Articles / Debian

RSS All articles tagged with Debian

October 12, 2011 05:55 Debian: Security update for Icedove

0

Mariusz Mlynski discovered that websites could open a download dialog - which has “open” as the default action -, while a user presses the ENTER key. Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. Ian Graham discovered that multiple Location headers might lead to CRLF injection. Updated packages are available from security.debian.org.

October 10, 2011 09:46 Debian: Security update for Quagga

0

Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon. A stack-based buffer overflow while decoding Link State Update packets with a malformed Inter Area Prefix LSA can cause the ospf6d process to crash or (potentially) execute arbitrary code. The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. The ospfd process can crash while processing a crafted Hello packet. The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. A heap-based buffer overflow while processing BGP UPDATE messages containing an Extended Communities path attribute can cause the bgpd process to crash or (potentially) execute arbitrary code. Updated packages are available from security.debian.org.

October 10, 2011 09:45 Debian: Security update for OpenOffice.org

0

Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word (doc) file format importer of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office. Updated packages are available from security.debian.org.

October 08, 2011 08:09 Debian: Security update for Puppet

0

Multiple security issues have been discovered in puppet, a centralized configuration management system. Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X.509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. Ricky Zhou discovered a potential local privilege escalation in the ssh_authorized_keys resource and theoretically in the Solaris and AIX providers, where file ownership was given away before it was written, leading to a possibility for a user to overwrite arbitrary files as root, if their authorized_keys file was managed. A predictable file name in the k5login type leads to the possibility of symlink attacks which would allow the owner of the home directory to symlink to anything on the system, and have it replaced with the “correct” content of the file, which can lead to a privilege escalation on puppet runs.

A potential local privilege escalation was found in the –edit mode of ‘puppet resource’ due to a persistant, predictable file name, which can result in editing an arbitrary target file, and thus be be tricked into running that arbitrary file as the invoking user. This command is most commonly run as root, this leads to a potential privilege escalation. Updated packages are available from security.debian.org.

October 06, 2011 06:49 Debian: Security update for Iceweasel

0

Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox. Mariusz Mlynski discovered that websites could open a download dialog - which has “open” as the default action -, while a user presses the ENTER key. Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code.

Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. Ian Graham discovered that multiple Location headers might lead to CRLF injection.

Updated packages are available from security.debian.org.

October 06, 2011 06:46 Debian: Security update for Iceape

0

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. Mariusz Mlynski discovered that websites could open a download dialog - which has “open” as the default action -, while a user presses the ENTER key. Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code.

Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. Ian Graham discovered that multiple Location headers might lead to CRLF injection. Updated packages are available from security.debian.org.

September 28, 2011 07:16 Debian: Security update for OpenJDK

0

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.

Untrusted code (including applets) could access information about network interfaces which was not intended to be public. A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine. Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.

Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. Updated packages are available from security.debian.org.

September 28, 2011 07:12 Debian: Security update for Linux

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system’s USB ports could obtain elevated privileges using a specially crafted USB device. Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system’s USB ports could obtain elevated privileges using a specially crafted USB device. Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.

Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the alpha architecture. Local users could obtain access to sensitive kernel memory. Dan Rosenberg discovered an issue in the osf_wait4() system call on the alpha architecture permitting local users to gain elevated privileges. Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop.

Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (cpu time and memory). Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.

Vasiliy Kulikov of Openwall discovered that the io file of a process’ proc directory was world-readable, resulting in local information disclosure of information such as password lengths. Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert. Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.

Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message. Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.

Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service. Updated packages are available from security.debian.org.

September 20, 2011 07:26 Debian: Security update for vsftpd

0

Two security issue have been discovered that affect vsftpd, a lightweight, efficient FTP server written for security. It was discovered that Linux kernels < 2.6.35 are considerably slower in releasing than in the creation of network namespaces. As a result of this and because vsftpd is using this feature as a security enhancement to provide network isolation for connections, it is possible to cause denial of service conditions due to excessive memory allocations by the kernel. Maksymilian Arciemowicz discovered that vsftpd is incorrectly handling certain glob expressions in STAT commands. This allows a remote authenticated attacker to conduct denial of service attacks (excessive CPU and process slot exhaustion) via crafted STAT commands. Updated packages are available from security.debian.org.

September 19, 2011 05:58 Debian: Security update for OpenSSL

0

Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar’s signing certificates can no longer be trusted. Additionally, a vulnerability has been found in the ECDHE_ECDS cipher where timing attacks make it easier to determine private keys. Updated packages are available from security.debian.org.

September 18, 2011 13:35 Debian: Security update for mantis

0

Several vulnerabilities were found in Mantis, a web-based bug tracking system: Insufficient input validation could result in local file inclusion and cross-site scripting. Updated packages are available from security.debian.org.

September 18, 2011 13:24 Debian: Security update for Squid

0

Ben Hawkes discovered that squid3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing gopher server replies. An attacker can exploit this flaw by connecting to a gopher server that returns lines longer than 4096 bytes. This may result in denial of service conditions (daemon crash) or the possibly the execution of arbitrary code with rights of the squid daemon. Updated packages are available from security.debian.org.

September 18, 2011 13:23 Debian: Security update for Chromium

0

Several vulnerabilities were discovered in the Chromium browser. A use-after-free vulnerability allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering. Google Chrome allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site. Google Chrome does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a “stale pointer.” Updated packages are available from security.debian.org.

September 18, 2011 13:21 Debian: Security update for ffmpeg

0

Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. FFmpeg allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. The Vorbis decoder allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. Multiple buffer overflows in the Vorbis decoder allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for the channel floor and the channel residue. FFmpeg allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. Updated packages are available from security.debian.org.

