Articles / Debian

All articles tagged with Debian

August 10, 2011 05:19 Debian: Security update for mapserver

0

Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. Several instances of insufficient escaping of user input, leading to SQL injection attacks via OGC filter encoding (in WMS, WFS, and SOS filters). Missing length checks in the processing of OGC filter encoding that can lead to stack-based buffer overflows and the execution of arbitrary code. Updated packages are available from security.debian.org.

August 10, 2011 05:17 Debian: Security update for Shibboleth

0

Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks. Updated packages are available from security.debian.org.

August 10, 2011 05:15 Debian: Security update for krb5-appl

0

Tim Zingelmann discovered that due an incorrect configure script the kerborised FTP server failed to set the effective GID correctly, resulting in privilege escalation. Updated packages are available from security.debian.org.

August 09, 2011 20:33 Debian: Security update for qemu-kvm

0

Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware. Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation. Updated packages are available from security.debian.org.

August 06, 2011 15:13 Debian: Security update for horde3

0

It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery. Updated packages are available from security.debian.org.

August 04, 2011 11:15 Debian: Security update for xml-security-c

0

It has been discovered that xml-security-c, an implementation of the XML Digital Signature and Encryption specifications, is not properly handling RSA keys of sizes on the order of 8192 or more bits. This allows an attacker to crash applications using this functionality or potentially execute arbitrary code by tricking an application into verifying a signature created with a sufficiently long RSA key. Updated packages are available from security.debian.org.

August 04, 2011 11:12 Debian: Security update for asterisk

0

Paul Belanger reported a vulnerability in Asterisk through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures. Jared Mauch reported a vulnerability in Asterisk through which an unauthenticated attacker may crash an Asterisk server remotely. If a user sends a package with a Contact header with a missing left angle bracket (<) the server will crash. Another vulnerability was reported about an input validation error in the IAX2 channel driver. An unauthenticated attacker may crash an Asterisk server remotely by sending a crafted option control frame. Updated packages are available from security.debian.org.

August 03, 2011 08:13 Debian: Security update for OpenOffice.org

0

Will Dormann and Jared Allar discovered that the Lotus Word Pro import filter of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office, is not properly handling object ids in the “.lwp” file format. An attacker can exploit this with a specially crafted file and execute arbitrary code with the rights of the victim importing the file. Updated packages are available from security.debian.org.

August 03, 2011 08:12 Debian: Security update for Wireshark

0

Huzaifa Sidhpurwala, David Maciejak and others discovered several vulnerabilities in the X.509if and DICOM dissectors and in the code to process various capture and dictionary files, which could lead to denial of service or the execution of arbitrary code. Updated packages are available from security.debian.org.

August 03, 2011 08:10 Debian: Security update for Icedove

0

Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. “regenrecht” discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. “regenrecht” discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. David Chan discovered that cookies were insufficiently isolated. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. Several memory corruption bugs have been discovered, which may lead to the execution of arbitrary code. Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

August 02, 2011 08:50 Debian: Security update for curl

0

Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client’s security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a very sensitive operation, which should only be done when the user explicitly so directs. Updated packages are available from security.debian.org.

August 01, 2011 09:22 Debian: Security update for qemu-kvm

0

It was discovered that incorrect sanitising of virtio queue commands in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code. Updated packages are available from security.debian.org.

August 01, 2011 09:21 Debian: Security update for Iceape

0

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. “regenrecht” discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. “regenrecht” discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. David Chan discovered that cookies were insufficiently isolated. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. Several memory corruption bugs were discovered, which may lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

August 01, 2011 09:20 Debian: Security update for Iceweasel

0

Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox. “regenrecht” discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. “regenrecht” discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. David Chan discovered that cookies were insufficiently isolated. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. Memory corruption bugs were discovered, which may lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

August 01, 2011 09:14 Debian: Security update for Perl

0

It was discovered that Perl’s Safe module - a module to compile and execute code in restricted compartments - could by bypassed. Updated packages are available from security.debian.org.

August 01, 2011 09:12 Debian: Security update for PHP

0

Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code. An information leak was found in the var_export() function, the Zip module could crash, an integer overflow was discovered in the Exif module, an integer overflow was discovered in the Calendar module, the Zip module was prone to denial of service through malformed archives, and path names in form based file uploads (RFC 1867) were incorrectly validated. Updated packages are available from security.debian.org.

July 24, 2011 15:05 Debian: Security update for Linux

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. David Howells reported an issue in the Common Internet File System (CIFS). Local users could cause arbitrary CIFS shares to be mounted by introducing malicious redirects. Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. Dan Rosenberg reported an issue in the tty layer that may allow local users to obtain access to sensitive kernel memory.

