Articles / Debian

All articles tagged with Debian

November 22, 2009 19:12 Debian: New kdelibs packages fix SSL certificate verifica...

0

Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from the official KDE release, does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Updated packages are available from security.debian.org.

November 22, 2009 19:09 Debian: New Linux 2.6.26 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. Mark Smith discovered a memory leak in the appletalk implementation. Remote attackers can cause a denial of service by consuming large amounts of system memory. Loic Minier discovered an issue in the eCryptfs filesystem, which a local user can use to cause a denial of service (kernel oops) by causing a dentry value to go negative. Arjan van de Ven discovered an issue in the AX.25 protocol implementation which can result in a denial of service (kernel oops). Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the ‘amd64’ kernel do not properly sanitize registers for 32-bit processes. Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations. Local users can exploit these issues to gain access to kernel memory. Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames. Updated packages are available from security.debian.org.

November 22, 2009 19:04 Debian: New mapserver packages fix serveral vulnerabilities

0

Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. Missing input validation on a user supplied map queryfile name can be used by an attacker to check for the existence of a specific file by using the queryfile GET parameter and checking for differences in error messages. A lack of file type verification when parsing a map file can lead to partial disclosure of content from arbitrary files through parser error messages. Due to missing input validation when saving map files under certain conditions it is possible to perform directory traversal attacks and to create arbitrary files. It was discovered that mapserver is vulnerable to a stack-based buffer overflow when processing certain GET parameters. An attacker can use this to execute arbitrary code on the server via crafted id parameters. An integer overflow leading to a heap-based buffer overflow when processing the Content-Length header of an HTTP request can be used by an attacker to execute arbitrary code via crafted POST requests containing negative Content-Length values. An integer overflow when processing HTTP requests can lead to a heap-based buffer overflow. An attacker can use this to execute arbitrary code either via crafted Content-Length values or large HTTP request. Updated packages are available from security.debian.org.

November 22, 2009 18:58 Debian: New bugzilla packages fix SQL injection

0

Max Kanat-Alexander, Bradley Baetz, and Frédéric Buclin discovered an SQL injection vulnerability in the Bug.create WebService function in Bugzilla, a web-based bug tracking system, which allows remote attackers to execute arbitrary SQL commands. Updated packages are available from security.debian.org.

November 22, 2009 18:56 Debian: New camlimages fix arbitrary code execution

0

It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. Updated packages are available from security.debian.org.

November 22, 2009 18:46 Debian: New pygresql packages provide secure escaping

0

It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new function is called pg_escape_string(), which takes the database connection as a first argument. The old function escape_string() has been preserved as well for backwards compatibility. Updated packages are available from security.debian.org.

November 22, 2009 18:45 Debian: New mysql-ocaml packages provide secure escaping

0

It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. Updated packages are available from security.debian.org.

November 22, 2009 18:44 Debian: New postgresql-ocaml packages provide secure esca...

0

It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL’s libpq, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called escape_string_conn() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. Updated packages are available from security.debian.org.

November 22, 2009 18:35 Debian: New samba packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in samba, an implementation of the SMB/CIFS protocol for Unix systems, providing support for cross-platform file and printer sharing with other operating systems and more. The mount.cifs utility is missing proper checks for file permissions when used in verbose mode. This allows local users to partly disclose the content of arbitrary files by specifying the file as credentials file and attempting to mount a samba share. A reply to an oplock break notification which samba doesn’t expect could lead to the service getting stuck in an infinite loop. An attacker can use this to perform denial of service attacks via a specially crafted SMB request. A lack of error handling in case no home directory was configured/specified for the user could lead to file disclosure. In case the automated homes share is enabled or an explicit share is created with that username, samba fails to enforce sharing restrictions which results in an attacker being able to access the file system from the root directory. Updated packages are available from security.debian.org.

November 22, 2009 18:33 Debian: New kvm packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in kvm, a full virtualization system. Chris Webb discovered an off-by-one bug limiting KVM’s VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. It was discvered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. Updated packages are available from security.debian.org.

