{"3222": "
Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony,\nan alternative NTP client and server:
\nUsing particular address/subnet pairs when configuring access control\n would cause an invalid memory write. This could allow attackers to\n cause a denial of service (crash) or execute arbitrary code.
When allocating memory to save unacknowledged replies to authenticated\n command requests, a pointer would be left uninitialized, which could\n trigger an invalid memory write. This could allow attackers to cause a\n denial of service (crash) or execute arbitrary code.
When peering with other NTP hosts using authenticated symmetric\n association, the internal state variables would be updated before the\n MAC of the NTP messages was validated. This could allow a remote\n attacker to cause a denial of service by impeding synchronization\n between NTP peers.
For the stable distribution (wheezy), these problems have been fixed in\nversion 1.24-3.1+deb7u3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.30-2.
\nWe recommend that you upgrade your chrony packages.
\nMichael Brooks discovered that ctorrent, a text-mode bittorrent client,\ndoes not verify the length of file paths in torrent files. An attacker\ncan exploit this via a crafted torrent that contains a long file path to\nexecute arbitrary code with the rights of the user opening the file.
\nThe oldstable distribution (etch) does not contain ctorrent.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.4-dnh3.2-1+lenny1.
\nFor the testing distribution (squeeze), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.4-dnh3.2-1.1.
\nWe recommend that you upgrade your ctorrent packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that the Horde web application framework permits arbitrary\nfile inclusion by a remote attacker through the theme
preference parameter.
For the old stable distribution (sarge) this problem has been fixed in\nversion 3.0.4-4sarge7.
\nFor the stable distribution (etch) this problem has been fixed in version\n3.1.3-4etch3.
\nFor the unstable distribution (sid) this problem has been fixed in version\n3.1.7-1.
\nWe recommend that you upgrade your horde3 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nRainer Gerhards, the rsyslog project leader, reported a vulnerability in\nRsyslog, a system for log processing. As a consequence of this\nvulnerability an attacker can send malformed messages to a server, if\nthis one accepts data from untrusted sources, and trigger a denial of\nservice attack.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.8.11-3+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.4.1-1.
\nWe recommend that you upgrade your rsyslog packages.
\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nIt was discovered that missing boundary checks on a reference\n counter for CSS objects can lead to the execution of arbitrary code.
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code.
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in\n the Javascript engine, which might allow the execution of arbitrary code.
moz_bug_r_a4
discovered several cross-site scripting vulnerabilities.
Collin Jackson and Adam Barth discovered that Javascript code\n could be executed in the context of signed JAR archives.
moz_bug_r_a4
discovered that XUL documents can escalate\n privileges by accessing the pre-compiled fastload
file.
moz_bug_r_a4
discovered that missing input sanitising in the\n mozIJSSubScriptLoader.loadSubScript() function could lead to the\n execution of arbitrary code. Iceweasel itself is not affected, but\n some addons are.
Claudio Santambrogio discovered that missing access validation in\n DOM parsing allows malicious web sites to force the browser to\n upload local files to the server, which could lead to information\n disclosure.
Daniel Glazman discovered that a programming error in the code for\n parsing .properties files could lead to memory content being\n exposed to addons, which could lead to information disclosure.
Masahiro Yamada discovered that file URLs in directory listings\n were insufficiently escaped.
John G. Myers, Frank Benkstein and Nils Toedtmann discovered that\n alternate names on self-signed certificates were handled\n insufficiently, which could lead to spoofing of secure connections.
Greg McManus discovered a crash in the block reflow\n code, which might allow the execution of arbitrary code.
Billy Rios discovered that passing an URL containing a pipe symbol\n to Iceweasel can lead to Chrome privilege escalation.
For the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080614d-0etch1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.1-1.
\nWe recommend that you upgrade your xulrunner packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that the PostgreSQL database performs insufficient type\nchecking for SQL function arguments, which might lead to denial of service\nor information disclosure.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 7.4.7-6sarge4.
\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 8.1.7-1 of the postgresql-8.1 package.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 8.1.7-1 of the postgresql-8.1 package.
\nWe recommend that you upgrade your PostgreSQL packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been found in VLC, the VideoLAN project's\nmedia player. Processing malformed subtitles or movie files could lead\nto denial of service and potentially the execution of arbitrary code.
\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 2.2.6-1~deb8u1.
\nWe recommend that you upgrade your vlc packages.
\nJack Louis discovered an integer overflow in Perl, Larry Wall's\nPractical Extraction and Report Language, that allows attackers to\noverwrite arbitrary memory and possibly execute arbitrary code via\nspecially crafted content that is passed to vulnerable format strings\nof third party software.
\nThe old stable distribution (woody) does not seem to be affected by\nthis problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 5.8.4-8sarge3.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 5.8.7-9.
\nWe recommend that you upgrade your perl packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA buffer overflow has been discovered in the man command that could\nallow an attacker to execute code as the man user by providing\nspecially crafted arguments to the -H flag. This is likely to be an\nissue only on machines with the man and mandb programs installed\nsetuid.
\nFor the stable distribution (sarge), this problem has been fixed in\nversion 2.4.2-21sarge1.
\nFor the upcoming stable distribution (etch) and the unstable\ndistribution (sid), this problem has been fixed in version 2.4.3-5.
\nWe recommend that you upgrade your man-db package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral encoding problems have been discovered in PostgreSQL, a\npopular SQL database. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nAkio Ishida and Yasuo Ohgaki discovered a weakness in the handling\n of invalidly-encoded multibyte text data which could allow an\n attacker to inject arbitrary SQL commands.
A similar problem exists in client-side encodings (such as SJIS,\n BIG5, GBK, GB18030, and UHC) which contain valid multibyte\n characters that end with the backslash character. An attacker\n could supply a specially crafted byte sequence that is able to\n inject arbitrary SQL commands.
\nThis issue does not affect you if you only use single-byte (like\n SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like\n UTF-8) encodings.
\npsycopg and python-pgsql use the old encoding for binary data and\n may have to be updated.
The old stable distribution (woody) is affected by these problems but\nwe're unable to correct the package.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 7.4.7-6sarge2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7.4.13-1.
\nWe recommend that you upgrade your postgresql packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral local root exploits have been discovered recently in the Linux\nkernel. This security advisory updates the mips kernel 2.4.19 for\nDebian GNU/Linux. The Common Vulnerabilities and Exposures project\nidentifies the following problems that are fixed with this update:
\nAn integer overflow in brk() system call (do_brk() function) for\n Linux allows a local attacker to gain root privileges. Fixed\n upstream in Linux 2.4.23.
\nPaul Starzetz discovered\n a flaw in bounds checking in mremap() in\n the Linux kernel (present in version 2.4.x and 2.6.x) which may\n allow a local attacker to gain root privileges. Version 2.2 is not\n affected by this bug. Fixed upstream in Linux 2.4.24.
\nPaul Starzetz and Wojciech Purczynski of isec.pl discovered a\n critical security vulnerability in the memory management code of\n Linux inside the mremap(2) system call. Due to missing function\n return value check of internal functions a local attacker can gain\n root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.19-0.020911.1.woody3 of mips images and version\n2.4.19-4.woody1 of kernel source.
