Articles / Debian

All articles tagged with Debian

July 09, 2011 15:30 Debian: Security update for Subversion

0

Several vulnerabilities were discovered in Subversion, the version control system. The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. The mod_dav_svn Apache HTTPD server module can trigger a loop which consumes all available memory on the system. The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users. Updated packages are available from security.debian.org.

July 01, 2011 08:44 Debian: Security update for citadel

0

Wouter Coekaerts discovered that the jabber server component of citadel, a complete and feature-rich groupware server, is vulnerable to the so-called “billion laughs” attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it. Updated packages are available from security.debian.org. Updated packages are available from security.debian.org.

July 01, 2011 08:43 Debian: Security update for jabberd14

0

Wouter Coekaerts discovered that jabberd14, an instant messaging server using the Jabber/XMPP protocol, is vulnerable to the so-called “billion laughs” attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it. Updated packages are available from security.debian.org.

July 01, 2011 08:42 Debian: Security update for ejabberd

0

Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called “billion laughs” attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it. Updated packages are available from security.debian.org.

July 01, 2011 08:41 Debian: Security update for Rails

0

Several vulnerabilities have been discovered in Rails, the Ruby web application framework. Multiple cross-site scripting (XSS) vulnerabilities when JavaScript encoding is used, allow remote attackers to inject arbitrary web script or HTML. Rails does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks. Updated packages are available from security.debian.org.

June 29, 2011 05:33 Debian: Security update for Mahara

0

Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder. It was discovered that previous versions of Mahara did not check user credentials before adding a secret URL to a view or suspending a user. Due to a misconfiguration of the Pieform package in Mahara, the cross-site request forgery protection mechanism that Mahara relies on to harden its form was not working and was essentially disabled. Many of the JSON structures returned by Mahara for its AJAX interactions included more information than what ought to be disclosed to the logged in user. New versions of Mahara limit this information to what is necessary for each page.

Previous versions of Mahara did not escape the contents of HTML emails sent to users. Depending on the filters enabled in one’s mail reader, it could lead to cross-site scripting attacks. It has been pointed out to us that if Mahara is configured (through its wwwroot variable) to use HTTPS, it will happily let users login via the HTTP version of the site if the web server is configured to serve content over both protocol. Updated packages are available from security.debian.org.

June 28, 2011 05:28 Debian: Security update for Chromium

0

Several vulnerabilities were discovered in the Chromium browser. A use-after-free vulnerability in the frame-loader implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. A use-after-free vulnerability in the HTMLCollection implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. A use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.

Race condition in the sandbox launcher implementation in Google Chrome on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a “stale pointer.” Google Chrome does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Updated packages are available from security.debian.org.

June 28, 2011 05:27 Debian: Security update for bind9

0

It was discovered that BIND, an implementation of the DNS protocol, does not correctly process certain large RRSIG record sets in DNSSEC responses. The resulting assertion failure causes the name server process to crash, making name resolution unavailable. In addition, this update fixes handling of certain signed/unsigned zone combinations when a DLV service is used. Previously, data from certain affected zones could become unavailable from the resolver. Updated packages are available from security.debian.org.

June 28, 2011 05:26 Debian: Security update for Unbound

0

It was discovered that Unbound, a caching DNS resolver, ceases to provide answers for zones signed using DNSSEC after it has processed a crafted query. In addition, this update improves the level of DNSSEC support in the lenny version of Unbound so that it is possible for system administrators to configure the trust anchor for the root zone. Updated packages are available from security.debian.org.

June 27, 2011 09:26 Debian: Security update for linux-2.6

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service (kernel panic). Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory.

Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR). Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video chips. Local users could pass arbitrary values to video memory and the graphics translation table, resulting in denial of service or escalated privileges. On default Debian installations, this is exploitable only by members of the ‘video’ group. Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory.

Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service (kernel Oops). Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory. Neil Horman discovered a memory leak in the setacl() call on NFSv4 filesystems. Local users can explot this to cause a denial of service (Oops).

