Articles / Debian

RSS All articles tagged with Debian

September 26, 2009 06:44 Debian: New nginx packages fix arbitrary code execution

0

Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request. Updated packages are available from security.debian.org.

September 26, 2009 06:43 Debian: New nagios2 packages fix several cross-site scrip...

0

Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing attackers to inject arbitrary HTML code. Updated packages are available from security.debian.org.

September 26, 2009 06:22 Debian: New xapian-omega packages fix cross-site scripting

0

It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website. Updated packages are available from security.debian.org.

September 26, 2009 06:11 Debian: New cyrus-imapd packages fix arbitrary code execu...

0

It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. Updated packages are available from security.debian.org.

September 26, 2009 06:08 Debian: New OpenOffice.org packages fix arbitrary code ex...

0

Several vulnerabilities have been discovered in the OpenOffice.org office suite. Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo. Updated packages are available from security.debian.org.

September 26, 2009 06:03 Debian: New silc-client/silc-toolkit packages fix arbitra...

0

Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services. An incorrect format string in sscanf() used in the ASN1 encoder to scan an OID value could overwrite a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. On 64-bit architectures this could result in unexpected application behaviour or even code execution in some cases. Various format string vulnerabilities when handling parsed SILC messages allow an attacker to execute arbitrary code with the rights of the victim running the SILC client via crafted nick names or channel names containing format strings. An incorrect format string in a sscanf() call used in the HTTP server component of silcd could result in overwriting a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. An attacker could exploit this by using crafted Content-Length header values resulting in unexpected application behaviour or even code execution in some cases. Updated packages are available from security.debian.org.

September 21, 2009 21:39 Debian: New devscripts packages fix remote code execution

0

Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible. Updated packages are available from security.debian.org.

September 21, 2009 21:35 Debian: New mysql-dfsg-5.0 packages fix arbitrary code ex...

0

In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. Updated packages are available from security.debian.org.

September 21, 2009 09:56 Debian: New dnsmasq packages fix remote code execution

0

Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq. A buffer overflow in TFTP processing may enable arbitrary code execution to attackers which are permitted to use the TFTP service. Malicious TFTP clients may crash dnsmasq, leading to denial of service. Updated packages are available from security.debian.org.

September 21, 2009 09:46 Debian: New ikiwiki packages fix information disclosure

0

Josh Triplett discovered that the blacklist for potentially harmful TeX code of the teximg module of the Ikiwiki wiki compiler was incomplete, resulting in information disclosure. Updated packages are available from security.debian.org.

August 30, 2009 13:03 Debian: New nss packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in the Network Security Service libraries. Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. Certificates with MD2 hash signatures are no longer accepted since they’re no longer considered cryptograhically secure. Updated packages are available from security.debian.org.

August 30, 2009 13:02 Debian: New xulrunner packages fix spoofing vulnerabilities

0

Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. Updated packages are available from security.debian.org.

August 25, 2009 02:19 Debian: New Linux 2.6.18 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory. Herbert Xu discovered an issue in the way UDP tracks corking status that could allow local users to cause a denial of service (system crash). Tavis Ormandy and Julien Tinnes discovered that this issue could also be used by local users to gain elevated privileges. Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops). Updated packages are available from security.debian.org.

August 25, 2009 02:13 Debian: New wordpress packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in wordpress, weblog manager. It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks. It was discovered that remote attackers had the ability to trigger an application upgrade, which could lead to a denial of service attack. It was discovered that wordpress lacks authentication checks in the plugin configuration, which might leak sensitive information. It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions. It was discovered that the administrator interface is prone to a cross-site scripting attack. It was discovered that remote attackers can gain privileges via certain direct requests. It was discovered that the _bad_protocol_once function in KSES, as used by wordpress, allows remote attackers to perform cross-site scripting attacks. It was discovered that wordpress lacks certain checks around user information, which could be used by attackers to change the password of a user. It was discovered that the get_category_template function is prone to a directory traversal vulnerability, which could lead to the execution of arbitrary code. It was discovered that the _httpsrequest function in the embedded snoopy version is prone to the execution of arbitrary commands via shell metacharacters in https URLs. It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies. Updated packages are available from security.debian.org.