\nFor the unstable distribution (sid) this problem will be fixed soon\nwith the next upload of a 2.4.19 kernel image and in version\n2.4.22-0.030928.3 for 2.4.22.
\nWe recommend that you upgrade your Linux kernel packages immediately.
\nVulnerability matrix for CAN-2004-0077
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nWladimir Palant discovered that security checks in XML processing\n were insufficiently enforced.
Chris Evans discovered that insecure CSS handling could lead to\n reading data across domain boundaries.
Aki Helin discovered a buffer overflow in the internal copy of\n libpng, which could lead to the execution of arbitrary code.
\"regenrecht\" discovered that incorrect memory handling in DOM\n parsing could lead to the execution of arbitrary code.
Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary\n Kwong, Tobias Markus and Daniel Holbert discovered crashes in the\n layout engine, which might allow the execution of arbitrary code.
\"JS3\" discovered an integer overflow in the plugin code, which\n could lead to the execution of arbitrary code.
Jordi Chancel discovered that the location could be spoofed to\n appear like a secured page.
\"regenrecht\" discovered that incorrect memory handling in XUL\n parsing could lead to the execution of arbitrary code.
Soroush Dalili discovered an information leak in script\n processing.
For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.11-1.
\nFor the experimental distribution, these problems have been fixed in\nversion 1.9.2.7-1.
\nWe recommend that you upgrade your xulrunner packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA directory traversal vulnerability was discovered in mailreader\nwhereby remote attackers could view arbitrary files with the\nprivileges of the nph-mr.cgi process (by default, www-data) via\nrelative paths and a null byte in the configLanguage parameter.
\nFor the current stable distribution (woody), this problem has been\nfixed in version 2.3.29-5woody1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you update your mailreader package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, use-after-free vulnerabilities, missing permission checks, incorrect\nmemory handling and other implementation errors may lead to the execution\nof arbitrary code, privilege escalation, information disclosure or\ncross-site request forgery.
\nAs already announced for Iceweasel: we're changing the approach for\nsecurity updates for Icedove in stable-security: instead of\nbackporting security fixes, we now provide releases based on the\nExtended Support Release branch. As such, this update introduces\npackages based on Thunderbird 17 and at some point in the future we\nwill switch to the next ESR branch once ESR 17 has reached it's end\nof life.
\nSome Icedove extensions currently packaged in the Debian archive are\nnot compatible with the new browser engine. Up-to-date and compatible\nversions can be retrieved from http://addons.mozilla.org as a short\nterm solution.
\nAn updated and compatible version of Enigmail is included with this\nupdate.
\nThe Icedove version in the oldstable distribution (squeeze) is no\nlonger supported with full security updates. However, it should be\nnoted that almost all security issues in Icedove stem from the\nincluded browser engine. These security problems only affect Icedove\nif scripting and HTML mails are enabled. If there are security issues\nspecific to Icedove (e.g. a hypothetical buffer overflow in the IMAP\nimplementation) we'll make an effort to backport such fixes to oldstable.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.7-1~deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 17.0.7-1.
\nWe recommend that you upgrade your icedove packages.
\nJeroen van Wolffelaar noticed that the confirm add-on of SmartList,\nthe listmanager used on lists.debian.org, which is used on that host\nas well, could be tricked to subscribe arbitrary addresses to the\nlists.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.15-5.woody.1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.15-18.
\nWe recommend that you upgrade your smartlist package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJens Steube reported two vulnerabilities in webfs, a lightweight HTTP\nserver for static content.
\nCAN-2003-0832 - When virtual hosting is enabled, a remote client\n could specify \"..\" as the hostname in a request, allowing retrieval\n of directory listings or files above the document root.
\n CAN-2003-0833 - A long pathname could overflow a buffer allocated on\n the stack, allowing execution of arbitrary code. In order to exploit\n this vulnerability, it would be necessary to be able to create\n directories on the server in a location which could be accessed by\n the web server. In conjunction with CAN-2003-0832, this could be a\n world-writable directory such as /var/tmp
.
For the current stable distribution (woody) these problems have been fixed\nin version 1.17.2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.20.
\nWe recommend that you update your webfs package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMultiple vulnerabilities have been found in Redmine, a project management\nweb application, which may result in information disclosure.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.0~20140825-8~deb8u2.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 3.2.0-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.2.0-1.
\nWe recommend that you upgrade your redmine packages.
\nSeveral vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox:
\nScoobidiver
, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,\n Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella\n discovered memory corruption bugs, which may lead to the execution\n of arbitrary code.
regenrecht
discovered several dangling pointer vulnerabilities,\n which may lead to the execution of arbitrary code.
Paul Stone discovered that Java applets could steal information\n from the autocompletion history.
Soroush Dalili discovered a directory traversal vulnerability in\n handling resource URIs.
For the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.
\nWe recommend that you upgrade your iceweasel packages.
\nAntoine Delignat-Lavaud from Inria discovered an issue in the way NSS\n(the Mozilla Network Security Service library) was parsing ASN.1 data\nused in signatures, making it vulnerable to a signature forgery attack.
\nAn attacker could craft ASN.1 data to forge RSA certificates with a\nvalid certification chain to a trusted CA.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2:3.14.5-1+deb7u2.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 2:3.17.1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.17.1.
\nWe recommend that you upgrade your nss packages.
\nHironori Sakamoto, one of the w3m developers, found two security\nvulnerabilities in w3m and associated programs. The w3m browser does\nnot properly escape HTML tags in frame contents and img alt\nattributes. A malicious HTML frame or img alt attribute may deceive a\nuser to send their local cookies which are used for configuration. The\ninformation is not leaked automatically, though.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.3-2.4.
\nThe old stable distribution (potato) is not affected by these\nproblems.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.3.2.2-1 and later.
\nWe recommend that you upgrade your w3m and w3m-ssl packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nAaron Neyer discovered that missing input sanitising in the logging\ncomponent of Ruby Actionmailer could result in denial of service through\na malformed e-mail message.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.2.6-2+deb7u1. ruby-activesupport-3.2 was updated in a related\nchange to version 3.2.6-6+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.16-3+0 of the rails-3.2 source package.
\nWe recommend that you upgrade your ruby-actionmailer-3.2 packages.
\nChristoph Pleger has discovered that the GNU C Library (aka glibc) and\nits derivatives add information from the passwd.adjunct.byname map to\nentries in the passwd map, which allows local users to obtain the\nencrypted passwords of NIS accounts by calling the getpwnam function.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.3.6.ds1-13etch10 of the glibc package.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.7-18lenny2 of the glibc package.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.10.2-4 of the eglibc package.
\nWe recommend that you upgrade your glibc or eglibc package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nHossein Lotfi discovered an integer overflow in libsndfile's code to\nparse Paris Audio files, which could potentially lead to the execution\nof arbitrary code.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.17-4+lenny3.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.21-3+squeeze1
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.25-1.
\nWe recommend that you upgrade your libsndfile packages.
\nSeveral buffer overflows have been discovered in cgiirc, a web-based\nIRC client, which could be exploited to execute arbitrary code.