Peter Huewe reported an issue in the support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory. Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition. Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory.

Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware.

Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges. Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to cause a denial of service.

Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in the networking subsystem. If an interface has GRO enabled and is running in promiscuous mode, remote users can cause a denial of service (NULL pointer dereference) by sending packets on an unknown VLAN. Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service by providing specially crafted facilities fields.

Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges by specially crafted ioctl calls. Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges and ready arbitrary kernel memory by using specially crafted ioctl calls. Jeff Layton reported an issue in the Common Internet File System (CIFS). Local users can bypass authentication requirements for shares that are already mounted by another user.

Robert Swiecki reported a signednes issue in the next_pidmap() function, which can be exploited my local users to cause a denial of service. Dave Jones reported an issue in the Broadcast Manager Controller Area Network (CAN/BCM) protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. Vasiliy Kulikov reported an issue in the support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl.

Vasiliy Kulikov reported an issue in the support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. Dan Rosenberg reported an issue in the support for executing “old ABI” binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call.

Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialization. Dan Rosenberg reported an issue in the Datagram Congestion Control Protocol (DCCP). Remote users can cause a denial of service or potentially obtain access to sensitive kernel memory. Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table.

Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. Updated packages are available from security.debian.org.

June 27, 2011 09:25 Debian: Security update for qemu-kvm

0

Nelson Elhage discovered that incorrect memory handling during the removal of ISA devices in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code. Updated packages are available from security.debian.org.

June 26, 2011 13:01 Debian: Security update for libmojolicious-perl

0

Several vulnerabilities have been discovered Mojolicious, a Perl Web Application Framework. The link_to helper was affected by cross-site scripting and implementation errors in the MD5 HMAC and CGI environment handling have been corrected. Updated packages are available from security.debian.org.

June 26, 2011 12:52 Debian: Security update for Vino

0

Kevin Chen discovered that incorrect processing of framebuffer requests in the Vino VNC server could lead to denial of service. Updated packages are available from security.debian.org.

June 21, 2011 14:07 Debian: Security update for apr

0

A flaw was found in the APR library, which could be exploited through Apache HTTPD’s mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Updated packages are available from security.debian.org.

May 19, 2011 20:31 Debian: Security update for exim4

0

It was discovered that Exim, Debian’s default mail transfer agent, is vulnerable to command injection attacks in its DKIM processing code, leading to arbitrary code execution. Updated packages are available from security.debian.org.

May 19, 2011 20:21 Debian: Security update for Icedove

0

Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. Several memory corruption bugs have been discovered, which may lead to the execution of arbitrary code. “regenrecht” discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. Paul Stone discovered that Java applets could steal information from the autocompletion history. Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. Updated packages are available from security.debian.org.

May 19, 2011 20:18 Debian: Security update for zodb

0

Several remote vulnerabilities have been discovered in python-zodb, a set of tools for using ZODB, that could lead to arbitrary code execution in the worst case. The ZEO server doesn’t restrict the callables when unpickling data received from a malicious client which can be used by an attacker to execute arbitrary python code on the server by sending certain exception pickles. This also allows an attacker to import any importable module as ZEO is importing the module containing a callable specified in a pickle to test for a certain flag. Due to a programming error an authorization method in the StorageServer component of ZEO was not used as an internal method. This allows a malicious client to bypass authentication when connecting to a ZEO server by simply calling this authorization method. Updated packages are available from security.debian.org.

May 19, 2011 20:10 Debian: Security update for Postfix

0

Several vulnerabilities were discovered in Postfix, a mail transfer agent. The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. The STARTTLS implementation does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place. A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request. Updated packages are available from security.debian.org.

May 19, 2011 14:39 Debian: Security update for exim4

0

It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code. Updated packages are available from security.debian.org.

May 19, 2011 14:38 Debian: Security update for otrs2

0

Multiple cross-site scripting vulnerabilities were discovered in Open Ticket Request System (OTRS), a trouble-ticket system. Updated packages are available from security.debian.org.