September 11, 2011 14:20 Debian: Security update for Linux

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service. Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (cpu time and memory).

Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. Vasiliy Kulikov of Openwall discovered that the io file of a process’ proc directory was world-readable, resulting in local information disclosure of information such as password lengths.

Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert. Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service.

Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message. Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges. Brent Meshier reported an issue in the GRO (generic receive offload) implementation. This can be exploited by remote users to create a denial of service (system crash) in certain network device configurations.

Christian Ohm discovered that the ‘perf’ analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running ‘perf’ in a directory under the control of the attacker. Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory. Vince Weaver discovered that incorrect handling of software event overflows in the ‘perf’ analysis tool could lead to local denial of service.

Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.

Updated packages are available from security.debian.org.

September 10, 2011 10:53 Debian: Security update for bcfg2

0

It has been discovered that the bcfg2 server, a configuration management server for bcfg2 clients, is not properly sanitizing input from bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a bcfg2 client to execute arbitrary commands on the server with root privileges. Updated packages are available from security.debian.org.

September 09, 2011 13:41 Debian: Security update for Rails

0

Several vulnerabilities have been discovered in Rails, the Ruby web application framework. A cross-site scripting (XSS) vulnerability had been found in the strip_tags function. An attacker may inject non-printable characters that certain browsers will then evaluate. A SQL injection vulnerability had been found in the quote_table_name method could allow malicious users to inject arbitrary SQL into a query. A cross-site scripting (XSS) vulnerability had been found in the strip_tags helper. An parsing error can be exploited by an attacker, who can confuse the parser and may inject HTML tags into the output document.

A newline (CRLF) injection vulnerability had been found in response.rb. This vulnerability allows an attacker to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header. Updated packages are available from security.debian.org.

September 06, 2011 09:32 Debian: Security update for nss

0

Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS crypto libraries. Updated packages are available from security.debian.org.

September 06, 2011 09:31 Debian: Security update for ca-certificates

0

An unauthorized SSL certificate has been found in the wild issued the DigiNotar Certificate Authority, obtained through a security compromise with said company. Updated packages are available from security.debian.org.

September 06, 2011 09:28 Debian: Security update for apache2

0

Two issues have been found in the Apache HTTPD web server: A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. Updated packages are available from security.debian.org.

August 28, 2011 07:39 Debian: Security update for icedove

0

Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. “regenrecht” discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. “regenrecht” discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code. “moz_bug_r_a_4” discovered a Chrome privilege escalation vulnerability in the event handler code. Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.

“shutdown” discovered an information leak in the handling of RegExp.input. “moz_bug_r_a4” discovered a Chrome privilege escalation vulnerability. Updated packages are available from security.debian.org.

August 26, 2011 11:40 Debian: Security update for Iceweasel

0

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. “regenrecht” discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. “regenrecht” discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code. ”moz_bug_r_a_4” discovered a Chrome privilege escalation vulnerability in the event handler code.

Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. “shutdown” discovered an information leak in the handling of RegExp.input. ”moz_bug_r_a4” discovered a Chrome privilege escalation vulnerability. Updated packages are available from security.debian.org.

August 26, 2011 11:37 Debian: Security update for iceape

0

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. “regenrecht” discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. “regenrecht” discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code. ”moz_bug_r_a_4” discovered a Chrome privilege escalation vulnerability in the event handler code.

Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. “shutdown” discovered an information leak in the handling of RegExp.input. ”moz_bug_r_a4” discovered a Chrome privilege escalation vulnerability.

Updated packages are available from security.debian.org.

August 19, 2011 09:07 Debian: Security update for freetype

0

It was discovered that insufficient input saniting in Freetype’s code to parse Type1 could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

August 18, 2011 12:48 Debian: Security update for libxfont

0

Tomas Hoger found a buffer overflow in the X.Org libXfont library, which may allow for a local privilege escalation through crafted font files. Updated packages are available from security.debian.org.

August 16, 2011 07:57 Debian: Security update for squirrelmail

0

Various vulnerabilities have been found in SquirrelMail, a webmail application. SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Multiple small bugs in SquirrelMail allowed an attacker to inject malicious script into various pages or alter the contents of user preferences. It was possible to inject arbitrary web script or HTML via a crafted STYLE element in an HTML part of an e-mail message. Updated packages are available from security.debian.org.

August 16, 2011 07:56 Debian: Security update for samba

0

The Samba Web Administration Tool (SWAT) contains several cross-site request forgery (CSRF) vulnerabilities and a cross-site scripting vulnerability. Updated packages are available from security.debian.org.

August 14, 2011 07:36 Debian: Security update for libsndfile

0

Hossein Lotfi discovered an integer overflow in libsndfile’s code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

August 13, 2011 12:45 Debian: Security update for libpng

0

The PNG library libpng has been affected by several vulnerabilities. Using one vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image. The other vulnerabilities are less critical and allow an attacker to cause a crash in the program (denial of service) via a crafted PNG image. Updated packages are available from security.debian.org.

August 12, 2011 08:40 Debian: Security update for phpmyadmin

0

Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. A possible session manipulation in Swekey authentication, a possible code injection in setup script, in case session variables are compromised, a regular expression quoting issue in Synchronize code, a possible directory traversal in MIME-type transformation, a cross site scripting in table Print view when the attacker can create crafted table names, and a possible superglobal and local variables manipulation in Swekey authentication have all been fixed. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

Fotoxx

A photo editing and collection management application.

Screenshot

Project Spotlight

Alaya Webdav Server

A simple WebDAV 1.0 server.