\nThe old stable distribution (woody) does not contain cgiirc packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.5.4-6sarge1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.5.4-6sarge1.
\nWe recommend that you upgrade your cgiirc package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo denial of service vulnerabilities were identified in strongSwan, an\nIKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.
\nRSA public keys passed to the gmp plugin aren't validated sufficiently\n before attempting signature verification, so that invalid input might\n lead to a floating point exception and crash of the process.\n A certificate with an appropriately prepared public key sent by a peer\n could be used for a denial-of-service attack.
ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when\n parsing X.509 certificates with extensions that use such types. This could\n lead to infinite looping of the thread parsing a specifically crafted\n certificate.
A fix for a build failure was additionally included in the 5.2.1-6+deb8u4\nrevision of the strongSwan package.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.2.1-6+deb8u3.
\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 5.5.1-4
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.5.1-4.
\nWe recommend that you upgrade your strongswan packages.
\nSeveral vulnerabilities have been discovered in the GNU C Library (aka\nglibc) and its derivatives. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nMaksymilian Arciemowicz discovered that the GNU C library did not\n correctly handle integer overflows in the strfmon family of\n functions. If a user or automated system were tricked into\n processing a specially crafted format string, a remote attacker\n could crash applications, leading to a denial of service.
Jeff Layton and Dan Rosenberg discovered that the GNU C library did\n not correctly handle newlines in the mntent family of functions. If\n a local attacker were able to inject newlines into a mount entry\n through other vulnerable mount helpers, they could disrupt the\n system or possibly gain root privileges.
Dan Rosenberg discovered that the GNU C library did not correctly\n validate certain ELF program headers. If a user or automated system\n were tricked into verifying a specially crafted ELF program, a\n remote attacker could execute arbitrary code with user privileges.
For the stable distribution (lenny), these problems have been fixed in\nversion 2.7-18lenny4 of the glibc package.
\nFor the testing distribution (squeeze), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems has been fixed in\nversion 2.1.11-1 of the eglibc package.
\nWe recommend that you upgrade your glibc or eglibc packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nPeter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.
moz_bug_r_a4
discovered that variants of CVE-2007-3738 and\n CVE-2007-5338 allow the execution of arbitrary code through\n XPCNativeWrapper.
moz_bug_r_a4
discovered that insecure handling of event\n handlers could lead to cross-site scripting.
Boris Zbarsky, Johnny Stenback and moz_bug_r_a4
discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.
Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.
georgi
, tgirmann
and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.
Gregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.
Gregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.
Chris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.
The Mozilla products from the old stable distribution (sarge) are no\nlonger supported.
\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080323b-0etch1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.1.13-1.
\nWe recommend that you upgrade your xulrunner packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nHartmut Goebel discovered that MAT, a toolkit to anonymise/remove\nmetadata from files did not remove metadata from images embededed in PDF\ndocuments.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.5.2-3+deb8u1. This update disables PDF support in MAT\nentirely.
\nWe recommend that you upgrade your mat packages.
\nA vulnerability was recently found in the way that SpamAssassin parses\ncertain email headers. This vulnerability could cause SpamAssassin to\nconsume a large number of CPU cycles when processing messages containing\nthese headers, leading to a potential denial of service (DOS) attack.
\nThe version of SpamAssassin in the old stable distribution (woody) is\nnot vulnerable.
\nFor the stable distribution (sarge), this problem has been fixed in\nversion 3.0.3-2. Note that packages are not yet ready for certain\narchitectures; these will be released as they become available.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.0.4-1.
\nWe recommend that you upgrade your sarge or sid spamassassin package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in LXC, the Linux\nContainers userspace tools. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nRoman Fiedler discovered a directory traversal flaw in LXC when\n creating lock files. A local attacker could exploit this flaw to\n create an arbitrary file as the root user.
Roman Fiedler discovered that LXC incorrectly trusted the\n container's proc filesystem to set up AppArmor profile changes and\n SELinux domain transitions. A malicious container could create a\n fake proc filesystem and use this flaw to run programs inside the\n container that are not confined by AppArmor or SELinux.
For the stable distribution (jessie), these problems have been fixed in\nversion 1:1.0.6-6+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:1.0.7-4.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.0.7-4.
\nWe recommend that you upgrade your lxc packages.
\nNiels Heinen noticed a security issue with the default Apache\nconfiguration on Debian if certain scripting modules like mod_php or\nmod_rivet are installed. The problem arises because the directory\n/usr/share/doc, which is mapped to the URL /doc, may contain example\nscripts that can be executed by requests to this URL. Although access\nto the URL /doc is restricted to connections from localhost, this still\ncreates security issues in two specific configurations:
\nSystems not meeting one of these two conditions are not known to be\nvulnerable. The actual security impact depends on which packages (and\naccordingly which example scripts) are installed on the system.\nPossible issues include cross site scripting, code execution, or\nleakage of sensitive data.
\nThis updates removes the problematic configuration sections from the\nfiles /etc/apache2/sites-available/default and .../default-ssl. When\nupgrading, you should not blindly allow dpkg to replace those files,\nthough. Rather you should merge the changes, namely the removal of the\nAlias /doc \"/usr/share/doc\"
line and the related <Directory\n\"/usr/share/doc/\">
block, into your versions of these config files.\nYou may also want to check if you have copied these sections to any\nadditional virtual host configurations.
For the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.16-6+squeeze7.
\nFor the testing distribution (wheezy), this problem will be fixed in\nversion 2.2.22-4.
\nFor the unstable distribution (sid), this problem will be fixed in\nversion 2.2.22-4.
\nFor the experimental distribution, this problem has been fixed in\nversion 2.4.1-3.
\nWe recommend that you upgrade your apache2 packages and adjust your\nconfiguration.
\nSeveral vulnerabilities were discovered in cgit, a fast web frontend for\ngit repositories written in C. A remote attacker can take advantage of\nthese flaws to perform cross-site scripting, header injection or denial\nof service attacks.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.10.2.git2.0.1-3+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 0.12.0.git2.7.0-1 or earlier.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.12.0.git2.7.0-1 or earlier.
\nWe recommend that you upgrade your cgit packages.
\nDave Love discovered that users who are allowed to submit jobs to a\nGrid Engine installation can escalate their privileges to root because\nthe environment is not properly sanitized before creating processes.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.2u5-1squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.2u5-6.
\nWe recommend that you upgrade your gridengine packages.
\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nJustin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the\n execution of arbitrary code.
\"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could by bypassed.
\"moz_bug_r_a4\" discovered that several vulnerabilities in\n feedWriter could lead to Chrome privilege escalation.
Paul Nickerson discovered that an attacker could move windows\n during a mouse click, resulting in unwanted action triggered by\n drag-and-drop.
\"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.
\"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.
Olli Pettay and \"moz_bug_r_a4\" discovered a Chrome privilege\n escalation vulnerability in XSLT handling.
Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code.
Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code.
Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.
Gareth Heyes discovered that some Unicode surrogate characters are\n ignored by the HTML parser.
Boris Zbarsky discovered that resource: URls allow directory\n traversal when using URL-encoded slashes.
