Articles / Debian

All articles tagged with Debian

August 24, 2009 14:45 Debian: New gst-plugins-bad0.10 packages fix arbitrary co...

0

It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the “bad” set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name. Updated packages are available from security.debian.org.

August 24, 2009 14:38 Debian: New libmodplug packages fix arbitrary code execution

0

Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. It was discovered that libmodplug is prone to an integer overflow when processing a MED file with a crafted song comment or song name. It was discovered that libmodplug is prone to a buffer overflow in the PATinst function, when processing a long instrument name. Updated packages are available from security.debian.org.

August 24, 2009 14:33 Debian: New xml-security-c packages fix signature forgery

0

It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater. Updated packages are available from security.debian.org.

August 24, 2009 14:32 Debian: New znc packages fix remote code execution

0

It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files. Updated packages are available from security.debian.org.

August 24, 2009 14:15 Debian: New bind9 packages fix denial of service

0

It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed. Updated packages are available from security.debian.org.

August 24, 2009 14:14 Debian: New kvm packages fix denial of service

0

Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVMSETSREGS call. Updated packages are available from security.debian.org.

August 24, 2009 14:12 Debian: New Linux 2.6.26 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. Julien Tinnes and Tavis Ormandy reported an issue in the Linux personality code. Local users can take advantage of a setuid binary that can either be made to dereference a NULL pointer or drop privileges and return control to the user. This allows a user to bypass mmap_min_addr restrictions which can be exploited to execute arbitrary code. Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call. Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility. A local user with permissions to perform an eCryptfs mount may modify the contents of a eCryptfs file, overflowing the stack and potentially gaining elevated privileges. Updated packages are available from security.debian.org.

August 24, 2009 14:10 Debian: New Linux 2.6.24 packages fix several vulnerabili...

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. Neil Horman discovered a missing fix from the e1000 network driver. A remote user may cause a denial of service by way of a kernel panic triggered by specially crafted frame sizes. Michael Tokarev discovered an issue in the r8169 network driver. Remote users on the same LAN may cause a denial of service by way of a kernel panic triggered by receiving a large size frame. Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. Julien Tinnes and Tavis Ormandy reported and issue in the Linux vulnerability code. This allows a user to bypass mmap_min_addr restrictions which can be exploited to execute arbitrary code. Mikulas Patocka discovered an issue in sparc64 kernels that allows local users to cause a denial of service (crash) by reading the /proc/iomem file. Miklos Szeredi reported an issue in the ocfs2 filesystem. Local users can create a denial of service (filesystem deadlock) using a particular sequence of splice system calls. Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility. A local user with permissions to perform an eCryptfs mount may modify the contents of a eCryptfs file, overflowing the stack and potentially gaining elevated privileges. Updated packages are available from security.debian.org.

August 24, 2009 14:09 Debian: New squid3 packages fix denial of service

0

It was discovered that squid3, a high-performance proxy caching server for web clients, is prone to several denial of service attacks. Due to incorrect bounds checking and insufficient validation while processing response and request data an attacker is able to crash the squid daemon via crafted requests or responses. Updated packages are available from security.debian.org.

August 24, 2009 14:08 Debian: New openexr packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in the OpenEXR image library, which can lead to the execution of arbitrary code. Drew Yao discovered integer overflows in the preview and compression code. Drew Yao discovered that an uninitialised pointer could be freed in the decompression code. A buffer overflow was discovered in the compression code. Updated packages are available from security.debian.org.

August 14, 2009 13:42 Debian: New git-core packages fix denial of service

0

It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions. Updated packages are available from security.debian.org.

August 14, 2009 13:38 Debian: New xulrunner packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake Kaplan disocvered several issues in the browser engine that could potentially lead to the execution of arbitrary code. monarch2020 reported an integer overflow in a base64 decoding function. Christophe Charron reported a possibly exploitable crash occuring when multiple RDF files were loaded in a XUL tree element. Yongqian Li reported that an unsafe memory condition could be created by specially crafted document. Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book discovered several issues in the JavaScript engine that could possibly lead to the execution of arbitrary JavaScript. Attila Suszter discovered an issue related to a specially crafted Flash object, which could be used to run arbitrary code. PenPal discovered that it is possible to execute arbitrary code via a specially crafted SVG element. Blake Kaplan discovered a flaw in the JavaScript engine that might allow an attacker to execute arbitrary JavaScript with chrome privileges. moz_bug_r_a4 discovered an issue in the JavaScript engine that could be used to perform cross-site scripting attacks. Updated packages are available from security.debian.org.

