Articles / Debian

All articles tagged with Debian

November 24, 2011 11:03 Debian: Security update for SPIP

0

Two vulnerabilities have been found in SPIP, a website engine for publishing, which allow privilege escalation to site administrator privileges and cross-site scripting. Updated packages are available from security.debian.org.

November 21, 2011 10:06 Debian: Security update for bind9

0

It was discovered that BIND, a DNS server, crashes while processing certain sequences of recursive DNS queries, leading to a denial of service. Authoritative-only server configurations are not affected by this issue. Updated packages are available from security.debian.org.

November 19, 2011 08:11 Debian: Security update for ProFTPD

0

Several vulnerabilities were discovered in ProFTPD, an FTP server. ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS. ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. Updated packages are available from security.debian.org.

November 19, 2011 08:00 Debian: Security update for Icedove

0

Several vulnerabilities have been discovered in Icedove, a mail client based on Thunderbird. The JSSubScriptLoader does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. Iceweasel does not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. Updated packages are available from security.debian.org.

November 19, 2011 07:54 Debian: Security update for Piston

0

It was discovered that the Piston framework can deserializes untrusted YAML and Pickle data, leading to remote code execution. Updated packages are available from security.debian.org.

November 15, 2011 07:25 Debian: Security update for OpenSSL

0

Several weak certificates were issued by Malaysian intermediate CA “Digicert Sdn. Bhd.” This event, along with other issues, has lead to Entrust Inc. and Verizon Cybertrust to revoke the CA’s cross-signed certificates. This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this decision by marking Digicert Sdn. Bhd.’s certificates as revoked. Updated packages are available from security.debian.org.

November 15, 2011 07:23 Debian: Security update for Iceape

0

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. “moz_bug_r_a4” discovered a privilege escalation vulnerability in addon handling. Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. Updated packages are available from security.debian.org.

November 15, 2011 07:21 Debian: Security update for Iceweasel

0

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. “moz_bug_r_a4” discovered a privilege escalation vulnerability in addon handling. Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. Updated packages are available from security.debian.org.

November 11, 2011 18:36 Debian: Security update for PostgreSQL

0

magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents. Updated packages are available from security.debian.org.

November 09, 2011 10:42 Debian: Security update for ffmpeg

0

Multiple vulnerabilities were found in the ffmpeg, a multimedia player, server and encoder. An integer signedness error in decode_residual_block function of the Chinese AVS video (CAVS) decoder in libavcodec can lead to denial of service (memory corruption and application crash) or possible code execution via a crafted CAVS file. Multiple errors in the Chinese AVS video (CAVS) decoder can lead to denial of service (memory corruption and application crash) via an invalid bitstream. A memory allocation problem in the Matroska format decoder can lead to code execution via a crafted file. Updated packages are available from security.debian.org.

November 09, 2011 10:40 Debian: Security update for NSS

0

This update to the NSS cryptographic libraries revokes the trust in the “DigiCert Sdn. Bhd” certificate authority. Updated packages are available from security.debian.org.

November 09, 2011 10:39 Debian: Security update for Moodle

0

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning. Updated packages are available from security.debian.org.

November 09, 2011 10:37 Debian: Security update for Xen

0

Several vulnerabilities were discovered in the Xen virtual machine hypervisor. A 64-bit guest can get one of its vCPU’ss into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image. When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS can users to gain host OS privileges by writing to the interrupt injection registers. Updated packages are available from security.debian.org.

November 09, 2011 10:36 Debian: Security update for man2html

0

Tim Starling discovered that the Debian-native CGI wrapper for man2html, a program to convert UNIX man pages to HTML, is not properly escaping user-supplied input when displaying various error messages. A remote attacker can exploit this flaw to conduct cross-site scripting (XSS) attacks. Updated packages are available from security.debian.org.

November 09, 2011 10:35 Debian: Security update for Mahara

0

Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder. Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. Richard Mansfield discovered that insufficient upload restrictions allowed denial of service. Richard Mansfield that the management of institutions was prone to cross-site request forgery. Andrew Nichols discovered a privilege escalation vulnerability in MNet handling. Updated packages are available from security.debian.org.

November 03, 2011 08:07 Debian: Security update for phpldapadmin

0

Two vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers. Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Input passed to the “orderby” parameter in cmd.php is not properly sanitised before being used in a create_function() function call. This can be exploited to inject and execute arbitrary PHP code. Updated packages are available from security.debian.org.

November 03, 2011 08:06 Debian: Security update for Django

0

Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework. When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session. Django’s field type URLfield by default checks supplied URL’s by issuing a request to it, which doesn’t time out. A Denial of Service is possible by supplying specially prepared URL’s that keep the connection open indefinately or fill the Django’s server memory. Django used X-Forwarded-Host headers to construct full URL’s. This header may not contain trusted input and could be used to poison the cache.