Georgi Guninski discovered that resource: URLs could bypass local\n access restrictions.
Billy Hoffman discovered that the XBM decoder could reveal\n uninitialised memory.
Liu Die Yu discovered an information leak through local shortcut\n files.
Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions.
It was discovered that insufficient checks in the Flash plugin glue\n code could lead to arbitrary code execution.
Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution.
It was discovered that crashes in the layout engine could lead to\n arbitrary code execution.
It was discovered that crashes in the Javascript engine could lead to\n arbitrary code execution.
Justin Schuh discovered that a buffer overflow in http-index-format\n parser could lead to arbitrary code execution.
It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code.
\"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.
Collin Jackson discovered that the -moz-binding property bypasses\n security checks on codebase principals.
Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents.
For the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080614h-0etch1. Packages for mips will be provided\nlater.
\nFor the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), these problems have been fixed in version 1.9.0.4-1.
\nWe recommend that you upgrade your xulrunner packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMike Wiacek discovered that a buffer overflow in the ARC2 implementation\nof Python Crypto, a collection of cryptographic algorithms and protocols\nfor Python allows denial of service and potentially the execution of\narbitrary code.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.0.1+dfsg1-2.3+lenny0.
\nDue to a technical limitation in the Debian archive management scripts\nthe update for the old stable distribution (etch) cannot be released\nsynchronously. It will be fixed in version 2.0.1+dfsg1-1.2+etch0 soon.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your python-crypto package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nStefan Esser discovered an overflow in the object reference handling\n code of the unserialize() function, which allows the execution of\n arbitrary code if malformed input is passed from an application.
Stefan Esser discovered that the session handler performs\n insufficient validation of variable name length values, which allows\n information disclosure through a heap information leak.
Stefan Esser discovered a double free vulnerability in the\n session_regenerate_id() function, which allows the execution of\n arbitrary code.
Stefan Esser discovered a double free vulnerability in the session\n management code, which allows the execution of arbitrary code.
Stefan Esser discovered that the mail() function performs\n insufficient validation of folded mail headers, which allows mail\n header injection.
Stefan Esser discovered that the extension to handle ZIP archives\n performs insufficient length checks, which allows the execution of\n arbitrary code.
For the oldstable distribution (sarge) these problems have been fixed in\nversion 4.3.10-20.
\nFor the stable distribution (etch) these problems have been fixed\nin version 4.4.4-8+etch2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.4.6-1. php4 will be removed from sid; thus you are strongly\nadvised to migrate to php5 if you prefer to follow the unstable\ndistribution.
\nWe recommend that you upgrade your PHP packages. Packages for the arm,\nm68k, mips and mipsel architectures are not yet available. They will be\nprovided later.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA denial of service vulnerability was reported in varnish, a state of\nthe art, high-performance web accelerator. With some configurations of\nvarnish a remote attacker could mount a denial of service (child-process\ncrash and temporary caching outage) via a GET request with trailing\nwhitespace characters and no URI.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.3-8+deb6u1.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.0.2-2+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.0.5-1.
\nWe recommend that you upgrade your varnish packages.
\nSeveral vulnerabilities have been found in the Apache HTTPD Server:
\nAn integer overflow in ap_pregsub() could allow local attackers to\n execute arbitrary code at elevated privileges via crafted .htaccess\n files.
The Apache HTTP Server did not properly validate the request URI for\n proxied requests. In certain reverse proxy configurations using the\n ProxyPassMatch directive or using the RewriteRule directive with the\n [P] flag, a remote attacker could make the proxy connect to an\n arbitrary server. This could allow the attacker to access internal\n servers that are not otherwise accessible from the outside.
\nThe three CVE ids denote slightly different variants of the same\n issue.
\nNote that, even with this issue fixed, it is the responsibility of\n the administrator to ensure that the regular expression replacement\n pattern for the target URI does not allow a client to append arbitrary\n strings to the host or port parts of the target URI. For example, the\n configuration
\n\n ProxyPassMatch ^/mail(.*) http://internal-host$1\n\n
is still insecure and should be replaced by one of the following\n configurations:
\n\n ProxyPassMatch ^/mail(/.*) http://internal-host$1\n ProxyPassMatch ^/mail/(.*) http://internal-host/$1\n\n
An apache2 child process could cause the parent process to crash\n during shutdown. This is a violation of the privilege separation\n between the apache2 processes and could potentially be used to worsen\n the impact of other vulnerabilities.
The response message for error code 400 (bad request) could be used to\n expose httpOnly
cookies. This could allow a remote attacker using\n cross site scripting to steal authentication cookies.
For the oldstable distribution (lenny), these problems have been fixed in\nversion apache2 2.2.9-10+lenny12.
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion apache2 2.2.16-6+squeeze6
\nFor the testing distribution (wheezy), these problems will be fixed in\nversion 2.2.22-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.22-1.
\nWe recommend that you upgrade your apache2 packages.
\nThis update also contains updated apache2-mpm-itk packages which have\nbeen recompiled against the updated apache2 packages. The new version\nnumber for the oldstable distribution is 2.2.6-02-1+lenny7. In the\nstable distribution, apache2-mpm-itk has the same version number as\napache2.
\nRhys Kidd discovered a vulnerability in l2tpns, a layer 2 tunnelling\nprotocol network server, which could be triggered by a remote user to\nexecute arbitrary code.
\nFor the stable distribution (sarge), this problem has been fixed in\nversion 2.0.14-1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.1.21-1.
\nWe recommend that you upgrade your l2tpns package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThomas Gerbet discovered that viewvc, a web interface for CVS and\nSubversion repositories, did not properly sanitize user input. This\nproblem resulted in a potential Cross-Site Scripting vulnerability.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.1.22-1+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.26-1.
\nWe recommend that you upgrade your viewvc packages.
\nUlf H\u00e4rnhammar and Max Vozeler from the Debian Security Audit Project\nhave found several format string security bugs in osiris, a\nnetwork-wide system integrity monitor control interface. A remote\nattacker could exploit them and cause a denial of service or execute\narbitrary code.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 4.0.6-1sarge1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.2.0-2.
\nWe recommend that you upgrade your osiris packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA vulnerability was discovered in PostgreSQL database server.\nRandom numbers generated by contrib/pgcrypto functions may be easy\nfor another database user to guess.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 8.4.17-0squeeze1.
\nFor the testing (wheezy) and unstable distribution (sid), postgresql-8.4\npackages have been removed; in those, this problem has been fixed in\npostgresql-9.1 9.1.9-0wheezy1 (wheezy), and 9.1.9-1 (sid) respectively.
\nNote: postgresql-8.4 in Squeeze is not affected by CVE-2013-1899\n(database files corruption) and CVE-2013-1901\n(unprivileged user can interfere with in-progress backups).
\nWe recommend that you upgrade your postgresql-8.4 packages.
\nA vulnerability has been discovered in the index support of the\nZCatalog plug-in in Zope, an open source web application server. A\nflaw in the security settings of ZCatalog allows anonymous users to\ncall arbitrary methods of catalog indexes. The vulnerability also\nallows untrusted code to do the same.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.5.1-1woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.6.0-0.1 and higher.
