Articles / Debian

All articles tagged with Debian

January 16, 2013 08:18 Debian: Security update for Weechat

0

Two security issues have been discovered in Weechat a, fast, light and extensible chat client. X.509 certificates were incorrectly validated. The hook_process function in the plugin API allowed the execution of arbitrary shell commands.

Updated packages are available from security.debian.org.

January 16, 2013 08:17 Debian: Security update for rails

0

joernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to find_by_* methods. Depending on how the ruby on rails application is using these methods, this allows an attacker to perform SQL injection attacks, e.g., to bypass authentication if Authlogic is used and the session secret token is known.

Updated packages are available from security.debian.org.

January 14, 2013 08:58 Debian: Security update for Ghostscript

0

Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.

Updated packages are available from security.debian.org.

January 14, 2013 08:58 Debian: Security update for mediawiki-extensions

0

Thorsten Glaser discovered that the RSSReader extension for mediawiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the mediawiki pages.

Updated packages are available from security.debian.org.

January 14, 2013 08:57 Debian: Security update for Virtualbox

0

“halfdog” discovered that incorrect interrupt handling in Virtualbox, a x86 virtualization solution - can lead to denial of service.

Updated packages are available from security.debian.org.

January 14, 2013 08:55 Debian: Security update for moin

0

It was discovered that missing input validation in the twikidraw and anywikidraw actions can result in the execution of arbitrary code. This security issue is being actively exploited.

Updated packages are available from security.debian.org.

January 14, 2013 08:54 Debian: Security update for elinks

0

Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate. Updated packages are available from security.debian.org.

January 11, 2013 17:07 Debian: Security update for wireshark

0

Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code.

Updated packages are available from security.debian.org.

January 07, 2013 07:45 Debian: Security update for tiff

0

The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code.

Updated packages are available from security.debian.org.

January 07, 2013 07:44 Debian: Security update for Icedove

0

Multiple vulnerabilities have been found in Icedove, Debian’s version of the Mozilla Thunderbird mail and news client. The evalInSandbox implementation uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. The HZ-GB-2312 character-set implementation does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

Use-after-free vulnerability in the gfxFont::GetFontEntry function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. Multiple unspecified vulnerabilities in the browser engine could allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code.

Updated packages are available from security.debian.org.

January 04, 2013 07:50 Debian: Security update for libcgi-pm-perl

0

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.

Updated packages are available from security.debian.org.

January 04, 2013 07:48 Debian: Security update for bogofilter

0

A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution.

Updated packages are available from security.debian.org.

January 04, 2013 07:48 Debian: Security update for Perl

0

Two vulnerabilities were discovered in the implementation of the Perl programming language. The x operator could cause the Perl interpreter to crash if very long strings were created. The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers.

Updated packages are available from security.debian.org.

January 02, 2013 07:54 Debian: Security update for Iceweasel

0

Multiple vulnerabilities have been found in Iceweasel, the Debian web browser based on Mozilla Firefox. Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. Multiple unspecified vulnerabilities in the browser engine could allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code.

The HZ-GB-2312 character-set implementation does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. The evalInSandbox implementation uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. Use-after-free vulnerability in the gfxFont::GetFontEntry function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Updated packages are available from security.debian.org.

January 02, 2013 07:51 Debian: Security update for xen

0

Multiple denial of service vulnerabilities have been discovered in the xen hypervisor. One of the issue could even lead to privilege escalation from guest to host. A VM that controls a PCIE device directly can cause it to issue DMA requests to invalid addresses. Although these requests are denied by the I/OMMU, the hypervisor needs to handle the interrupt and clear the error from the I/OMMU, and this can be used to live-lock a CPU and potentially hang the host. A guest which sets a VCPU with an inappropriate deadline can cause an infinite loop in Xen, blocking the affected physical CPU indefinitely.

When set_p2m_entry fails, Xen’s internal data structures (the p2m and m2p tables) can get out of sync. This failure can be triggered by unusual guest behaviour exhausting the memory reserved for the p2m table. If it happens, subsequent guest-invoked memory operations can cause Xen to fail an assertion and crash. The HVMOP_pagetable_dying hypercall does not correctly check the caller’s pagetable state, leading to a hypervisor crash. Due to inappropriate duplicate use of the same loop control variable, passing bad arguments to GNTTABOP_get_status_frames can cause an infinite loop in the compat hypercall handler.

