Articles / Debian

All articles tagged with Debian

January 26, 2010 22:05 Debian: New python packages fix several vulnerabilities

0

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. In addition, this update fixes an integer overflow in the hashlib module in python2.5. Updated packages are available from security.debian.org.

January 26, 2010 22:02 Debian: New dokuwiki packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in dokuwiki, a standards compliant simple to use wiki. It was discovered that an internal variable is not properly sanitized before being used to list directories. This can be exploited to list contents of arbitrary directories. It was discovered that the ACL Manager plugin doesn’t properly check the administrator permissions. This allow an attacker to introduce arbitrary ACL rules and thus gaining access to a closed Wiki. It was discovered that the ACL Manager plugin doesn’t have protections against cross-site request forgeries (CSRF). This can be exploited to change the access control rules by tricking a logged in administrator into visiting a malicious web site. Updated packages are available from security.debian.org.

January 26, 2010 21:50 Debian: New gzip packages fix arbitrary code execution

0

Several vulnerabilities have been found in gzip, the GNU compression utilities. Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. Updated packages are available from security.debian.org.

January 26, 2010 21:41 Debian: New glibc packages fix information disclosure

0

Christoph Pleger has discovered that the GNU C Library (aka glibc) and its derivatives add information from the passwd.adjunct.byname map to entries in the passwd map, which allows local users to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. Updated packages are available from security.debian.org.

January 26, 2010 21:34 Debian: New audiofile packages fix buffer overflow

0

Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile. This flaw could result in a denial of service (application crash) or possibly execution of arbitrary code via a crafted WAV file. Updated packages are available from security.debian.org.

January 26, 2010 21:29 Debian: New libthai packages fix arbitrary code execution

0

Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string. Updated packages are available from security.debian.org.

January 26, 2010 17:04 Debian: New openssl packages fix denial of service

0

It was discovered that a significant memory leak could occur in openssl, related to the reinitialization of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where modssl, modphp5, and the php5-curl extension are loaded. Updated packages are available from security.debian.org.

January 26, 2010 16:57 Debian: New krb5 packages fix denial of service

0

It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution. Updated packages are available from security.debian.org.

January 26, 2010 16:44 Debian: New pdns-recursor packages potential code execution

0

It was discovered that pdns-recursor, the PowerDNS recursive name server, contains several vulnerabilities. A buffer overflow can be exploited to crash the daemon, or potentially execute arbitrary code. A cache poisoning vulnerability may allow attackers to trick the server into serving incorrect DNS data. Updated packages are available from security.debian.org.

January 26, 2010 13:36 Debian: New transmission packages fix directory traversal

0

Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file. Updated packages are available from security.debian.org.

January 26, 2010 13:30 Debian: New horde3 packages fix cross-site scripting

0

Several vulnerabilities have been found in horde3, the horde web application framework. It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. It has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. It has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages. Updated packages are available from security.debian.org.

January 26, 2010 13:28 Debian: New phpldapadmin packages fix remote file inclusion

0

It was discovered that phpLDAPadmin, a web based interface for administering LDAP servers, doesn’t sanitize an internal variable, which allows remote attackers to include and execute arbitrary local files. Updated packages are available from security.debian.org.

January 03, 2010 19:42 Debian: New PostgreSQL packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in PostgreSQL, a database server. It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the (optional) TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name. Authenticated database users could elevate their privileges by creating specially-crafted index functions. Updated packages are available from security.debian.org.

January 03, 2010 19:41 Debian: New libtool packages fix privilege escalation

0

It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. Updated packages are available from security.debian.org.

December 28, 2009 14:28 Debian: New unbound packages fix DNSSEC validation

0

It was discovered that Unbound, a DNS resolver, does not properly check cryptographic signatures on NSEC3 records. As a result, zones signed with the NSEC3 variant of DNSSEC lose their cryptographic protection. (An attacker would still have to carry out an ordinary cache poisoning attack to add bad data to the cache.) Updated packages are available from security.debian.org.