Kees Cook discovered several issues in the ethtool interface which may allow local users with the CAP_NET_ADMIN capability to obtain access to sensitive kernel memory. Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service (kernel panic). Al Viro reported an issue in the /proc/<pid>/status interface on the s390 architecture. Local users could gain access to sensitive memory in processes they do not own via the task_show_regs entry.

Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory. Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR). Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service (panic) by adding a storage device with a malicious map_count value.

Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service (panic) by adding a storage device with a malicious map_count value. Timo Warns reported an issue in the Linux support for LDM partition tables. Users with physical access can gain access to sensitive kernel memory or gain elevated privileges by adding a storage device with a specially crafted LDM partition. Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory.

Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service (kernel Oops). Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory. Neil Horman discovered a memory leak in the setacl() call on NFSv4 filesystems. Local users can exploit this to cause a denial of service (Oops).

Johan Hovold reported an issue in the Datagram Congestion Control Protocol (DCCP) implementation. Remote users could cause a denial of service by sending data after closing a socket. Peter Huewe reported an issue in the Linux kernel’s support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory. Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition.

Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory.

Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware. Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges. Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information.

Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service by providing specially crafted facilities fields. Timo Warns reported an issue in the Linux support for GPT partition tables. Local users with physical access could cause a denial of service (Oops) by adding a storage device with a malicious partition table header.

Robert Swiecki reported a signednes issue in the next_pidmap() function, which can be exploited my local users to cause a denial of service. Dave Jones reported an issue in the Broadcast Manager Controller Area Network (CAN/BCM) protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl.

Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. Dan Rosenberg reported an issue in the support for executing “old ABI” binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call.

Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialization. Alexecy Dobriyan reported an issue in the IP tunnels implementation. Remote users can cause a denial of service by sending a packet during module initialization. Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table.

Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. Updated packages are available from security.debian.org.

July 24, 2011 15:04 Debian: Security update for MovableType

0

It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities: A remote attacker could execute arbitrary code in a logged-in users’ web browser. A remote attacker could read or modify the contents in the system under certain circumstances. Updated packages are available from security.debian.org.

July 24, 2011 15:01 Debian: Security update for Moodle

0

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning. Updated packages are available from security.debian.org.

July 23, 2011 11:47 Debian: Security update for Redmine

0

Joernchen of Phenoelit discovered several vulnerabilities in Redmine, a project management web application. Logged in users may be able to access private data. The Textile formatter allowed for cross site scripting, exposing sensitive data to an attacker. The Bazaar repository adapter could be used to remotely execute commands on the host running Redmine. Updated packages are available from security.debian.org.

July 22, 2011 14:58 Debian: Security update for Rails

0

Two vulnerabilities were discovered in Ruby on Rails, a web application framework. The cookie store may be vulnerability to a timing attack, potentially allowing remote attackers to forge message digests. A cross-site scripting vulnerability in the strip_tags function allows remote user-assisted attackers to inject arbitrary web script. Updated packages are available from security.debian.org.

July 22, 2011 14:55 Debian: Security update for fex

0

It was discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all, can bypass the authentication procedure. Updated packages are available from security.debian.org.

July 22, 2011 14:54 Debian: Security update for kolab-cyrus-imapd

0

It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place. Updated packages are available from security.debian.org.

July 21, 2011 15:44 Debian: Security update for vlc

0

Rocco Calvi discovered that the XSPF playlist parser of vlc, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file. Updated packages are available from security.debian.org.

July 20, 2011 11:51 Debian: Security update for tiff

0

Tavis Ormandy discovered that the Tag Image File Format (TIFF) library is vulnerable to a buffer overflow triggered by a crafted OJPEG file which allows for a crash and potentially execution of arbitrary code. Updated packages are available from security.debian.org.

July 19, 2011 17:41 Debian: Security update for libapache2-mod-authnz-external

0

It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user parameter. Updated packages are available from security.debian.org.

July 19, 2011 17:38 Debian: Security update for libvirt

0

It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow. Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe. Updated packages are available from security.debian.org.

July 09, 2011 15:35 Debian: Security update for OProfile

0

OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges. Updated packages are available from security.debian.org.

July 09, 2011 15:34 Debian: Security update for FontForge

0

Ulrik Persson reported a stack-based buffer overflow flaw in FontForge, a font editor. When processed a crafted Bitmap Distribution Format (BDF) FontForge could crash or execute arbitrary code with the privileges of the user running FontForge. Updated packages are available from security.debian.org.

July 09, 2011 15:33 Debian: Security update for Dovecot

0

It was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denial of service through malformed mail headers. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.