Articles / Debian

All articles tagged with Debian

January 09, 2012 07:00 Debian: Security update for ecryptfs-utils

0

Several problems have been discovered in ecryptfs-utils, a cryptographic filesystem for Linux. Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly handled modifications to the mtab file when an error occurs. A local attacker could use this flaw to corrupt the mtab file, and possibly unmount arbitrary locations, leading to a denial of service.

Marc Deslauriers discovered that eCryptfs incorrectly handled keys when setting up an encrypted private directory. A local attacker could use this flaw to manipulate keys during creation of a new user. Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled lock counters. A local attacker could use this flaw to possibly overwrite arbitrary files.

Updated packages are available from security.ubuntu.com.

January 09, 2012 06:58 Debian: Security update for Squid

0

It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash. Updated packages are available from security.debian.org.

January 07, 2012 15:52 Debian: Security update for kerberos

0

It was discovered that the Key Distribution Center (KDC) in Kerberos 5 crashes when processing certain crafted requests. When the LDAP backend is used, remote users can trigger a KDC daemon crash and denial of service. When the LDAP or Berkeley DB backend is used, remote users can trigger a NULL pointer dereference in the KDC daemon and a denial of service. Updated packages are available from security.debian.org.

January 05, 2012 12:11 Debian: Security update for ffmpeg

0

Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

January 05, 2012 12:10 Debian: Security update for cyrus-imapd

0

It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP. Updated packages are available from security.debian.org.

January 05, 2012 12:09 Debian: Security update for ipmitool

0

It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file. Updated packages are available from security.debian.org.

January 03, 2012 20:05 Debian: Security update for kerberos

0

It was discovered that the encryption support for BSD telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet port to execute arbitrary code with root privileges. Updated packages are available from security.debian.org.

January 03, 2012 20:03 Debian: Security update for openswan

0

The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto. Updated packages are available from security.debian.org.

January 03, 2012 20:02 Debian: Security update for inetutils

0

It was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges. Updated packages are available from security.debian.org.

January 03, 2012 20:01 Debian: Security update for heimdal

0

It was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges. Updated packages are available from security.debian.org.

January 03, 2012 19:59 Debian: Security update for JasPer

0

Two buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

January 01, 2012 19:14 Debian: Security update for unbound

0

It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service. Unbound attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone. Unbound does not properly process malformed responses which lack expected NSEC3 records. Updated packages are available from security.debian.org.

January 01, 2012 19:12 Debian: Security update for libsoup

0

It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack. Updated packages are available from security.debian.org.

December 29, 2011 08:52 Debian: Security update for lighttpd

0

Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions. When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called “BEAST” attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack (BCBA) on an HTTPS session. Updated packages are available from security.debian.org.

December 27, 2011 08:36 Debian: Security update for asterisk

0

Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit. Ben Williams discovered that it was possible to enumerate SIP user names in some configurations. Kristijan Vrban discovered that Asterisk can be crashed with malformed SIP packets if the “automon” feature is enabled. Updated packages are available from security.debian.org.

December 27, 2011 08:32 Debian: Security update for MediaWiki

0

Several problems have been discovered in mediawiki, a website engine for collaborative work. Masato Kinugawa discovered a cross-site scripting (XSS) issue, which affects Internet Explorer clients only, and only version 6 and earlier. Web server configuration changes are required to fix this issue. Upgrading MediaWiki will only be sufficient for people who use Apache with AllowOverride enabled. Wikipedia user Suffusion of Yellow discovered a CSS validation error in the wikitext parser. This is an XSS issue for Internet Explorer clients, and a privacy loss issue for other clients since it allows the embedding of arbitrary remote images. MediaWiki developer Happy-Melon discovered that the transwiki import feature neglected to perform access control checks on form submission. The transwiki import feature is disabled by default. If it is enabled, it allows wiki pages to be copied from a remote wiki listed in $wgImportSources. The issue means that any user can trigger such an import to occur.

