a secret URL to a view or suspending a user.CVE-2011-1403 Due to a misconfiguration of the Pieform package in Mahara, the cross-site request forgery protection mechanism that Mahara relies on to harden its form was not working and was essentially disabled. This is a critical vulnerability which could allow attackers to trick other users (for example administrators) into performing malicious actions on behalf of the attacker. Most Mahara forms are vulnerable.CVE-2011-1404 Many of the JSON structures returned by Mahara for its AJAX interactions included more information than what ought to be disclosed to the logged in user. New versions of Mahara limit this information to what is necessary for each page.CVE-2011-1405 Previous versions of Mahara did not escape the contents of HTML emails sent to users. Depending on the filters enabled in one's mail reader, it could lead to cross-site scripting attacks.CVE-2011-1406 It has been pointed out to us that if Mahara is configured (through its wwwroot variable) to use HTTPS, it will happily let users login via the HTTP version of the site if the web server is configured to serve content over both protocol. The new version of Mahara will, when the wwwroot points to an HTTPS URL, automatically redirect to HTTPS if it detects that it is being run over HTTP. We recommend that sites wanting to run Mahara over HTTPS make sure that their web server configuration does not allow the serving of content over HTTP and merely redirects to the secure version. We also suggest that site administrators consider adding the HSTS headers (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) to their web server configuration.For the oldstable distribution (lenny), these problems have been fixed inversion 1.0.4-4+lenny10.For the stable distribution (squeeze), these problems have been fixed inversion 1.2.6-2+squeeze2.For the testing distribution (wheezy), these problems have been fixed inversion 1.3.6-1.For the unstable distribution (sid), these problems have been fixed inversion 1.3.6-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2247-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstMay 31, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : railsVulnerability : several vulnerabilitiesProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0446 CVE-2011-0447 Debian Bug : 614864Several vulnerabilities have been discovered in Rails, the Ruby webapplication framework. The Common Vulnerabilities and Exposures projectidentifies the following problems:CVE-2011-0446 Multiple cross-site scripting (XSS) vulnerabilities when JavaScript encoding is used, allow remote attackers to inject arbitrary web script or HTML.CVE-2011-0447 Rails does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks.For the oldstable distribution (lenny), this problem has been fixed inversion 2.1.0-7+lenny0.1.For the stable distribution (squeeze), this problem has been fixed inversion 2.3.5-1.2+squeeze0.1.For the unstable distribution (sid), this problem has been fixed inversion 2.3.11-0.1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2248-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeMarch 31, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : ejabberdVulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1753Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber serverwritten in Erlang, is vulnerable to the so-called "billion laughs" attackbecause it does not prevent entity expansion on received data.This allows an attacker to perform denial of service attacks against theservice by sending specially crafted XML data to it.For the oldstable distribution (lenny), this problem has been fixed inversion 2.0.1-6+lenny3.For the stable distribution (squeeze), this problem has been fixed inversion 2.1.5-3+squeeze1.For the testing distribution (wheezy), this problem will be fixed soon.For the unstable distribution (sid), this problem has been fixed inversion 2.1.6-2.1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2249-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeMarch 31, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : jabberd14Vulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1754Wouter Coekaerts discovered that jabberd14, an instant messaging serverusing the Jabber/XMPP protocol, is vulnerable to the so-called"billion laughs" attack because it does not prevent entity expansion onreceived data. This allows an attacker to perform denial of serviceattacks against the service by sending specially crafted XML data to it.The oldstable distribution (lenny), does not contain jabberd14.For the stable distribution (squeeze), this problem has been fixed inversion 1.6.1.1-5+squeeze1.For the testing distribution (wheezy), this problem will be fixed soon.For the unstable distribution (sid), this problem has been fixed inversion 1.6.1.1-5.1- -------------------------------------------------------------------------Debian Security Advisory DSA-2250-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeMarch 31, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : citadelVulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1756Wouter Coekaerts discovered that the jabber server component of citadel,a complete and feature-rich groupware server, is vulnerable to the so-called"billion laughs" attack because it does not prevent entity expansion onreceived data. This allows an attacker to perform