August 14, 2009 13:32 Debian: New gst-plugins-good0.10 packages fix arbitrary c...

0

It has been discovered that gst-plugins-good0.10, the GStreamer plugins from the “good” set, are prone to an integer overflow, when processing a large PNG file. This could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

August 14, 2009 13:02 Debian: New pulseaudio packages fix privilege escalation

0

Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges. Updated packages are available from security.debian.org.

August 14, 2009 12:59 Debian: New fckeditor packages fix arbitrary code execution

0

Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

August 14, 2009 12:58 Debian: New tiff packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools. Updated packages are available from security.debian.org.

August 14, 2009 12:56 Debian: New apache2 packages fix denial of service

0

A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed. Updated packages are available from security.debian.org.

August 14, 2009 12:27 Debian: New dhcp3 packages fix arbitrary code execution

0

It was discovered that dhclient does not properly handle overlong subnet mask options, leading to a stack-based buffer overflow and possible arbitrary code execution. Christoph Biedl discovered that the DHCP server may terminate when receiving certain well-formed DHCP requests, provided that the server configuration mixes host definitions using “dhcp-client-identifier” and “hardware ethernet”. Updated packages are available from security.debian.org.

August 14, 2009 09:57 Debian: New camlimages packages fix arbitrary code execution

0

Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. Updated packages are available from security.debian.org.

August 14, 2009 09:56 Debian: New djbdns packages fix privilege escalation

0

Matthew Dempsky discovered that Daniel J. Bernstein’s djbdns, a Domain Name System server, does not constrain offsets in the required manner, which allows remote attackers with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain. Updated packages are available from security.debian.org.

August 14, 2009 09:49 Debian: New icedove packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. Among other identified problems, the execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialized pointer. It is possible to execute arbitrary code via vectors related to the layout and JavaScript engines. Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalized domain names. Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. The browser engine is prone to a possible memory corruption via several vectors. Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. Updated packages are available from security.debian.org.

August 14, 2009 09:45 Debian: New ocsinventory-agent packages fix arbitrary cod...

0

It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system. Updated packages are available from security.debian.org.

August 14, 2009 09:44 Debian: New ipplan packages fix cross-site scripting

0

It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks. Updated packages are available from security.debian.org.

August 14, 2009 09:42 Debian: New eggdrop packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot. It was discovered that eggdrop is vulnerable to a buffer overflow, which could result in a remote user executing arbitrary code. It was discovered that eggdrop is vulnerable to a denial of service attack, that allows remote attackers to cause a crash via a crafted PRIVMSG. Updated packages are available from security.debian.org.

August 14, 2009 09:40 Debian: New nagios2/nagios3 packages fix arbitrary code e...

0

It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters. Updated packages are available from security.debian.org.

August 14, 2009 09:22 Debian: New phpmyadmin packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. Cross site scripting vulnerability in the export page allow for an attacker that can place crafted cookies with the user to inject arbitrary web script or HTML. Static code injection allows for a remote attacker to inject arbitrary code into phpMyAdmin via the setup.php script. This script is in Debian under normal circumstances protected via Apache authentication. However, because of a recent worm based on this exploit, we are patching it regardless, to also protect installations that somehow still expose the setup.php script. Updated packages are available from security.debian.org.

July 07, 2009 09:48 Debian: New mahara packages fix cross-site scripting

0

It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users. Updated packages are available from security.debian.org.

July 07, 2009 09:47 Debian: New amule packages fix insufficient input sanitising

0

Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player. Updated packages are available from security.debian.org.

July 07, 2009 09:40 Debian: New xulrunner packages fix several vulnerabilities

0

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. Among other issues, several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. It is possible to execute arbitrary code via vectors involving “double frame construction.” Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. Updated packages are available from security.debian.org.

July 02, 2009 10:21 Debian: New vlc packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. Pınar Yanardağ discovered that it is possible to execute arbitrary code when opening a crafted mmst link. Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.