\nWe recommend that you upgrade your zope package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nPetr Sklenar and Tomas Hoger discovered that missing input sanitising in\nthe GIF decoder inside the CUPS printing system could lead to denial\nof service or potentially arbitrary code execution through crafted GIF\nfiles.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny10.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.4-7+squeeze1.
\nFor the testing (wheezy) and unstable distributions (sid), this problem has been\nfixed in version 1.5.0-8.
\nWe recommend that you upgrade your cups packages.
\nMultiple vulnerabilities have been discovered in LibreOffice, a\nfull-featured office productivity:
\nFederico Scrinzi discovered an information leak in the handling of\n ODF documents. Quoting from\n https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/:\n The LinkUpdateMode feature controls whether documents inserted into\n Writer or Calc via links will either not get updated, or prompt to\n update, or automatically update, when the parent document is loaded.\n The configuration of this option was stored in the document. That\n flawed approach enabled documents to be crafted with links to\n plausible targets on the victims host computer. The contents of\n those automatically inserted after load links can be concealed in\n hidden sections and retrieved by the attacker if the document is\n saved and returned to sender, or via http requests if the user has\n selected lower security settings for that document.
A buffer overflow in parsing the printer setup information in ODF\n documents may result in the execution of arbitrary code.
A buffer overflow and an integer overflow in parsing\n Microsoft Word documents may result in the execution of arbitrary code.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 1:3.5.4+dfsg2-0+deb7u5.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.3.3-2+deb8u2.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:5.0.2-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:5.0.2-1.
\nWe recommend that you upgrade your libreoffice packages.
\nTimo Sirainen discovered several problems in ircII, a popular\nclient for Internet Relay Chat (IRC). A malicious server could\ncraft special reply strings, triggering the client to write beyond\nbuffer boundaries. This could lead to a denial of service if the\nclient only crashes, but may also lead to executing of arbitrary code\nunder the user id of the chatting user.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 20020322-1.1.
\nFor the old stable distribution (potato) these problems have been\nfixed in version 4.4M-1.1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 20030315-1.
\nWe recommend that you upgrade your ircII package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nA cryptographic vulnerability was discovered in the pseudo random number\ngenerator in python-crypto.
\nIn some situations, a race condition could prevent the reseeding of the\ngenerator when multiple processes are forked from the same parent. This would\nlead it to generate identical output on all processes, which might leak\nsensitive values like cryptographic keys.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze2.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.6-4+deb7u3.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 2.6.1-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.
\nWe recommend that you upgrade your python-crypto packages.
\nSeveral vulnerabilities were discovered in Wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nSQL Injection allowed a remote attacker to compromise the site.
The robustness of the shortcodes HTML tags filter has been improved.\n The parsing is a bit more strict, which may affect your\n installation.
A cross-site scripting vulnerability when processing shortcode tags.
A vulnerability has been discovered, allowing users without proper\n permissions to publish private posts and make them sticky.
An attacker could lock a post that was being edited.
Cross-site scripting in a widget title allows an attacker to steal\n sensitive information.
Fix some broken links in the legacy theme preview.
A cross-site scripting vulnerability in user list tables.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.6.1+dfsg-1~deb7u8.
\nFor the stable distribution (jessie), these problems have been fixed\nin version 4.1+dfsg-1+deb8u5 or earlier in DSA-3332-1 and DSA-3375-1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 4.3.1+dfsg-1 or earlier versions.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.3.1+dfsg-1 or earlier versions.
\nWe recommend that you upgrade your wordpress packages.
\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nGeorge Kargiotakis reported an issue in the temporary address handling\n of the IPv6 privacy extensions. Users on the same LAN can cause a denial\n of service or obtain access to sensitive information by sending router\n advertisement messages that cause temporary address generation to be\n disabled.
Dan Carpenter reported issues in the cpqarray driver for Compaq\n Smart2 Controllers and the cciss driver for HP Smart Array controllers\n allowing users to gain access to sensitive kernel memory.
Kees Cook discovered missing input sanitization in the HID driver for\n Zeroplus game pads that could lead to a local denial of service.
Kees Cook discovered that missing input sanitization in the HID driver\n for various Logitech force feedback devices could lead to a local denial\n of service.
Vasily Kulikov discovered that a flaw in the get_dumpable() function of\n the ptrace subsytsem could lead to information disclosure. Only systems\n with the fs.suid_dumpable sysctl set to a non-default value of 2
are\n vulnerable.
Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets\n using the UDP_CORK option could result in denial of service.
Fujitsu reported an issue in the device-mapper subsystem. Local users\n could gain access to sensitive kernel memory.
Stephan Mueller found in bug in the ANSI pseudo random number generator\n which could lead to the use of less entropy than expected.
Nico Golde and Fabian Yamaguchi reported an issue in the user mode\n linux port. A buffer overflow condition exists in the write method\n for the /proc/exitcode file. Local users with sufficient privileges\n allowing them to write to this file could gain further elevated\n privileges.
Andrew Honig of Google reported an issue in the KVM virtualization\n subsystem. A local user could gain elevated privileges by passing\n a large vcpu_id parameter.
Andrew Honig of Google reported an issue in the KVM virtualization\n subsystem. A divide-by-zero condition could allow a guest user to\n cause a denial of service on the host (crash).
Mahesh Rajashekhara reported an issue in the aacraid driver for storage\n products from various vendors. Local users with CAP_SYS_ADMIN privileges\n could gain further elevated privileges.
Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet\n device support for s390 systems. Local users could cause a denial of\n service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL\n ioctl.
Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem.\n Local users with CAP_SYS_ADMIN privileges could gain further elevated\n privileges.
Dan Carpenter reported an issue in the aacraid driver for storage devices\n from various vendors. A local user could gain elevated privileges due to\n a missing privilege level check in the aac_compat_ioctl function.
mpb reported an information leak in the recvfrom, recvmmsg and recvmsg\n system calls. A local user could obtain access to sensitive kernel memory.
Sasha Levin reported an issue in the RDS network protocol over Infiniband.\n A local user could cause a denial of service condition.
Nokia Siemens Networks reported an issue in the SCTP network protocol\n subsystem. Remote users could cause a denial of service (NULL pointer\n dereference).
Salva Peiro reported an issue in the FarSync WAN driver. Local users\n with the CAP_NET_ADMIN capability could gain access to sensitive kernel\n memory.
Salva Peiro reported an issue in the wanXL serial card driver. Local\n users could gain access to sensitive kernel memory.
Salva Peiro reported an issue in the YAM radio modem driver. Local users\n with the CAP_NET_ADMIN capability could gain access to sensitive kernel\n memory.
Matthew Thode reported an issue in the SELinux subsystem. A local user\n with CAP_MAC_ADMIN privileges could cause a denial of service by setting\n an empty security context on a file.
Martin Schwidefsky reported an issue on s390 systems. A local user\n could cause a denial of service (kernel oops) by executing an application\n with a linkage stack instruction.
Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp\n module. Remote users could cause a denial of service (system crash)\n or potentially gain elevated privileges.
For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze5.