denial of serviceattacks against the service by sending specially crafted XML data to it.For the oldstable distribution (lenny), this problem has been fixed inversion 7.37-8+lenny1.For the stable distribution (squeeze), this problem has been fixed inversion 7.83-2squeeze2.For the testing (wheezy) and unstable(sid) distributions,this problem will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2251-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstJune 02, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : subversionVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 Several vulnerabilities were discovered in Subversion, the versioncontrol system. The Common Vulnerabilities and Exposures projectidentifies the following problems:CVE-2011-1752 The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources.CVE-2011-1783 The mod_dav_svn Apache HTTPD server module can trigger a loop which consumes all available memory on the system.CVE-2011-1921 The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.For the oldstable distribution (lenny), this problem has been fixed inversion 1.5.1dfsg1-7.For the stable distribution (squeeze), this problem has been fixed inversion 1.6.12dfsg-6.For the unstable distribution (sid), this problem has been fixed inversion 1.6.17dfsg-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2252-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJune 02, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : dovecotVulnerability : programming errorProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1929 Debian Bug : 627443It was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denialof service through malformed mail headers.The oldstable distribution (lenny) is not affected.For the stable distribution (squeeze), this problem has been fixed inversion 1.2.15-7.For the unstable distribution (sid), this problem has been fixed inversion 2.0.13-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2253-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstJune 3, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : fontforgeVulnerability : buffer overflowProblem type : remoteDebian-specific: noCVE ID : CVE-2010-4259 Debian Bug : 605537Ulrik Persson reported a stack-based buffer overflow flaw in FontForge,a font editor. When processed a crafted Bitmap Distribution Format (BDF)FontForge could crash or execute arbitrary code with the privileges ofthe user running FontForge.For the oldstable distribution (lenny), this problem has been fixed inversion 0.0.20080429-1+lenny2.For the stable distribution (squeeze), testing distribution (wheezy),and unstable distribution (sid) are not affected by this problem.

Link to post
Share on other sites
sunrat

- ---------------------------------------------------------------------------Debian Security Advisory DSA 2254-1 security@debian.orghttp://www.debian.org/security/ Luciano BelloJune 3, 2011 http://www.debian.org/security/faq- ---------------------------------------------------------------------------Package : oprofileVulnerability : command injectionProblem type : localDebian-specific: noDebian bug : 624212CVE ID : CVE-2011-1760OProfile is a performance profiling tool which is configurable by opcontrol, itscontrol utility. Stephane Chauveau reported several ways to inject arbitrarycommands in the arguments of this utility. If a local unprivileged user isauthorized by sudoers file to run opcontrol as root, this user could use theflaw to escalate his privileges.For the oldstable distribution (lenny), this problem has been fixed inversion 0.9.3-2+lenny1.For the stable distribution (squeeze), this problem has been fixed inversion 0.9.6-1.1+squeeze1.For the testing distribution (wheezy), this problem has been fixed inversion 0.9.6-1.2.For the unstable distribution (sid), this problem has been fixed inversion 0.9.6-1.2.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2255-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstJune 6, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libxml2Vulnerability : buffer overflowProblem type : local (remote)Debian-specific: noDebian Bug : 628537Chris Evans discovered that libxml was vulnerable to buffer overflows,which allowed a crafted XML input file to potentially execute arbitrarycode.For the oldstable distribution (lenny), this problem has been fixed inversion 2.6.32.dfsg-5+lenny4.For the stable distribution (squeeze), this problem has been fixed inversion 2.7.8.dfsg-2+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 2.7.8.dfsg-3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2256-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstJune 9, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : tiffVulnerability : buffer overflowProblem type : remoteDebian-specific: noCVE ID : CVE-2009-5022 Debian Bug : 624287Tavis Ormandy discovered that the Tag Image File Format (TIFF) libraryis vulnerable to a buffer overflow triggered by a crafted OJPEG filewhich allows for a crash and potentially execution of arbitrary code.The oldstable distribution (lenny) is not affected by this problem.For the stable distribution (squeeze), this problem has been fixed inversion 3.9.4-5+squeeze2.For the testing distribution (wheezy) and unstable distribution (sid),this problem has been fixed in version 3.9.5-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2257-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeJune 10, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : vlcVulnerability : heap-based buffer overflowProblem type : localDebian-specific: noCVE ID : CVE-2011-2194Rocco Calvi discovered that the XSPF playlist parser of vlc, a multimediaplayer and streamer, is prone to an integer overflow resulting in aheap-based buffer overflow. This might allow an attacker to executearbitrary code by tricking a victim into opening a specially craftedfile.The oldstable distribution (lenny) is not affected by this problem.For the stable distribution (squeeze), this problem has been fixed inversion 1.1.3-1squeeze6.For the testing (wheezy) and unstable (sid) distributions, thisproblem will be fixed soon.