Articles / Debian

All articles tagged with Debian

December 06, 2009 14:16 Debian: New belpic packages fix cryptographic weakness

0

It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation. Updated packages are available from security.debian.org.

December 06, 2009 14:15 Debian: New gforge packages fix denial of service

0

Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. Updated packages are available from security.debian.org.

December 06, 2009 14:14 Debian: New request-tracker packages fix session hijack v...

0

Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user’s RT session. Updated packages are available from security.debian.org.

December 06, 2009 14:13 Debian: New openldap2.3/openldap packages fix SSL certifi...

0

It was discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a ‘\0’ character in a domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Updated packages are available from security.debian.org.

November 29, 2009 20:49 Debian: New wireshark packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. A NULL pointer dereference was found in the RADIUS dissector. A NULL pointer dereference was found in the DCERP/NT dissector. An integer overflow was discovered in the ERF parser. Updated packages are available from security.debian.org.

November 29, 2009 20:48 Debian: New poppler packages fix several vulnerabilities

0

Several integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document. Updated packages are available from security.debian.org.

November 29, 2009 20:46 Debian: New php5 packages fix several issues

0

Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The exif module did not properly handle malformed jpeg files, allowing an attacker to cause a segfault, resulting in a denial of service. The php_openssl_apply_verification_policy() function did not properly perform certificate validation. Bogdan Calin discovered that a remote attacker could cause a denial of service by uploading a large number of files in using multipart/ form-data requests, causing the creation of a large number of temporary files. A flaw in the ini_restore() function could lead to a memory disclosure, possibly leading to the disclosure of sensitive data. Updated packages are available from security.debian.org.

November 29, 2009 20:40 Debian: New libvorbis packages fix several vulnerabilities

0

Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. Updated packages are available from security.debian.org.

November 29, 2009 20:38 Debian: New php-mail packages fix insufficient input sani...

0

It was discovered that php-mail, a PHP PEAR module for sending email, has insufficient input sanitising, which might be used to obtain sensitive data from the system that uses php-mail. Updated packages are available from security.debian.org.

November 22, 2009 21:22 Debian: New gforge packages fix cross-site scripting

0

It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. Updated packages are available from security.debian.org.

November 22, 2009 21:14 Debian: New libgd2 packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. Kees Cook discovered a buffer overflow in libgd2’s font renderer. An attacker could cause denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Tomas Hoger discovered a boundary error in the “_gdGetColors()” function. An attacker could conduct a buffer overflow or buffer over-read attacks via a crafted GD file. Updated packages are available from security.debian.org.

November 22, 2009 21:13 Debian: New gnutls23/gnutls26 packages fix SSL certificat...

0

Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a ‘\0’ character in a domain name in the subject’s Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. In addition, with this update, certificates with MD2 hash signatures are no longer accepted since they’re no longer considered cryptograhically secure. Updated packages are available from security.debian.org.

November 22, 2009 21:10 Debian: New apache2 packages fix several issues

0

A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. Updated packages are available from security.debian.org.

November 22, 2009 20:54 Debian: New cups packages fix cross-site scripting

0

Aaron Siegel discovered that the web interface of cups, the Common UNIX Printing System, is prone to cross-site scripting attacks. Updated packages are available from security.debian.org.

November 22, 2009 20:47 Debian: New pidgin packages fix arbitrary code execution

0

It was discovered that incorrect pointer handling in the purple library, an internal component of the multi-protocol instant messaging client Pidgin, could lead to denial of service or the execution of arbitrary code through malformed contact requests. Updated packages are available from security.debian.org.

November 22, 2009 20:44 Debian: New NSPR packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. A programming error in the string handling code may lead to the execution of arbitrary code. An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

November 22, 2009 20:42 Debian: New drupal6 packages fix several vulnerabilities

0

Several vulnerabilities have been found in drupal6, a fully-featured content management framework. A flaw in the way user signatures are handled allows a user to inject arbitrary code via a crafted user signature. A cross-site scripting issue in the forum module could be exploited via the tid parameter. Certain drupal6 pages leak sensible information such as user credentials. Several design flaws in the OpenID module have been fixed, which could lead to cross-site request forgeries or privilege escalations. Updated packages are available from security.debian.org.

November 22, 2009 20:40 Debian: New Linux 2.6.18 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. A missing capability check in the z90crypt driver or s390 systems may allow a local user to gain elevated privileges. An issue in the AX.25 protocol implementation can result in a denial of service (kernel oops). A sensitive memory leak issue was fixed in the ANSI/IEEE 802.2 LLC implementation. Several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementation can be exploited to gain access to kernel memory. An instance of uninitialized kernel memory in the network packet scheduler may be exploited to read the contents of sensitive kernel memory. Linus Torvalds provided a change to the get_random_int() function to increase its randomness. An issue with the NFSv4 server implementation could possibly grant unintentional privileges to other local users. A NULL pointer dereference issue in the pipe_rdwr_open function can be used by local users to gain elevated privileges. A typo in the initialization of a structure in the netlink subsystem may allow local users to gain access to sensitive kernel memory. A deadlock condition in the UNIX domain socket implementation can be exploited to cause a denial of service (system hang). Updated packages are available from security.debian.org.

