Articles / Debian

All articles tagged with Debian

March 15, 2010 09:57 Debian: New cups packages fix arbitrary code execution

0

Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). Updated packages are available from security.debian.org.

March 15, 2010 09:48 Debian: New sudo packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users database server. It was discovered that sudo when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. It was discovered that sudo when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. Updated packages are available from security.debian.org.

March 15, 2010 09:32 Debian: New Linux 2.6.24 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. Among others, Steve Beattie and Kees Cook reported an information leak in the maps and smaps files available under /proc. Local users may be able to read this data for setuid processes while the ELF binary is being loaded. Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. Joe Malicki discovered an issue in the megaraid_sas driver. Insufficient permissions on the sysfs dbg_lvl interface allow local users to modify the debug logging behavior. Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition. Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. Updated packages are available from security.debian.org.

March 15, 2010 09:15 Debian: New samba packages fix several vulnerabilities

0

Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points. Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab. Updated packages are available from security.debian.org.

February 27, 2010 19:48 Debian: New Linux 2.6.18 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. Dave Jones reported an issue in the gdth SCSI driver, which could be exploited by local users to create a denial of service or potentially gain elevated privileges. Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. Roel Kluin discovered an issue in the hfc_usb driver. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops). Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges. Fabian Yamaguchi reported an issue in the e1000 driver for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory. Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops). Updated packages are available from security.debian.org.

February 20, 2010 18:38 Debian: New polipo packages fix denial of service

0

Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. A malicous remote sever could cause polipo to crash by sending an invalid Cache-Control header. A malicous client could cause polipo to crash by sending a large Content-Length value. Updated packages are available from security.debian.org.

February 20, 2010 18:37 Debian: New php5 packages fix multiple vulnerabilities

0

Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The htmlspecialchars function does not properly handle invalid multi-byte sequences. A memory corruption can be triggered via session interruption. Updated packages are available from security.debian.org.

February 20, 2010 18:32 Debian: New ffmpeg packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer. Various programming errors in container and codec implementations may lead to denial of service or the execution of arbitrary code if the user is tricked into opening a malformed media file or stream. Updated packages are available from security.debian.org.

February 20, 2010 18:31 Debian: New xulrunner packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. Updated packages are available from security.debian.org.

February 20, 2010 18:23 Debian: New kdelibs packages fix arbitrary code execution

0

Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

February 20, 2010 08:12 Debian: New mysql-dfsg-5.0 packages fix several vulnerabi...

0

Several vulnerabilities have been discovered in the MySQL database server. Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments. Multiple stack-based buffer overflows in yaSSL allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash). Updated packages are available from security.debian.org.

February 20, 2010 08:07 Debian: New Linux 2.6.26 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. Joseph Malicki reported that the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings. Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service. Fabian Yamaguchi reported issues in the drivers for Intel gigabit network adapters which allow remote users to bypass packet filters. Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service or obtain elevated privileges. Gleb Natapov discovered issues in the KVM subsystem leading to denial of service a guest (system crash) or gain escalated privileges with the guest. Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that could cause a denial of service (crash) of the host system. Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). Updated packages are available from security.debian.org.

February 20, 2010 08:05 Debian: New openoffice.org packages fix several vulnerabi...

0

Several vulnerabilities have been discovered in the OpenOffice.org office suite. It was discovered that macro security settings were insufficiently enforced for VBA macros. It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

February 12, 2010 10:38 Debian: New ajaxterm packages fix session hijacking

0

It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm. Updated packages are available from security.debian.org.

February 12, 2010 10:36 Debian: New otrs2 packages fix SQL injection

0

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2. Updated packages are available from security.debian.org.

February 05, 2010 15:11 Debian: New chrony packages fix denial of service

0

Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorized hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions. The client logging facility of chronyd doesn’t limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion. chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorized hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets. Updated packages are available from security.debian.org.

