Articles / Debian

All articles tagged with Debian

May 02, 2012 17:13 Debian: Security update for InspIRCd

0

It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query. Updated packages are available from security.debian.org.

April 30, 2012 07:25 Debian: Security update for tiff

0

Alexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened. Updated packages are available from security.debian.org.

April 30, 2012 07:24 Debian: Security update for libpng

0

It was discovered that incorrect memory handling in the png_set_text2() function of the PNG library could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

April 30, 2012 07:21 Debian: Security update for Typo3

0

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework. Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these vulnerabilities. Accessing a CLI Script directly with a browser may disclose the database name used for the TYPO3 installation.

By not removing non printable characters, the API method t3lib_div::RemoveXSS() fails to filter specially crafted HTML injections, thus is susceptible to Cross-Site Scripting.

Updated packages are available from security.debian.org.

April 27, 2012 08:34 Debian: Security update for tryton-server

0

It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field. Updated packages are available from security.debian.org.

April 25, 2012 06:37 Debian: Security update for Linux

0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. Nageswara R Sastry reported an issue in the ext4 filesystem. Local users with the privileges to mount a filesystem can cause a denial of service (BUG) by providing a s_log_groups_per_flex value greater than 31. Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information leak in the eCryptfs filesystem. Local users were able to mount arbitrary directories. Sasha Levin reported an issue in the device assignment functionality in KVM. Local users with permission to access /dev/kvm could assign unused pci devices to a guest and cause a denial of service (crash).

Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest running on a 64-bit system can crash the guest with a syscall instruction. CAI Qian reported an issue in the CIFS filesystem. A reference count leak can occur during the lookup of special files, resulting in a denial of service (oops) on umount. H. Peter Anvin reported an issue in the regset infrastructure. Local users can cause a denial of service (NULL pointer dereference) by triggering the write methods of readonly regsets.

Updated packages are available from security.debian.org.

April 25, 2012 06:36 Debian: Security update for gnutls

0

Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library. Updated packages are available from security.debian.org.

April 25, 2012 06:36 Debian: Security update for openarena

0

It has been discovered that spoofed “getstatus” UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine (such as openarena). These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of service.

Updated packages are available from security.debian.org.

April 20, 2012 09:35 Debian: Security update for libtasn1

0

Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue.

April 20, 2012 09:33 Debian: Security update for libpng

0

Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. Updated packages are available from security.debian.org.

April 18, 2012 08:44 Debian: Security update for Raptor

0

It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure. Updated packages are available from security.debian.org.

April 18, 2012 08:42 Debian: Security update for Icedove

0

Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page.

Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.

Updated packages are available from security.debian.org.

April 18, 2012 08:40 Debian: Security update for Gnash

0

Several vulnerabilities have been identified in Gnash, the GNU Flash player. Tielei Wang from Georgia Tech Information Security Center discovered a vulnerability in GNU Gnash which is caused due to an integer overflow error and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted SWF file. Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie files are stored under /tmp and have predictable names, vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for, and are also world-readable which may cause information leak.

Jakub Wilk discovered an unsafe management of temporary files during the build process. Files are stored under /tmp and have predictable names, vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for.

Updated packages are available from security.debian.org.

April 16, 2012 06:09 Debian: Security update for nginx

0

Matthew Daley discovered a memory disclosure vulnerability in nginx. In previous versions of this web server, an attacker can receive the content of previously freed memory if an upstream server returned a specially crafted HTTP response, potentially exposing sensitive information. Updated packages are available from security.debian.org.

April 16, 2012 06:07 Debian: Security update for libapache2-mod-fcgid

0

It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources. Updated packages are available from security.debian.org.

April 12, 2012 08:22 Debian: Security update for Iceweasel

0

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page.

Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.

Updated packages are available from security.debian.org.

April 10, 2012 09:29 Debian: Security update for libyaml-libyaml-perl

0

Dominic Hargreaves and Niko Tyni discovered two format string vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml library. Updated packages are available from security.debian.org.

April 10, 2012 09:27 Debian: Security update for libdbd-pg-perl

0

Niko Tyni discovered two format string vulnerabilities in DBD::Pg, a Perl DBI driver for the PostgreSQL database server, which can be exploited by a rogue database server. Updated packages are available from security.debian.org.

April 10, 2012 08:33 Debian: Security update for python-pam

0

Markus Vervier discovered a double free in the Python interface to the PAM library, which could lead to denial of service. Updated packages are available from security.debian.org.

April 08, 2012 15:48 Debian: Security update for freetype

0

Mateusz Jurczyk from the Google Security Team discovered several vulnerabilties in Freetype’s parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed. Updated packages are available from security.debian.org.