November 22, 2009 20:34 Debian: New Linux 2.6.24 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. A typing issue in the eisa-eeprom driver could be exploited to gain access to restricted memory. An issue in the do_sigalstack routine allows local users to gain access to potentially sensitive memory on the kernel stack. An issue in the execve path could be exploited to cause a denial of service (memory corruption). An issue in the sysfs interface to md devices which could be exploited to cause a denial of service (oops). A memory leak in the appletalk implementation could cause a denial of service by consuming large amounts of system memory. An issue in the eCryptfs filesystem could cause a denial of service (kernel oops) by causing a dentry value to go negative. An issue in the AX.25 protocol implementation could result in a denial of service (kernel oops). Systems running the ‘amd64’ kernel do not properly sanitize registers for 32-bit processes resulting in a sensitive kernel memory leak. A sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation was fixed. Several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations could be exploited to gain access to kernel memory. An instance of uninitialized kernel memory in the network packet scheduler could be exploited to read the contents of sensitive kernel memory. Linus Torvalds provided a change to the get_random_int() function to increase its randomness. An issue with the NFSv4 server implementation could possibly grant unintentional privileges to other local users. A NULL pointer dereference issue in the pipe_rdwr_open function can be used by local users to gain elevated privileges. A typo in the initialization of a structure in the netlink subsystem may allow local users to gain access to sensitive kernel memory. An issue in the r8169 driver can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames. An issue in the DRM manager for ATI Rage 128 graphics adapters may be exploited to cause a denial of service (NULL pointer dereference). A deadlock condition in the UNIX domain socket implementation can be exploited to cause a denial of service (system hang). Updated packages are available from security.debian.org.

November 22, 2009 20:21 Debian: New Linux 2.6.26 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. An instance of uninitialized kernel memory in the network packet scheduler could be used by local users to exploit to read the contents of sensitive kernel memory. Linus Torvalds provided a change to the getrandomint() function to increase its randomness. A NULL pointer dereference issue in the piperdwropen function can be used by local users to gain elevated privileges. A typo in the initialization of a structure in the netlink subsystem may allow local users to gain access to sensitive kernel memory. An issue in the DRM manager for ATI Rage 128 graphics adapters may be used by local users to exploit to cause a denial of service (NULL pointer dereference). A deadlock condition in the UNIX domain socket implementation can be exploited by local users to cause a denial of service (system hang). An overflow in the KVM subsystem on i386 systems is exploitable by local users with access to the /dev/kvm device file. Updated packages are available from security.debian.org.

November 22, 2009 20:19 Debian: New TYPO3 packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework. The Backend subcomponent allows remote authenticated users to determine an encryption key via crafted input to a form field. Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent allow remote authenticated users to inject arbitrary web script or HTML. The Backend subcomponent allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters. The Backend subcomponent, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. An SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent allows remote authenticated users to execute arbitrary SQL commands. A cross-site scripting (XSS) vulnerability in allows remote attackers to inject arbitrary web script. A cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent allows remote attackers to inject arbitrary web script or HTML. The Install Tool subcomponent allows remote attackers to gain access by using only the password’s md5 hash as a credential. Cross-site scripting (XSS) vulnerability in the Install Tool subcomponen allows remote attackers to inject arbitrary web script or HTML. Updated packages are available from security.debian.org.

November 22, 2009 20:03 Debian: New proftpd-dfsg packages fix SSL certificate ver...

0

It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled. Updated packages are available from security.debian.org.

November 22, 2009 20:02 Debian: New mahara packages fix several vulnerabilities

0

Two vulnerabilities have been discovered in mahara, an electronic portfolio, weblog, and resume builder. Ruslan Kabalin discovered a issue with resetting passwords, which could lead to a privilege escalation of an institutional administrator account. Sven Vetsch discovered a cross-site scripting vulnerability via the resume fields. Updated packages are available from security.debian.org.

November 22, 2009 20:00 Debian: New libhtml-parser-perl packages fix denial of se...

0

A denial of service vulnerability has been found in libhtml-parser-perl, a collection of modules to parse HTML in text documents which is used by several other projects like e.g. SpamAssassin. Mark Martinec discovered that the decode_entities() function will get stuck in an infinite loop when parsing certain HTML entities with invalid UTF-8 characters. An attacker can use this to perform denial of service attacks by submitting crafted HTML to an application using this functionality. Updated packages are available from security.debian.org.

November 22, 2009 19:37 Debian: New xulrunner packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. Crashes have been found in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman and Sid Stamm discovered a spoofing vulnerability in the file download dialog. Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection() function. “moz_bug_r_a4” discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. “regenrecht” discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. Paul Stone discovered that history information from web forms could be stolen. Updated packages are available from security.debian.org.

November 22, 2009 19:35 Debian: New expat packages fix denial of service

0

Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. Updated packages are available from security.debian.org.

November 22, 2009 19:24 Debian: New nginx packages fix denial of service

0

A denial of service vulnerability has been found in nginx, a small and efficient web server. Jasson Bell discovered that a remote attacker could cause a denial of service (segmentation fault) by sending a crafted request. Updated packages are available from security.debian.org.

November 22, 2009 19:15 Debian: New smarty packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. Updated packages are available from security.debian.org.

November 22, 2009 19:14 Debian: New phpmyadmin packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. SQL injection vulnerability in the PDF schema generator functionality allows remote attackers to execute arbitrary SQL commands. Updated packages are available from security.debian.org.

November 22, 2009 19:13 Debian: New mimetex packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML. Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow. An attacker could execute arbitrary code via a TeX file with long picture, circle, input tags. Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. A remote attacker can obtain sensitive information. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.