December 28, 2009 14:28 Debian: New aria2 packages fix arbitrary code execution

0

It was discovered that aria2, a high speed download utility, is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

December 28, 2009 14:26 Debian: New kvm packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in kvm, a full virtualization system. It was discovered an Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function. This allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function. It was discovered that the handle_dr function in the KVM subsystem does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application. It was discovered that the do_insn_fetch function in the x86 emulator in the KVM subsystem tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support. Updated packages are available from security.debian.org.

December 28, 2009 14:25 Debian: New bind9 packages fix cache poisoning

0

Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Updated packages are available from security.debian.org.

December 21, 2009 09:13 Debian: New acpid packages fix weak file permissions

0

It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution (etch) creates its log file with weak permissions, which might expose sensible information or might be abused by a local user to consume all free disk space on the same partition of the file. Updated packages are available from security.debian.org.

December 21, 2009 09:11 Debian: New xulrunner packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. David James discovered that the window.opener property allows Chrome privilege escalation. Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. Takehiro Takahashi discovered that the NTLM implementaion is vulnerable to reflection attacks. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. Updated packages are available from security.debian.org.

December 21, 2009 09:11 Debian: New ganeti packages fix arbitrary command execution

0

It was discovered that ganeti, a virtual server cluster manager, does not validate the path of scripts passed as arguments to certain commands, which allows local or remote users (via the web interface in versions 2.x) to execute arbitrary commands on a host acting as a cluster master. Updated packages are available from security.debian.org.

December 21, 2009 09:09 Debian: New network-manager/network-manager-applet packag...

0

It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information. Updated packages are available from security.debian.org.

December 21, 2009 09:08 Debian: New cacti packages fix insufficient input sanitising

0

Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services. It was discovered that cacti is prone to a denial of service via the graph_height, graph_width, graph_start and graph_end parameters. It was discovered that cacti is prone to several cross-site scripting attacks via different vectors. It has been discovered that cacti allows authenticated administrator users to gain access to the host system by executing arbitrary commands via the “Data Input Method” for the “Linux - Get Memory Usage” setting. Updated packages are available from security.debian.org.

December 21, 2009 09:03 Debian: New expat packages fix denial of service

0

Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. Updated packages are available from security.debian.org.

December 21, 2009 08:58 Debian: New asterisk packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in asterisk, an Open Source PBX and telephony toolkit. It is possible to determine valid login names via probing, due to the IAX2 response from asterisk. It is possible to determine a valid SIP username, when Digest authentication and authalwaysreject are enabled. It is possible to determine a valid SIP username via multiple crafted REGISTER messages. It was discovered that asterisk contains an obsolete copy of the Prototype JavaScript framework, which is vulnerable to several security issues. It was discovered that it is possible to perform a denial of service attack via RTP comfort noise payload with a long data length. Updated packages are available from security.debian.org.

December 21, 2009 08:46 Debian: New firefox-sage packages fix insufficient input ...

0

It was discovered that firefox-sage, a lightweight RSS and Atom feed reader for Firefox, does not sanitise the RSS feed information correctly, which makes it prone to a cross-site scripting and a cross-domain scripting attack. Updated packages are available from security.debian.org.

December 13, 2009 18:12 Debian: New php-net-ping packages fix arbitrary code exec...

0

It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments (no CVE yet) or execute arbitrary commands (CVE-2009-4024) on a system that uses php-net-ping. Updated packages are available from security.debian.org.

December 13, 2009 18:10 Debian: New webkit packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. Among other fixes, an array index error in the insertItemBefore method allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure. The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service. WebKit does not initialize a pointer during handling of a CSS attr function call with a large numerical argument. WebKit does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service. Updated packages are available from security.debian.org.

December 13, 2009 18:02 Debian: New ntp packages fix denial of service

0

Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets. An unexpected NTP mode 7 packets (MODE_PRIVATE) with spoofed IP data can lead ntpd to reply with a mode 7 response to the spoofed address. This may result in the service playing packet ping-pong with other ntp servers or even itself which causes CPU usage and excessive disk use due to logging. An attacker can use this to conduct denial of service attacks. Updated packages are available from security.debian.org.

December 13, 2009 18:00 Debian: New Shibboleth packages fix cross-site scripting

0

Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.