\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | \nDebian 6.0 (squeeze) | \n
---|---|
user-mode-linux | \n2.6.32-1um-4+48squeeze5 | \n
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n
Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or leap-frog
fashion.
Several vulnerabilities were discovered in OpenSSL:
\nA local timing attack was discovered against ECDSA P-256.
It was discovered that no limit was imposed on alert packets during\n an SSL handshake.
Robert Swiecki discovered that the RC4-MD5 cipher when running on\n 32 bit systems could be forced into an out-of-bounds read, resulting\n in denial of service.
For the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u6.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.0d-1 of the openssl source package and in version 1.0.2k-1\nof the openssl1.0 source package.
\nWe recommend that you upgrade your openssl packages.
\nSeveral vulnerabilities have been found in PostgreSQL-9.4, a SQL\ndatabase system.
\nCVE-2015-3165\n(Remote crash)
\nSSL clients disconnecting just before the authentication timeout\n expires can cause the server to crash.
CVE-2015-3166\n(Information exposure)
\nThe replacement implementation of snprintf() failed to check for\n errors reported by the underlying system library calls; the main\n case that might be missed is out-of-memory situations. In the worst\n case this might lead to information exposure.
CVE-2015-3167\n(Possible side-channel key exposure)
\nIn contrib/pgcrypto, some cases of decryption with an incorrect key\n could report other error message texts. Fix by using a\n one-size-fits-all message.
For the stable distribution (jessie), these problems have been fixed in\nversion 9.4.2-0+deb8u1.
\nFor the testing distribution (stretch), these problems will be fixed\nsoon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.4.2-1.
\nWe recommend that you upgrade your postgresql-9.4 packages.
\nMultiple vulnerabilities have been discovered in Icedove, Debian's\nversion of the Mozilla Thunderbird mail client. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nMultiple unspecified vulnerabilities in the browser engine\n\tallow remote attackers to cause a denial of service (memory\n\tcorruption and application crash) or possibly execute\n\tarbitrary code via unknown vectors.
Icedove does not properly restrict calls to DOMWindowUtils\n\tmethods, which allows remote attackers to bypass intended\n\taccess restrictions via crafted JavaScript code.
A Use-after-free vulnerability in the IME State Manager\n\timplementation allows remote attackers to execute arbitrary\n\tcode via unspecified vectors, related to the\n\tnsIContent::GetNameSpaceID function.
Icedove does not properly restrict JSAPI access to the\n\tGetProperty function, which allows remote attackers to bypass\n\tthe Same Origin Policy and possibly have unspecified other\n\timpact via a crafted web site.
A use-after-free vulnerability in the\n\tnsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote\n\tattackers to execute arbitrary code or cause a denial of\n\tservice (heap memory corruption) via unspecified vectors.
A heap-based buffer overflow in the\n\tnsHTMLEditor::IsPrevCharInNodeWhitespace function allows\n\tremote attackers to execute arbitrary code via unspecified\n\tvectors.
A use-after-free vulnerability in the\n\tnsTextEditRules::WillInsert function allows remote attackers\n\tto execute arbitrary code or cause a denial of service (heap\n\tmemory corruption) via unspecified vectors.
A heap-based buffer overflow in the\n\tnsWav-eReader::DecodeAudioData function allows remote attackers\n\tto execute arbitrary code via unspecified vectors.
A heap-based buffer overflow in the Convolve3x3 function\n\tallows remote attackers to execute arbitrary code via\n\tunspecified vectors.
For the stable distribution (squeeze), these problems have been fixed\nin version 3.0.11-1+squeeze14.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 10.0.9-1.
\nWe recommend that you upgrade your icedove packages.
\nThe falconseye package is vulnerable to a buffer overflow exploited\nvia a long -s command line option. This vulnerability could be used\nby an attacker to gain gid 'games' on a system where falconseye is\ninstalled.
\nNote that falconseye does not contain the file permission error\nCAN-2003-0359 which affected some other nethack packages.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.9.3-7woody3.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.9.3-9.
\nWe recommend that you update your falconseye package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nErik Sj\u00f6lund discovered a buffer overflow in pcdsvgaview, an SVGA\nPhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display\ngraphics on the Linux console for which root permissions are required.\nA malicious user could overflow a fixed-size buffer and may cause the\nprogram to execute arbitrary code with elevated privileges.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.08-8woody3.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your xpcd-svga package immediately.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nFlorian Weimer of Red Hat Product Security discovered that libvdpau, the\nVDPAU wrapper library, did not properly validate environment variables,\nallowing local attackers to gain additional privileges.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 0.4.1-7+deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.8-3+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.1.1-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.1-1.
\nWe recommend that you upgrade your libvdpau packages.
\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:
\nIt was discovered that OpenSSL is prone to a one-byte buffer\n overread while parsing a malformed IPAddressFamily extension in an\n X.509 certificate.
\nDetails can be found in the upstream advisory:\n https://www.openssl.org/news/secadv/20170828.txt
It was discovered that OpenSSL contains a carry propagation bug in\n the x86_64 Montgomery squaring procedure.
\nDetails can be found in the upstream advisory:\n https://www.openssl.org/news/secadv/20171102.txt
For the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2l-2+deb9u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2m-1.
\nWe recommend that you upgrade your openssl1.0 packages.
\nJohn Stumpo discovered that OpenAFS, a distributed file system, does\nnot fully initialize certain network packets before transmitting them.\nThis can lead to a disclosure of the plaintext of previously processed\npackets.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.6.1-3+deb7u5.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.9-2+deb8u4.
\nFor the testing distribution (stretch) and the unstable distribution\n(sid), these problems have been fixed in version 1.6.15-1.
\nWe recommend that you upgrade your openafs packages.
\nSeveral vulnerabilities have been discovered in vlc, a multimedia player\nand streamer. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nDrew Yao discovered that multiple integer overflows in the MP4 demuxer,\nReal demuxer and Cinepak codec can lead to the execution of arbitrary\ncode.
Drew Yao discovered that the Cinepak codec is prone to a memory\ncorruption, which can be triggered by a crafted Cinepak file.
Luigi Auriemma discovered that it is possible to execute arbitrary code\nvia a long subtitle in an SSA file.
It was discovered that vlc is prone to a search path vulnerability,\nwhich allows local users to perform privilege escalations.
Alin Rad Pop discovered that it is possible to execute arbitrary code\nwhen opening a WAV file containing a large fmt chunk.
P\u0131nar Yanarda\u011f discovered that it is possible to execute arbitrary code\nwhen opening a crafted mmst link.
Tobias Klein discovered that it is possible to execute arbitrary code\nwhen opening a crafted .ty file.
Tobias Klein discovered that it is possible to execute arbitrary code\nwhen opening an invalid CUE image file with a crafted header.
For the oldstable distribution (etch), these problems have been fixed\nin version 0.8.6-svn20061012.debian-5.1+etch3.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.6.h-4+lenny2, which was already included in the lenny\nrelease.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.8.6.h-5.
\nWe recommend that you upgrade your vlc packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service or privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nNageswara R Sastry reported an issue in the ext4 filesystem. Local users\n with the privileges to mount a filesystem can cause a denial of service\n (BUG) by providing a s_log_groups_per_flex value greater than 31.
Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information\n leak in the eCryptfs filesystem. Local users were able to mount arbitrary\n directories.
Sasha Levin reported an issue in the device assignment functionality in\n KVM. Local users with permission to access /dev/kvm could assign unused pci\n devices to a guest and cause a denial of service (crash).
Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest\n running on a 64-bit system can crash the guest with a syscall instruction.
CAI Qian reported an issue in the CIFS filesystem. A reference count leak\n can occur during the lookup of special files, resulting in a denial of\n service (oops) on umount.
H. Peter Anvin reported an issue in the regset infrastructure. Local users\n can cause a denial of service (NULL pointer dereference) by triggering the\n write methods of readonly regsets.
For the stable distribution (squeeze), this problem has been fixed in version\n2.6.32-41squeeze2.
\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | \nDebian 6.0 (squeeze) | \n
---|---|
user-mode-linux | \n2.6.32-1um-4+41squeeze2 | \n
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
\nThanks to Micah Anderson for proof reading this text.
\nA vulnerability has been discovered in phppgadmin, a set of PHP\nscripts to administrate PostgreSQL over the WWW, that can lead to\ndisclose sensitive information. Successful exploitation requires that\n\"magic_quotes_gpc\" is disabled.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.5.2-5.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.5.4.
\nWe recommend that you upgrade your phppgadmin package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThis security advisory corrects DSA 458-2 which caused a problem in\nthe gethostbyaddr routine.
\nThe original advisory said:
\n\n\nSebastian Schmidt discovered a buffer overflow bug in Python's\ngetaddrinfo function, which could allow an IPv6 address, supplied by a\nremote attacker via DNS, to overwrite memory on the stack.
\nThis bug only exists in python 2.2 and 2.2.1, and only when IPv6\nsupport is disabled. The python2.2 package in Debian woody meets\nthese conditions (the 'python' package does not).
\n
For the stable distribution (woody), this bug has been fixed in\nversion 2.2.1-4.6.
\nThe testing and unstable distribution (sarge and sid) are not\naffected by this problem.
\nWe recommend that you update your python2.2 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nAdam Chester discovered that missing input sanitising in the\nfoomatic-rip print filter might result in the execution of arbitrary\ncommands.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.0.61-5+deb8u3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.0-1.
\nWe recommend that you upgrade your cups-filters packages.
\nIt was discovered that sympa, a modern mailing list manager, would\ncrash when processing certain types of malformed messages.
\nFor the stable distribution (etch), this problem has been fixed in version\n5.2.3-1.2+etch1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.3.4-4.
\nWe recommend that you upgrade your sympa package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7u25-2.3.10-1~deb7u1. In addition icedtea-web needed to be\nupdated to 1.4-3~deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u25-2.3.10-1.
\nWe recommend that you upgrade your openjdk-7 packages.
\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nJulien Tinnes and Tavis Ormandy reported an issue in the Linux\n personality code. Local users can take advantage of a setuid\n binary that can either be made to dereference a NULL pointer or\n drop privileges and return control to the user. This allows a\n user to bypass mmap_min_addr restrictions which can be exploited\n to execute arbitrary code.
Matt T. Yourst discovered an issue in the kvm subsystem. Local\n users with permission to manipulate /dev/kvm can cause a denial\n of service (hang) by providing an invalid cr3 value to the\n KVM_SET_SREGS call.
Ramon de Carvalho Valle discovered two issues with the eCryptfs\n layered filesystem using the fsfuzzer utility. A local user with\n permissions to perform an eCryptfs mount may modify the contents\n of a eCryptfs file, overflowing the stack and potentially gaining\n elevated privileges.
For the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-17lenny1.
\nFor the oldstable distribution (etch), these problems, where\napplicable, will be fixed in updates to linux-2.6 and linux-2.6.24.
\nWe recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.
\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nDerek Noonburg has fixed several potential vulnerabilities in xpdf,\nthe Portable Document Format (PDF) suite, which is also present in\nkoffice, the KDE Office Suite.
\nThe old stable distribution (woody) does not contain koffice packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.5-4.sarge.3.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your koffice packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.
\nIt was discovered that the performance events subsystem does not\n properly manage locks during certain migrations, allowing a local\n attacker to escalate privileges. This can be mitigated by\n disabling unprivileged use of performance events:\n sysctl kernel.perf_event_paranoid=3
Peter Pi of Trend Micro discovered that the frame buffer video\n subsystem does not properly check bounds while copying color maps to\n userspace, causing a heap buffer out-of-bounds read, leading to\n information disclosure.
CAI Qian discovered that reference counting is not properly handled\n within proc_sys_readdir in the sysctl implementation, allowing a\n local denial of service (system hang) or possibly privilege\n escalation.
Xiaohan Zhang reported that KVM for amd64 does not correctly\n emulate loading of a null stack selector. This can be used by a\n user in a guest VM for denial of service (on an Intel CPU) or to\n escalate privileges within the VM (on an AMD CPU).
Dmitry Vyukov reported that KVM for x86 does not correctly emulate\n memory access by the SGDT and SIDT instructions, which can result\n in a use-after-free and information leak.
Dmitry Vyukov reported that KVM leaks page references when\n emulating a VMON for a nested hypervisor. This can be used by a\n privileged user in a guest VM for denial of service or possibly\n to gain privileges in the host.
It was discovered that an off-by-one in the handling of SELinux\n attributes in /proc/pid/attr could result in local denial of\n service.
It was discovered that the KLSI KL5KUSB105 serial USB device\n driver could log the contents of uninitialised kernel memory,\n resulting in an information leak.
Jan Kara found that changing the POSIX ACL of a file on tmpfs never\n cleared its set-group-ID flag, which should be done if the user\n changing it is not a member of the group-owner. In some cases, this\n would allow the user-owner of an executable to gain the privileges\n of the group-owner.
Andrey Konovalov discovered an out-of-bounds read flaw in the\n ip6gre_err function in the IPv6 networking code.
Andrey Konovalov discovered a denial-of-service flaw in the IPv4\n networking code. This can be triggered by a local or remote\n attacker if a local UDP or raw socket has the IP_RETOPTS option\n enabled.
Di Shen discovered a race condition between concurrent calls to\n the performance events subsystem, allowing a local attacker to\n escalate privileges. This flaw exists because of an incomplete fix\n of CVE-2016-6786.\n This can be mitigated by disabling unprivileged use of performance\n events: sysctl kernel.perf_event_paranoid=3
Andrey Konovalov discovered a use-after-free vulnerability in the\n DCCP networking code, which could result in denial of service or\n local privilege escalation. On systems that do not already have\n the dccp module loaded, this can be mitigated by disabling it:\n echo>> /etc/modprobe.d/disable-dccp.conf install dccp false
For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u1.
\nWe recommend that you upgrade your linux packages.
\nSeveral vulnerabilities were discovered in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client.
\nThis includes several instances of use-after-free and buffer overflow\nissues. The reported vulnerabilities could lead to the execution of\narbitrary code, and additionally to the bypass of content-loading\nrestrictions via the location object.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze13.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 10.0.7-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 10.0.7-1.