Downgrading the grant table version of a guest involves freeing its status pages. This freeing was incomplete - the page(s) are freed back to the allocator, but not removed from the domain’s tracking list. This would cause list corruption, eventually leading to a hypervisor crash. The handler for XENMEM_exchange accesses guest memory without range checking the guest provided addresses, thus allowing these accesses to include the hypervisor reserved range. guest_physmap_mark_populate_on_demand(), before carrying out its actual operation, checks that the subject GFNs are not in use. If that check fails, the code prints a message and bypasses the gfn_unlock() matching the gfn_lock() carried out before entering the loop.

Allowing arbitrary extent_order input values for XENMEM_decrease_reservation, XENMEM_populate_physmap, and XENMEM_exchange can cause arbitrarily long time being spent in loops without allowing vital other code to get a chance to execute. This may also cause inconsistent state resulting at the completion of these hypercalls.

Updated packages are available from security.debian.org.

December 27, 2012 17:22 Ubuntu: Security update for CUPS

0

It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.

Updated packages are available from security.ubuntu.com.

December 21, 2012 07:43 Debian: Security update for MySQL

0

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects.

Updated packages are available from security.debian.org.

December 21, 2012 07:40 Debian: Security update for libxml

0

Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code. Updated packages are available from security.debian.org.

December 21, 2012 07:39 Debian: Security update for Apache

0

A vulnerability has been found in the Apache HTTPD Server. A flaw was found when mod_proxy_ajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.

Updated packages are available from security.debian.org.

December 17, 2012 17:37 Debian: Security update for rssh

0

James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Updated packages are available from security.debian.org.

December 17, 2012 17:35 Debian: Security update for TPM

0

Andy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing a of input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault.

Updated packages are available from security.debian.org.

December 12, 2012 08:43 Debian: Security update for TIFF

0

It was discovered that ppm2tiff of the tiff tools, a set of utilities for TIFF manipulation and conversion, is not properly checking the return value of an internal function used in order to detect integer overflows. As a consequence, ppm2tiff suffers of a heap-based buffer overflow. This allows attacker to potentially execute arbitrary code via a crafted ppm image, especially in scenarios in which images are automatically processed.

Updated packages are available from security.debian.org.

December 12, 2012 08:41 Debian: Security update for TYPO3

0

Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, SQL injection, and information disclosure vulnerabilities.

Updated packages are available from security.debian.org.

December 12, 2012 08:34 Debian: Security update for Radsecproxy

0

Ralf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up pre- and post-handshake verification of clients. This vulnerability may wrongly accept clients without checking their certificate chain under certain configurations.

Updated packages are available from security.debian.org.

December 05, 2012 16:21 Debian: Security update for Iceape

0

Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey. Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Icedove does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Icedove does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors. A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.

A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.

Updated packages are available from security.debian.org.

December 05, 2012 16:20 Debian: Security update for OpenOffice

0

High-Tech Bridge SA Security Research Lab discovered multiple null-pointer dereferences based vulnerabilities in OpenOffice which could cause application crash or even arbitrary code execution using specially crafted files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (MS Powerpoint 2003) and XLS (MS Excel 2003).

Updated packages are available from security.debian.org.

December 05, 2012 16:20 Debian: Security update for libproxy

0

The Red Hat Security Response Team discovered that libproxy, a library for automatic proxy configuration management, applied insufficient validation to the Content-Length header sent by a server providing a proxy.pac file. Such remote server could trigger an integer overflow and consequently overflow an in-memory buffer.

Updated packages are available from security.debian.org.

December 03, 2012 11:18 Debian: Security update for Icedove

0

Multiple vulnerabilities have been discovered in Icedove, Debian’s version of the Mozilla Thunderbird mail client. Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Icedove does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Icedove does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors. A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.

A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.

Updated packages are available from security.debian.org.

December 03, 2012 11:15 Debian: Security update for RTFM

0

It was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class. Updated packages are available from security.debian.org.

November 30, 2012 07:29 Debian: Security update for Request Tracker

0

Several vulnerabilities were discovered in Request Tracker, an issue tracking system. Authenticated users can add arbitrary headers or content to mail generated by RT. A CSRF vulnerability may allow attackers to toggle ticket bookmarks.

If users follow a crafted URI and log in to RT, they may trigger actions which would ordinarily blocked by the CSRF prevention logic. Several different vulnerabilities in GnuPG processing allow attackers to cause RT to improperly sign outgoing email. If GnuPG support is enabled, authenticated users attackers can create arbitrary files as the web server user, which may enable arbitrary code execution.

Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.