The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests.

Updated packages are available from security.debian.org.

November 03, 2011 08:01 Debian: Security update for Tor

0

It has been discovered that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. Updated packages are available from security.debian.org.

November 03, 2011 06:46 Debian: Security update for radvd

0

Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon. The set_interface_var() function doesn’t check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local access, or specific files overwrites otherwise. The process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. The process_rs() function calls mdelay() unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed. An attacker could flood the daemon with router solicitations in order to fill the input queue, causing a temporary denial of service. Updated packages are available from security.debian.org.

November 01, 2011 06:12 Debian: Security update for simpleSAMLphp

0

Issues were found in the handling of XML encryption in simpleSAMLphp, an application for federated authentication. It may be possible to use an SP as an oracle to decrypt encrypted messages sent to that SP. It may be possible to use the SP as a key oracle which can be used to forge messages from that SP by issuing 300000-2000000 queries to the SP. Updated packages are available from security.debian.org.

November 01, 2011 06:11 Debian: Security update for torque

0

Bartlomiej Balcerek discovered several buffer overflows in torque server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names. Updated packages are available from security.debian.org.

October 28, 2011 09:23 Debian: Security update for freetype

0

It was discovered that missing input sanitising in Freetype’s glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code. Updated packages are available from security.debian.org.

October 28, 2011 09:22 Debian: Security update for libfcgi-perl

0

Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing FastCGI applications, is incorrectly restoring environment variables of a prior request in subsequent requests. In some cases this may lead to authentication bypasses or worse. Updated packages are available from security.debian.org.

October 28, 2011 09:18 Debian: Security update for PAM

0

Kees Cook of the ChromeOS security team discovered a buffer overflow in pam_env, a PAM module to set environment variables through the PAM stack, which allowed the execution of arbitrary code. An additional issue in argument parsing allows denial of service. Updated packages are available from security.debian.org.

October 26, 2011 09:22 Debian: Security update for kfreebsd-8

0

A buffer overflow in the “linux emulation” support in FreeBSD kernel allows local users to cause a denial of service (panic) and possibly execute arbitrary code by calling the bind system call with a long path for a UNIX-domain socket, which is not properly handled when the address is used by other unspecified system calls. Updated packages are available from security.debian.org.

October 26, 2011 09:19 Debian: Security update for Wireshark

0

The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code. Updated packages are available from security.debian.org.

October 14, 2011 06:46 Debian: Security update for Bugzilla

0

Several vulnerabilities were discovered in Bugzilla, a web-based bug tracking system. By inserting particular strings into certain URLs, it was possible to inject both headers and content to any browser. Bugzilla has a “URL” field that can contain several types of URL, including “javascript:” and “data:” URLs. However, it does not make “javascript:” and “data:” URLs into clickable links, to protect against cross-site scripting attacks or other attacks. It was possible to bypass this protection by adding spaces into the URL in places that Bugzilla did not expect them. It was possible for a user to gain unauthorized access to any Bugzilla account in a very short amount of time (short enough that the attack is highly effective).

Various pages were vulnerable to Cross-Site Request Forgery attacks. Most of these issues are not as serious as previous CSRF vulnerabilities. When a user changes his email address, Bugzilla trusts a user-modifiable field for obtaining the current e-mail address to send a confirmation message to. If an attacker has access to the session of another user (for example, if that user left their browser window open in a public place), the attacker could alter this field to cause the email-change notification to go to their own address. For flagmails only, attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications when an attachment flag is edited.

Bugzilla uses an alternate host for attachments when viewing them in raw format to prevent cross-site scripting attacks. This alternate host is now also used when viewing patches in “Raw Unified” mode because Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing, which could lead to the execution of malicious code. Normally, a group name is confidential and is only visible to members of the group, and to non-members if the group is used in bugs. By crafting the URL when creating or editing a bug, it was possible to guess if a group existed or not, even for groups which weren’t used in bugs and so which were supposed to remain confidential.

Updated packages are available from security.debian.org.

October 14, 2011 06:45 Debian: Security update for Moin

0

A cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki. Updated packages are available from security.debian.org.

October 14, 2011 06:44 Debian: Security update for PolicyKit

0

Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec. Updated packages are available from security.debian.org.

October 14, 2011 06:39 Debian: Security update for cyrus-imapd

0

Multiple security issues have been discovered in cyrus-imapd, a highly scalable mail system designed for use in enterprise environments. Coverity discovered a stack-based buffer overflow in the NNTP server implementation (nttpd) of cyrus-imapd. An attacker can exploit this flaw via several crafted NNTP commands to execute arbitrary code. Stefan Cornelius of Secunia Research discovered that the command processing of the NNTP server implementation (nttpd) of cyrus-imapd is not properly implementing access restrictions for certain commands and is not checking for a complete, successful authentication. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.