April 02, 2012 08:20 Debian: Security update for plib

0

It was discovered that PLIB, a library used by TORCS, contains a buffer overflow in error message processing, which could allow remote attackers to execute arbitrary code. Updated packages are available from security.debian.org.

April 02, 2012 08:19 Debian: Security update for libxml-atom-perl

0

It was discovered that the XML::Atom Perl module did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected ressources, depending on how the library is used. Updated packages are available from security.debian.org.

April 02, 2012 08:18 Debian: Security update for MovableType

0

Several vulnerabilities were discovered in Movable Type, a blogging system. Under certain circumstances, a user who has “Create Entries” or “Manage Blog” permissions may be able to read known files on the local file system. The file management system contains shell command injection vulnerabilities, the most serious of which may lead to arbitrary OS command execution by a user who has a permission to sign-in to the admin script and also has a permission to upload files. Session hijack and cross-site request forgery vulnerabilities exist in the commenting and the community script. A remote attacker could hijack the user session or could execute arbitrary script code on victim’s browser under the certain circumstances.

Templates which do not escape variable properly and mt-wizard.cgi contain cross-site scripting vulnerabilities.

Updated packages are available from security.debian.org.

March 28, 2012 07:01 Debian: Security update for file

0

The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File (CDF) format, leading to crashes. Updated packages are available from security.debian.org.

March 28, 2012 07:00 Debian: Security update for Moodle

0

Several security issues have been fixed in Moodle, a course management system for online learning. Rossiani Wijaya discovered an information leak in mod/forum/user.php MNET authentication didn’t prevent a user using “Login As” from jumping to a remove MNET SSO. Darragh Enright discovered that the change password form was send in over plain HTTP even if httpslogin was set to “true”.

David Michael Evans and German Sanchez Gances discovered CRLF injection/HTTP response splitting vulnerabilities in the Calendar module. Stephen Mc Guiness discovered empty passwords could be entered in some circumstances. Patrick McNeill that IP address restrictions could be bypassed in MNET.

Simon Coggins discovered that additional information could be injected into mail headers. John Ehringer discovered that email adresses were insufficiently validated. Rajesh Taneja discovered that cookie encryption used a fixed key.

Eloy Lafuente discovered that profile images were insufficiently protected. A new configuration option “forceloginforprofileimages” was introduced for that.

Updated packages are available from security.debian.org.

March 26, 2012 11:51 Debian: New OpenJDK packages fix security vulnerabilities

0

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. The Iced Tea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix with the required domain name. The Java Sound component did not properly check for array boundaries. A malicious input or an untrusted Java application or applet could use this flaw to cause Java Virtual Machine to crash or disclose portion of its memory.

The OpenJDK embedded web server did not guard against an excessive number of a request parameters, leading to a denial of service vulnerability involving hash collisions. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. This could lead to JVM crash or Java sandbox bypass. The ZIP central directory parser used by java.util.zip.ZipFile entered an infinite recursion in native code when processing a crafted ZIP file, leading to a denial of service.

A flaw was found in the AWT KeyboardFocusManager class that could allow untrusted Java applets to acquire keyboard focus and possibly steal sensitive information. The java.util.TimeZone.setDefault() method lacked a security manager invocation, allowing an untrusted Java application or applet to set a new default time zone. The Java serialization code leaked references to serialization exceptions, possibly leaking critical objects to untrusted code in Java applets and applications.

It was discovered that CORBA implementation in Java did not properly protect repository identifiers (that can be obtained using _ids() method) on certain Corba objects. This could have been used to perform modification of the data that should have been immutable. The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine to crash or bypass Java sandbox restrictions

Updated packages are available from security.debian.org.

March 22, 2012 09:25 Debian: Security update for Puppet

0

Two vulnerabilities were discovered in Puppet, a centralized configuration management tool. Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used. Updated packages are available from security.debian.org.

March 22, 2012 09:24 Debian: Security update for PostgreSQL

0

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. It was discovered that the permissions of a function called by a trigger are not checked. This could result in privilege escalation. It was discovered that only the first 32 characters of a host name are checked when validating host names through SSL certificates. This could result in spoofing the connection in limited circumstances. It was discovered that pg_dump did not sanitise object names. This could result in arbitrary SQL command execution if a malformed dump file is opened. Updated packages are available from security.debian.org.

March 22, 2012 09:21 Debian: Security update for samba

0

Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code. Updated packages are available from security.debian.org.

March 19, 2012 09:51 Debian: Security update for libxml2

0

It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. As a result it is possible to perform denial of service attacks against applications using libxml2 functionality because of the computational overhead. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.