Alexandre Emsenhuber discovered an issue where page titles on private wikis could be exposed bypassing different page ids to index.php. In the case of the user not having correct permissions, they will now be redirected to Special:BadTitle. Tim Starling discovered that action=ajax requests were dispatched to the relevant function without any read permission checks being done. This could have led to data leakage on private wikis.

Updated packages are available from security.debian.org.

December 26, 2011 08:12 Debian: Security update for DTC

0

Ansgar Burchardt, Mike O’Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services. A possible shell insertion has been found in the mailing list handling. Unix rights for the apache2.conf were set incorrectly (world readable). Incorrect input sanitising for the $_SERVER["addrlink"] parameter could lead to SQL insertion. DTC was using the -b option of htpasswd, possibly revealing password in clear text using ps or reading /proc. A possible HTML/javascript insertion vulnerability has been found in the DNS & MX section of the user panel.

Updated packages are available from security.debian.org.

December 26, 2011 08:08 Debian: Security update for tor

0

It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. Updated packages are available from security.debian.org.

December 19, 2011 09:28 Debian: Security update for acpid

0

Multiple vulnerabilities were found in the acpid, the Advanced Configuration and Power Interface event daemon. Vasiliy Kulikov of OpenWall discovered that the socket handling is vulnerable to denial of service. Oliver-Tobias Ripka discovered that incorrect process handling in the Debian-specific powerbtn.sh script could lead to local privilege escalation. Helmut Grohne and Michael Biebl discovered that acpid sets a umask of 0 when executing scripts, which could result in local privilege escalation. Updated packages are available from security.debian.org.

December 15, 2011 10:19 Debian: Security update for ChaSen

0

It was discovered that ChaSen, a Japanese morphological analysis system, contains a buffer overflow, potentially leading to arbitrary code execution in programs using the library. Updated packages are available from security.debian.org.

December 13, 2011 07:04 Debian: Security update for Mojarra

0

It was discovered that Mojarra, an implementation of JavaServer Faces, evaluates untrusted values as EL expressions if includeViewParameters is set to true. Updated packages are available from security.debian.org.

December 05, 2011 06:57 Debian: Security update for evince

0

Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer. Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. Insuficient bounds checks in the AFM fonts parser when writing data to a memory buffer allocated on heap could lead to arbitrary memory overwrite and arbitrary code execution.

Insuficient check on an integer used as a size for memory allocation can lead to arbitrary write outside the allocated range and cause arbitrary code execution. Updated packages are available from security.debian.org.

December 03, 2011 13:49 Debian: Security update for OpenJDK

0

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform. The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges.

The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges. The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges.

Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files.

The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.

Updated packages are available from security.debian.org.

December 03, 2011 13:44 Debian: Security update for clearsilver

0

Leo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code. Updated packages are available from security.debian.org.

December 03, 2011 13:43 Debian: Security update for CUPS

0

Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the Cups printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files. Updated packages are available from security.debian.org.

November 29, 2011 14:48 Debian: Security update for ldns

0

David Wheeler discovered a buffer overflow in ldns’s code to parse RR records, which could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

November 29, 2011 14:46 Debian: Security update for Puppet

0

It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the “certdnsnames” option was used. This could lead to man in the middle attacks. Updated packages are available from security.debian.org.

November 25, 2011 10:44 Debian: Security update for Wireshark

0

Huzaifa Sidhpurwala discovered a buffer overflow in Wireshark’s ERF dissector, which could lead to the execution of arbitrary code. Updated packages are available from security.debian.org. discovered a buffer overflow in Wireshark’s ERF dissector, which could lead to the execution of arbitrary code.

November 25, 2011 10:40 Debian: Security update for systemtap

0

Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux. It was discovered that a race condition in staprun could lead to privilege escalation. It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation. It was discovered that insufficient validation of module unloading could lead to denial of service. Updated packages are available from security.debian.org.

November 25, 2011 10:39 Debian: Security update for freetype

0

It was discovered that missing input sanitising in Freetype’s processing of CID-keyed fonts could lead to the execution of arbitrary code. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.