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2257-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeJune 11, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : kolab-cyrus-imapdVulnerability : implementation errorProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1926Debian Bug : 629350It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering,which allows man-in-the-middle attackers to insert commands into encryptedIMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.For the oldstable distribution (lenny), this problem has been fixed inversion 2.2.13-5+lenny3.For the stable distribution (squeeze), this problem has been fixed inversion 2.2.13-9.1.For the testing distribution (wheezy), this problem has been fixed inversion 2.2.13p1-0.1.For the unstable distribution (sid), this problem has been fixed inversion 2.2.13p1-0.1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2259-1 security@debian.orghttp://www.debian.org/security/ Nico GoldeJune 12, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : fexVulnerability : authentication bypassProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1409It was discovered that fex, a web service for transferring very large,files, is not properly validating authentication IDs. While the serviceproperly validates existing authentication IDs, an attacker who is notspecifying any authentication ID at all, can bypass the authenticationprocedure.The oldstable distribution (lenny) does not include fex.For the stable distribution (squeeze), this problem has been fixed inversion 20100208+debian1-1+squeeze1.For the testing distribution (wheezy), this problem will be fixed soon.For the unstable distribution (sid), this problem has been fixed inversion 20110610-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2260-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerJune 14, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : railsVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2009-3086 CVE-2009-4214Debian Bug : 545063 558685Two vulnerabilities were discovered in Ruby on Rails, a webapplication framework. The Common Vulnerabilities and Exposuresproject identifies the following problems:CVE-2009-3086 The cookie store may be vulnerability to a timing attack, potentially allowing remote attackers to forge message digests.CVE-2009-4214 A cross-site scripting vulnerability in the strip_tags function allows remote user-assisted attackers to inject arbitrary web script.For the oldstable distribution (lenny), these problems have been fixedin version 2.1.0-7+lenny0.2.For the other distributions, these problems have been fixed in version2.2.3-2.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2261-1 security@debian.orghttp://www.debian.org/security/ Thijs KinkhorstJune 15, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : redmineVulnerability : severalProblem type : remoteDebian-specific: noDebian Bug : 608397Joernchen of Phenoelit discovered several vulnerabilities in Redmine,a project management web application: Logged in users may be able to access private data. The Textile formatter allowed for cross site scripting, exposing sensitive data to an attacker. The Bazaar repository adapter could be used to remotely execute commands on the host running Redmine.The oldstable distribution (lenny) does not contain redmine packages.For the stable distribution (squeeze), this problem has been fixed inversion 1.0.1-2.For the testing distribution (wheezy) and unstable distribution (sid),this problem has been fixed in version 1.0.5-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2262-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJune 15, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : moodleVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : not yet availableSeveral cross-site scripting and information disclosure issues havebeen fixed in Moodle, a course management system for online learning:* MSA-11-0002 Cross-site request forgery vulnerability in RSS block* MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete* MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information* MSA-11-0011 Multiple cross-site scripting problems in media filter* MSA-11-0015 Cross Site Scripting through URL encoding* MSA-11-0013 Group/Quiz permissions issueFor the stable distribution (squeeze), this problem has been fixed inversion 1.9.9.dfsg2-2.1+squeeze1.For the unstable distribution (sid), this problem has been fixed inversion 1.9.9.dfsg2-3.