November 22, 2009 18:32 Debian: New python-django packages fix denial of service

0

The forms library of python-django, a high-level Python web development framework, is using a badly chosen regular expression when validating email addresses and URLs. An attacker can use this to perform denial of service attacks (100% CPU consumption) due to bad backtracking via a specially crafted email address or URL which is validated by the django forms library. Updated packages are available from security.debian.org.

November 22, 2009 18:28 Debian: New wget packages fix SSL certificate verificatio...

0

Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using http(s) and ftp, is vulnerable to the “Null Prefix Attacks Against SSL/TLS Certificates” published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field. Updated packages are available from security.debian.org.

November 22, 2009 18:24 Debian: New graphicsmagick packages fix several vulnerabi...

0

Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. Among others, multiple integer overflows in XInitImage function for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. Updated packages are available from security.debian.org.

November 22, 2009 18:22 Debian: New elinks packages fix arbitrary code execution

0

Jakub Wilk discovered an off-by-one buffer overflow in the charset handling of elinks, a feature-rich text-mode WWW browser, which might lead to the execution of arbitrary code if the user is tricked into opening a malformed HTML page. Updated packages are available from security.debian.org.

November 22, 2009 18:20 Debian: New mediawiki1.7 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in mediawiki1.7, a website engine for collaborative work. David Remahl discovered that mediawiki1.7 is prone to a cross-site scripting attack. David Remahl discovered that mediawiki1.7, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. David Remahl discovered that mediawiki1.7 is prone to a cross-site request forgery vulnerability in the Special:Import feature. It was discovered that mediawiki1.7 is prone to a cross-site scripting attack in the web-based installer. Updated packages are available from security.debian.org.

November 22, 2009 18:18 Debian: New PostgreSQL packages fix various problems

0

Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. Updated packages are available from security.debian.org.

November 22, 2009 18:15 Debian: New strongswan packages fix denial of service

0

Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The charon daemon can crash when processing certain crafted IKEv2 packets. The pluto daemon could crash when processing a crafted X.509 certificate. Updated packages are available from security.debian.org.

November 22, 2009 18:14 Debian: New openswan packages fix denial of service

0

It was discovered that the pluto daemon in the openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate. Updated packages are available from security.debian.org.

November 22, 2009 17:50 Debian: New horde3 packages fix arbitrary code execution

0

Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver. Updated packages are available from security.debian.org.

November 22, 2009 17:41 Debian: New Shibboleth 1.x packages fix potential code ex...

0

Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x. Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution). Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignored key usage constraints. Updated packages are available from security.debian.org.

November 22, 2009 17:39 Debian: New xmltooling packages fix potential code execution

0

Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth. Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution). Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignores key usage constraints. Updated packages are available from security.debian.org.

November 22, 2009 17:37 Debian: New newt packages fix arbitrary code execution

0

Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to a buffer overflow in the content processing code, which can lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

November 22, 2009 17:36 Debian: New dovecot packages fix arbitrary code execution

0

It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. Updated packages are available from security.debian.org.

November 22, 2009 17:30 Debian: New changetrack packages fix arbitrary code execu...

0

Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters. Updated packages are available from security.debian.org.

November 22, 2009 17:24 Debian: New wxwidgets packages fix arbitrary code execution

0

Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file. Updated packages are available from security.debian.org.

November 22, 2009 17:21 Debian: New icu packages correct multibyte sequence parsing

0

It was discovered that the ICU unicode library performed incorrect processing of invalid multibyte sequences, resulting in potential bypass of security mechanisms. Updated packages are available from security.debian.org.

November 22, 2009 17:19 Debian: New openssl packages deprecate MD2 hash signatures

0

Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they’re no longer considered cryptographically secure. Updated packages are available from security.debian.org.

November 22, 2009 17:18 Debian: New rails packages fix cross-site scripting

0

Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper. Updated packages are available from security.debian.org.

September 26, 2009 06:48 Debian: New xulrunner packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. Daniel Holbert, Jesse Ruderman, Olli Pettay and “toshi” discovered crashes in the layout engine and in the Javascript engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn’t informative enough, which might allow social engineering attacks. It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. Updated packages are available from security.debian.org.

September 26, 2009 06:45 Debian: New iceweasel packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. “moz_bug_r_a4” discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.