February 05, 2010 15:10 Debian: New squid/squid3 packages fix denial of service

0

Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy. Bastian Blank discovered that it is possible to cause a denial of service via a crafted auth header with certain comma delimiters. Tomas Hoger discovered that it is possible to cause a denial of service via invalid DNS header-only packets. Updated packages are available from security.debian.org.

February 05, 2010 15:09 Debian: New trac-git packages fix code execution

0

Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. Updated packages are available from security.debian.org.

February 05, 2010 15:08 Debian: New fuse packages fix denial of service

0

Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service. Updated packages are available from security.debian.org.

February 05, 2010 15:02 Debian: New qt4-x11 packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. Various vulnerabilities in Webkit, as used in qt4-x11, allow remote attackers to execute arbitrary code or cause a denial of service via crafted HTML documents. Vulnerabilities in both the XSL and XSLT implementations in WebKit allow remote attackers to read arbitrary files via a crafted DTD. WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. qt4-x11 does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Updated packages are available from security.debian.org.

February 05, 2010 14:52 Debian: New moodle packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in Moodle, an online course management system. Multiple cross-site request forgery (CSRF) vulnerabilities have been discovered. It has been discovered that the LAMS module is prone to the disclosure of user account information. The Glossary module has an insufficient access control mechanism. Moodle does not properly check permissions when the MNET service is enabled, which allows remote authenticated servers to execute arbitrary MNET functions. The login/index_form.html page links to an HTTP page instead of using an SSL secured connection. Moodle stores sensitive data in backup files, which might make it possible for attackers to obtain them. It has been discovered that the SCORM module is prone to an SQL injection. Additionally, an SQL injection in the update_record function, a problem with symbolic links and a verification problem with Glossary, database and forum ratings have been fixed. Updated packages are available from security.debian.org.

February 05, 2010 14:50 Debian: New lighttpd packages fix denial of service

0

Li Ming discovered that lighttpd, a small and fast webserver with minimal memory footprint, is vulnerable to a denial of service attack due to bad memory handling. Slowly sending very small chunks of request data causes lighttpd to allocate new buffers for each read instead of appending to old ones. An attacker can abuse this behaviour to cause denial of service conditions due to memory exhaustion. Updated packages are available from security.debian.org.

February 05, 2010 14:49 Debian: New sendmail packages fix SSL certificate verific...

0

It was discovered that sendmail, a Mail Transport Agent, does not properly handle a ‘\0’ character in a Common Name (CN) field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority. Updated packages are available from security.debian.org.

February 05, 2010 14:47 Debian: New Wireshark packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. A NULL pointer dereference was found in the SMB/SMB2 dissectors. Several buffer overflows were found in the LWRES dissector. Updated packages are available from security.debian.org.

February 05, 2010 14:46 Debian: New libxerces2-java packages fix denial of service

0

It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. Updated packages are available from security.debian.org.

February 05, 2010 14:44 Debian: New hybserv packages fix denial of service

0

Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option. Updated packages are available from security.debian.org.

February 05, 2010 14:39 Debian: New maildrop packages fix privilege escalation

0

Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. Updated packages are available from security.debian.org.

February 05, 2010 14:36 Debian: New ircd-hybrid/ircd-ratbox packages fix arbitrar...

0

David Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code. It was discovered that the ratbox IRC server is prone to a denial of service attack via the HELP command. Updated packages are available from security.debian.org.

February 05, 2010 14:34 Debian: New lintian packages fix multiple vulnerabilities

0

Multiple vulnerabilities have been discovered in lintian, a Debian package checker. Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems’ control files were not sanitised before using them in certain operations that could lead to directory traversals. Multiple check scripts and the Lintian::Schedule module were using user-provided input as part of the sprintf/printf format string. File names were not properly escaped when passing them as arguments to certain commands, allowing the execution of other commands as pipes or as a set of shell commands. Updated packages are available from security.debian.org.

January 26, 2010 22:09 Debian: New phpgroupware packages fix several vulnerabili...

0

Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. An SQL injection vulnerability was found in the authentication module. Multiple directory traversal vulnerabilities were found in the addressbook module. The authentication module is affected by cross-site scripting. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.