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2263-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerJune 16, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : movabletype-opensourceVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : not yet availableDebian Bug : 627936It was discovered that Movable Type, a weblog publishing system,contains several security vulnerabilities:A remote attacker could execute arbitrary code in a logged-in users'web browser.A remote attacker could read or modify the contents in the systemunder certain circumstances.For the oldstable distribution (lenny), no update is available at thistime.For the stable distribution (squeeze), these problems have been fixed inversion 4.3.5+dfsg-2+squeeze2.For the testing distribution (wheezy) and for the unstabledistribution (sid), these problems have been fixed in version4.3.6.1+dfsg-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2264-1 security@debian.orghttp://www.debian.org/security/ dann frazierJune 18, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : linux-2.6Vulnerability : privilege escalation/denial of service/information leakProblem type : local/remoteDebian-specific: noCVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655 CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726 CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1093 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1477 CVE-2011-1493 CVE-2011-1577 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 CVE-2011-1776 CVE-2011-2022 CVE-2011-2182Debian Bug : 618485Several vulnerabilities have been discovered in the Linux kernel that may leadto a privilege escalation, denial of service or information leak. The CommonVulnerabilities and Exposures project identifies the following problems:CVE-2010-2524 David Howells reported an issue in the Common Internet File System (CIFS). Local users could cause arbitrary CIFS shares to be mounted by introducing malicious redirects.CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory.CVE-2010-4075 Dan Rosenberg reported an issue in the tty layer that may allow local users to obtain access to sensitive kernel memory.CVE-2010-4655 Kees Cook discovered several issues in the ethtool interface which may allow local users with the CAP_NET_ADMIN capability to obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service (kernel panic).CVE-2011-0710 Al Viro reported an issue in the /proc/<pid>/status interface on the s390 architecture. Local users could gain access to sensitive memory in processes they do not own via the task_show_regs entry.CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory.CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR).CVE-2011-1010 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service (panic) by adding a storage device with a malicious map_count value. CVE-2011-1012 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service (panic) by adding a storage device with a malicious map_count value. CVE-2011-1017 Timo Warns reported an issue in the Linux support for LDM partition tables. Users with physical access can gain access to sensitive kernel memory or gain elevated privileges by adding a storage device with a specially crafted LDM partition.CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory.CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service (kernel Oops). CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory.CVE-2011-1090 Neil Horman discovered a memory leak in the setacl() call on NFSv4 filesystems. Local users can exploit this to cause a denial of service (Oops).CVE-2011-1093 Johan Hovold reported an issue in the Datagram Congestion Control Protocol (DCCP) implementation. Remote users could cause a denial of service by sending data after closing a socket.CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory.CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition.CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory.CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware.CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges.CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information.CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable.CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service by providing specially crafted facilities fields.CVE-2011-1577 Timo Warns reported an issue in the Linux support for GPT partition tables. Local users with physical access could cause a denial of service (Oops) by adding a storage device with a malicious partition table header.CVE-2011-1593 Robert Swiecki reported a signednes issue in the next_pidmap() function, which can be exploited my local users to cause a denial of service.CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network (CAN/BCM) protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service.CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian installations, this is exploitable only by users in the video group.CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. On default Debian installations, this is exploitable only by users in the video group.CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call.CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialization.CVE-2011-1768 Alexecy Dobriyan reported an issue in the IP tunnels implementation. Remote users can cause a denial of service by sending a packet during module initialization.CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table.CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian installations, this is exploitable only by users in the video group.CVE-2011-2182 Ben Hutchings reported an issue with the fix for CVE-2011-1017 (see above) that made it insufficient to resolve the issue.For the oldstable distribution (lenny), this problem has been fixed inversion 2.6.26-26lenny3. Updates for arm and hppa are not yet available,but will be released as soon as possible.