August 25, 2009 02:07 Debian: New pidgin packages fix arbitrary code execution

0

Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN. Updated packages are available from security.debian.org.

August 25, 2009 02:06 Debian: New curl packages fix SSL certificate verificatio...

0

It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the “Null Prefix Attacks Against SSL/TLS Certificates” recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field. Updated packages are available from security.debian.org.

August 25, 2009 02:04 Debian: New kde4libs packages fix several vulnerabilities

0

Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. Updated packages are available from security.debian.org.

August 25, 2009 02:03 Debian: New kdegraphics packages fix several vulnerabilities

0

Two security issues have been discovered in kdegraphics, the graphics apps from the official KDE release. It was discovered that the KSVG animation element implementation suffers from a null pointer dereference flaw, which could lead to the execution of arbitrary code. It was discovered that the KSVG animation element implementation is prone to a use-after-free flaw, which could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

August 25, 2009 02:02 Debian: New kdelibs packages fix several vulnerabilities

0

Several security issues have been discovered in kdelibs, core libraries from the official KDE release. It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. Updated packages are available from security.debian.org.

August 25, 2009 01:57 Debian: New Linux 2.6.18 packages fix privilege escalation

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service or privilege escalation. Neil Horman discovered a missing fix from the e1000 network driver. A remote user may cause a denial of service by way of a kernel panic triggered by specially crafted frame sizes. Michael Tokarev discovered an issue in the r8169 network driver. Remote users on the same LAN may cause a denial of service by way of a kernel panic triggered by receiving a large size frame. Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges.

August 25, 2009 01:56 Debian: New Linux 2.6.24 packages fix privilege escalation

0

A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation. Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges. Updated packages are available from security.debian.org.

August 25, 2009 01:54 Debian: New zope2.10/zope2.9 packages fix arbitrary code ...

0

Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case. Due to a programming error an authorization method in the StorageServer component of ZEO was not used as an internal method. This allows a malicious client to bypass authentication when connecting to a ZEO server by simply calling this authorization method. The ZEO server doesn’t restrict the callables when unpickling data received from a malicious client which can be used by an attacker to execute arbitrary python code on the server by sending certain exception pickles. This also allows an attacker to import any importable module as ZEO is importing the module containing a callable specified in a pickle to test for a certain flag. Updated packages are available from security.debian.org.

August 25, 2009 01:52 Debian: New Linux 2.6.26 packages fix privilege escalation

0

A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation. Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges. Updated packages are available from security.debian.org.

August 24, 2009 15:29 Debian: New libxml packages fix several issues

0

Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. Updated packages are available from security.debian.org.

August 24, 2009 15:11 Debian: New camlimages packages fix arbitrary code execution

0

Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of JPEG and GIF Images, while DSA 1832-1 addressed the issue with PNG images. Updated packages are available from security.debian.org.

August 24, 2009 15:10 Debian: New mantis packages fix information leak

0

It was discovered that the Debian Mantis package, a web based bug tracking system, installed the database credentials in a file with world-readable permissions onto the local filesystem. This allows local users to acquire the credentials used to control the Mantis database. Updated packages are available from security.debian.org.

August 24, 2009 15:07 Debian: New subversion packages fix arbitrary code execution

0

Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases. Updated packages are available from security.debian.org.

August 24, 2009 15:06 Debian: New memcached packages fix arbitrary code execution

0

Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached. Updated packages are available from security.debian.org.

August 24, 2009 15:06 Debian: New APR packages fix arbitrary code execution

0

Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations. This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution. Updated packages are available from security.debian.org.

August 24, 2009 15:04 Debian: New fetchmail packages fix SSL certificate verifi...

0

It was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the “Null Prefix Attacks Against SSL/TLS Certificates” recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the subjectAltName or Common Name fields. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

Novius OS

A CMS that takes up the challenge of managing Web content in today’s multi-channel environment.

Screenshot

Project Spotlight

The Meson Build System

A next-generation build system.