May 04, 2011 09:53 Debian: Security update for qemu-kvm

0

Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware. Setting the VNC password to an empty string silently disabled all authentication. The virtio-blk driver performed insufficient validation of read/write I/O from the guest instance, which could lead to denial of service or privilege escalation. Updated packages are available from security.debian.org.

May 04, 2011 09:50 Debian: Security update for spip

0

A vulnerability has been found in SPIP, a website engine for publishing, which allows a malicious registered author to disconnect the website from its database, resulting in denial of service. Updated packages are available from security.debian.org.

May 04, 2011 09:42 Debian: Security update for Iceweasel

0

Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox. Several memory corruption bugs may lead to the execution of arbitrary code. “regenrecht” discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. Paul Stone discovered that Java applets could steal information from the autocompletion history. Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. Updated packages are available from security.debian.org.

April 27, 2011 04:48 Debian: Security update for libmodplug

0

M. Lucinskij and P. Tumenas discovered a buffer overflow in the code for processing S3M tracker files in the Modplug tracker music library, which may result in the execution of arbitrary code. Updated packages are available from security.debian.org.

April 27, 2011 04:47 Debian: Security update for asterisk

0

Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit. Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service of the execution of arbitrary code. Blake Cornell discovered that incorrect connection handling in the manager interface may lead to denial of service. Blake Cornell and Chris May discovered that incorrect TCP connection handling may lead to denial of service. Tzafrir Cohen discovered that insufficient limitation of connection requests in several TCP based services may lead to denial of service. Matthew Nicholson discovered a privilege escalation vulnerability in the manager interface. Updated packages are available from security.debian.org.

April 27, 2011 04:38 Debian: Security update for OpenJDK

0

Several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform. The JNLP SecurityManager returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. Malicious applets can perform DNS cache poisoning.

An empty (but set) LD_LIBRARY_PATH environment variable results in a misconstructed library search path, resulting in code execution from possibly untrusted sources. Malicious applets can extend their privileges by abusing Swing timers. The Hotspot just-in-time compiler miscompiles crafted byte sequences, resulting in heap corruption. JAXP can be exploited by untrusted code to elevate privileges. Java2D can be exploited by untrusted code to elevate privileges. Untrusted code can replace the XML DSIG implementation.

Signatures on JAR files are not properly verified, which allows remote attackers to trick users into executing code that appears to come from a trusted source. The JNLPClassLoader class allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of “an inappropriate security descriptor. Updated packages are available from security.debian.org.

April 27, 2011 04:36 Debian: Security update for Doctrine

0

It was discovered that Doctrine, a PHP library for implementing object persistence, contains SQL injection vulnerabilities. The exact impact depends on the application which uses the Doctrine library. Updated packages are available from security.debian.org.

April 20, 2011 08:29 Debian: Security update for Mojolicious

0

Viacheslav Tykhanovskyi discovered a directory traversal vulnerability in Mojolicious, a Perl Web Application Framework. Updated packages are available from security.debian.org.

April 20, 2011 08:25 Debian: Security update for Request Tracker

0

Several vulnerabilities were in Request Tracker, an issue tracking system. If the external custom field feature is enabled, Request Tracker allows authenticated users to execute arbitrary code with the permissions of the web server, possible triggered by a cross-site request forgery attack. Multiple SQL injection attacks allow authenticated users to obtain data from the database in an unauthorized way. An information leak allows an authenticated privileged user to obtain sensitive information, such as encrypted passwords, via the search interface. When running under certain web servers (such as Lighttpd), Request Tracker is vulnerable to a directory traversal attack, allowing attackers to read any files accessible to the web server. Request Tracker contains multiple cross-site scripting vulnerabilities. Request Tracker enables attackers to redirect authentication credentials supplied by legitimate users to third-party servers. Updated packages are available from security.debian.org.

April 13, 2011 10:17 Debian: Security update for vlc

0

Aliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially crafted MP4 file and possibly execute arbitrary code or crash the media player. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.