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2265-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerJune 20, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : perlVulnerability : lack of tainted flag propagationProblem type : remoteDebian-specific: noCVE ID : CVE-2011-1487Debian Bug : 622817Mark Martinec discovered that Perl incorrectly clears the tainted flagon values returned by case conversion functions such as "lc". Thismay expose preexisting vulnerabilities in applications which use thesefunctions while processing untrusted input. No such applications areknown at this stage. Such applications will cease to work when thissecurity update is applied because taint checks are designed toprevent such unsafe use of untrusted input data.For the oldstable distribution (lenny), this problem has been fixed inversion 5.10.0-19lenny4.For the stable distribution (squeeze), this problem has been fixed inversion 5.10.1-17squeeze1.For the testing distribution (wheezy), this problem has been fixed inversion <missing>.For the testing distribution (wheezy) and the unstable distribution(sid), this problem has been fixed in version 5.10.1-20.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2210-2 security@debian.orghttp://www.debian.org/security/ Luciano BelloJune 25, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : tiffVulnerability : severalProblem type : local (remote)Debian-specific: noCVE ID : CVE-2011-0191 CVE-2011-0192 CVE-2011-1167Debian Bug : 619614 630042The recent tiff update DSA-2210-1 introduced a regression that couldlead to encoding problems of tiff files. This update fixes this problem (bug #630042).For reference, the description of the original DSA, which fixedCVE-2011-0191 CVE-2011-0192 CVE-2011-1167CVE-2011-0191 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. This issue affects the Debian 5.0 Lenny package only.CVE-2011-0192 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding.CVE-2011-1167 Heap-based buffer overflow in the thunder (aka ThunderScan) decoder allows to execute arbitrary code via a TIFF file that has an unexpected BitsPerSample value.For the oldstable distribution (lenny), this problem has been fixed inversion 3.8.2-11.5.For the stable distribution (squeeze), this problem has been fixed inversion 3.9.4-5+squeeze3.For the testing distribution (wheezy), this problem has been fixed inversion 3.9.5-1.For the unstable distribution (sid), this problem has been fixed inversion 3.9.5-1.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2266-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJune 29, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : php5Vulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2010-2531 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1153 CVE-2011-1466 CVE-2011-1471 CVE-2011-2202 Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code.CVE-2010-2531 An information leak was found in the var_export() function.CVE-2011-0421 The Zip module could crash.CVE-2011-0708 An integer overflow was discovered in the Exif module.CVE-2011-1466 An integer overflow was discovered in the Calendar module.CVE-2011-1471 The Zip module was prone to denial of service through malformed archives.CVE-2011-2202 Path names in form based file uploads (RFC 1867) were incorrectly validated.This update also fixes two bugs, which are not treated as securityissues, but fixed nonetheless, see README.Debian.security for detailson the scope of security support for PHP (CVE-2011-0420, CVE-2011-1153).For the oldstable distribution (lenny), this problem has been fixed inversion 5.2.6.dfsg.1-1+lenny12.For the stable distribution (squeeze), this problem has been fixed inversion 5.3.3-7+squeeze3.For the unstable distribution (sid), this problem has been fixed inversion 5.3.6-12.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2267-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 01, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : perlVulnerability : restriction bypassProblem type : localDebian-specific: noCVE ID : CVE-2010-1447 Debian Bug : 631529It was discovered that Perl's Safe module - a module to compile and execute code in restricted compartments - could by bypassed.Please note that this update is known to break Petal, an XML-based templating engine (shipped with Debian 6.0/Squeeze in the packagelibpetal-perl, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582805for details). A fix is not yet available. If you use Petal, you mightconsider to put the previous Perl packages on hold.For the oldstable distribution (lenny), this problem has been fixed inversion 5.10.0-19lenny5.For the stable distribution (squeeze), this problem has been fixed inversion 5.10.1-17squeeze2.For the unstable distribution (sid), this problem has been fixed inversion 5.12.3-1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2268-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 01, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceweaselVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 Several vulnerabilities have been found in Iceweasel, a web browserbased on Firefox:CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code.CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code.CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated.CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code.CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code.CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code.CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code.For the oldstable distribution (lenny), this problem has been fixed inversion 1.9.0.19-12 of the xulrunner source package.For the stable distribution (squeeze), this problem has been fixed inversion 3.5.16-9.For the unstable distribution (sid), this problem has been fixed inversion 3.5.19-3For the experimental distribution, this problem has been fixed inversion 5.0-1.- -------------------------------------------------------------------------Debian Security Advisory DSA-2266-2 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 01, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : php5Vulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2010-2531 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1153 CVE-2011-1466 CVE-2011-1471 CVE-2011-2202 The update for CVE-2010-2531 for the old stabledistribution (lenny)introduced a regression, which lead to additional output being writtento stdout. For the oldstable distribution (lenny), this problem has been fixed inversion 5.2.6.dfsg.1-1+lenny13.- -------------------------------------------------------------------------Debian Security Advisory DSA-2269-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 01, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : iceapeVulnerability : severalProblem type : remoteDebian-specific: noCVE ID : CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 Several vulnerabilities have been found in the Iceape internet suite, anunbranded version of Seamonkey:CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code.CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code.CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated.CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code.CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code.CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code.CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code.The oldstable distribution (lenny) is not affected. The iceapepackage only provides the XPCOM code.For the stable distribution (squeeze), this problem has been fixed inversion 2.0.11-6.For the unstable distribution (sid), this problem has been fixed inversion 2.0.14-3.- -------------------------------------------------------------------------Debian Security Advisory DSA-2270-1 security@debian.orghttp://www.debian.org/security/ Moritz MuehlenhoffJuly 01, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : qemu-kvmVulnerability : programming errorProblem type : localDebian-specific: noCVE ID : CVE-2011-2512 Debian Bug : 631975It was discovered that incorrect sanitising of virtio queue commands in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code.The oldstable distribution (lenny) is not affected by this problem.For the stable distribution (squeeze), this problem has been fixed inversion 0.12.5+dfsg-5+squeeze4.For the unstable distribution (sid), this problem has been fixed inversion 0.14.1+dfsg-2.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2271-1 security@debian.orghttp://www.debian.org/security/ Giuseppe IuculanoJuly 02, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : curlVulnerability : improper delegation of client credentialsProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2192 Debian Bug : #631615Richard Silverman discovered that when doing GSSAPI authentication, libcurlunconditionally performs credential delegation. This hands the server a copy ofthe client's security credentials, allowing the server to impersonate theclient to any other using the same GSSAPI mechanism.This is obviously a very sensitive operation, which should only be done whenthe user explicitly so directs.For the oldstable distribution (lenny), this problem has been fixed inversion 7.18.2-8lenny5.For the stable distribution (squeeze), this problem has been fixed inversion 7.21.0-2.For the testing distribution (wheezy), this problem has been fixed inversion 7.21.6-2.For the unstable distribution (sid), this problem has been fixed inversion 7.21.6-2.

Link to post
Share on other sites
sunrat

- -------------------------------------------------------------------------Debian Security Advisory DSA-2272-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerJuly 05, 2011 http://www.debian.org/security/faq- -------------------------------------------------------------------------Package : bind9Vulnerability : denial of serviceProblem type : remoteDebian-specific: noCVE ID : CVE-2011-2464It was discovered that BIND, a DNS server, does not correctly processcertain UPDATE requests, resulting in a server crash and a denial ofservice. This vulnerability affects BIND installations even if theydo not actually use dynamic DNS updates.For the oldstable distribution (lenny), this problem has been fixed inversion 1:9.6.ESV.R4+dfsg-0+lenny3.For the stable distribution (squeeze), this problem has been fixed inversion 1:9.7.3.dfsg-1~squeeze3.The testing distribution (wheezy) and the unstable distribution (sid)will be fixed later.

Link to post
Share on other sites

×
×
  • Create New...