\nWe recommend that you upgrade your icedove packages.
\nAndreas Nolden discovered a bug in the UTF8 decoding routines in\nqt4-x11, a C++ GUI library framework, that could allow remote\nattackers to conduct cross-site scripting (XSS) and directory\ntraversal attacks via long sequences that decode to dangerous\nmetacharacters.
\nFor the stable distribution (etch), this problem has been fixed in version\n4.2.1-2etch1.
\nFor the testing and unstable distribution (lenny and sid, respectively),\nthis problem has been fixed in version 4.2.2-2.
\nWe recommend that you upgrade your qt4-x11 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nWouter Coekaerts discovered that jabberd14, an instant messaging server\nusing the Jabber/XMPP protocol, is vulnerable to the so-called\nbillion laughs
attack because it does not prevent entity expansion on\nreceived data. This allows an attacker to perform denial of service\nattacks against the service by sending specially crafted XML data to it.
The oldstable distribution (lenny), does not contain jabberd14.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.1.1-5+squeeze1.
\nFor the testing distribution (wheezy), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.1.1-5.1
\nWe recommend that you upgrade your jabberd14 packages.
\nA heap-based overflow vulnerability was found in the way Lua, a\nsimple, extensible, embeddable programming language, handles varargs\nfunctions with many fixed parameters called with few arguments,\nleading to application crashes or, potentially, arbitrary code\nexecution.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.2.1-3+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 5.2.3-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.2.3-1.
\nWe recommend that you upgrade your lua5.2 packages.
\nTwo vulnerabilities were discovered the distributed filesystem AFS:
\nAndrew Deason discovered that a double free in the Rx server\n process could lead to denial of service or the execution of\n arbitrary code.
It was discovered that insufficient error handling in the\n kernel module could lead to denial of service.
For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.7.dfsg1-6+lenny4. Due to a technical problem with the\nbuildd infrastructure the update is not yet available, but will be\ninstalled into the archive soon.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.12.1+dfsg-4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.14+dfsg-1.
\nWe recommend that you upgrade your openafs packages. Note that in order\nto apply this security update, you must rebuild the OpenAFS kernel module.
\nMultiple vulnerabilities have been discovered in Irssi, a terminal based\nIRC client. The Common Vulnerabilities and Exposures project identifies\nthe following problems:
\nBrian geeknik
Carpenter of Geeknik Labs discovered that Irssi does\n not properly handle receiving messages with invalid time stamps. A\n malicious IRC server can take advantage of this flaw to cause Irssi\n to crash, resulting in a denial of service.
Brian geeknik
Carpenter of Geeknik Labs discovered that Irssi is\n susceptible to a use-after-free flaw triggered while updating the\n internal nick list. A malicious IRC server can take advantage of\n this flaw to cause Irssi to crash, resulting in a denial of service.
Joseph Bisch discovered that while waiting for the channel\n synchronisation, Irssi may incorrectly fail to remove destroyed\n channels from the query list, resulting in use after free conditions\n when updating the state later on. A malicious IRC server can take\n advantage of this flaw to cause Irssi to crash, resulting in a\n denial of service.
Hanno Boeck reported that Irssi does not properly handle installing\n themes with unterminated colour formatting sequences, leading to a\n denial of service if a user is tricked into installing a specially\n crafted theme.
Joseph Bisch discovered that Irssi does not properly handle\n incorrectly formatted DCC CTCP messages. A remote attacker can take\n advantage of this flaw to cause Irssi to crash, resulting in a\n denial of service.
Joseph Bisch discovered that Irssi does not properly verify Safe\n channel IDs. A malicious IRC server can take advantage of this flaw\n to cause Irssi to crash, resulting in a denial of service.
Joseph Bisch reported that Irssi does not properly handle overlong\n nicks or targets resulting in a NULL pointer dereference when\n splitting the message and leading to a denial of service.
For the oldstable distribution (jessie), these problems have been fixed\nin version 0.8.17-1+deb8u5.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2-1+deb9u3. CVE-2017-10965 and CVE-2017-10966 were already\nfixed in an earlier point release.
\nWe recommend that you upgrade your irssi packages.
\nIlja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.7.1-6.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 8.0.5-4+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.0.5-6.
\nWe recommend that you upgrade your mesa packages.
\nDan Rosenberg discovered that insufficient input validation in VLC's\nprocessing of Matroska/WebM containers could lead to the execution of\narbitrary code.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze3.
\nThe version of vlc in the oldstable distribution (lenny) is affected\nby further issues and will be addressed in a followup DSA.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.7-1.
\nWe recommend that you upgrade your vlc packages.
\nSeveral remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nIt was discovered that an integer overflow in the decompression code\n for MEW archives may lead to the execution of arbitrary code.
It was discovered that on off-by-one in the MS-ZIP decompression\n code may lead to the execution of arbitrary code.
The old stable distribution (sarge) is not affected by these problems.\nHowever, since the clamav version from Sarge cannot process all current\nClam malware signatures any longer, support for the ClamAV in Sarge is\nnow discontinued. We recommend to upgrade to the stable distribution\nor run a backport of the stable version.
\nFor the stable distribution (etch) these problems have been fixed in\nversion 0.90.1-3etch8.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your clamav packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAlin Rad Pop discovered that link-grammar, Carnegie Mellon University's\nlink grammar parser for English, performed insufficient validation within\nits tokenizer, which could allow a malicious input file to execute\narbitrary code.
\nFor the old stable distribution (sarge), this package is not present.
\nFor the stable distribution (etch), this problem has been fixed in version\n4.2.2-4etch1.
\nFor the unstable distribution (sid), this problem has been fixed in version\n4.2.5-1.
\nWe recommend that you upgrade your link-grammar package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the Chromium web browser.
\nKarthik Bhargavan discovered a way to bypass the Same Origin Policy\n in frame handling.
Cloudfuzzer discovered a type confusion issue in the V8 javascript\n library.
Cloudfuzzer discovered a use-after-free issue in MutationObserver.
Ivan Fratric of the Google Security Team discovered a use-after-free\n issue in the DOM implementation.
Ivan Fratric of the Google Security Team discovered a use-after-free\n issue in input handling.
The chrome 28 development team found various issues from internal\n fuzzing, audits, and other studies.
For the stable distribution (wheezy), these problems have been fixed in\nversion 28.0.1500.95-1~deb7u1.
\nFor the testing distribution (jessie), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 28.0.1500.95-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nr0t
discovered that gnatsweb, a web interface to GNU GNATS, did not\ncorrectly sanitize the database parameter in the main CGI script. This\ncould allow the injection of arbitrary HTML, or JavaScript code.
For the stable distribution (etch), this problem has been fixed in version\n4.00-1etch1.
\nWe recommend that you upgrade your gnatsweb package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.
\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.27, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:
\nhttps://php.net/ChangeLog-5.php#5.6.27
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.6.27+dfsg-0+deb8u1.
\nWe recommend that you upgrade your php5 packages.
\nHuzaifa Sidhpurwala discovered a buffer overflow in Wireshark's ERF\ndissector, which could lead to the execution of arbitrary code.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny16.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze5.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.3-1.
\nWe recommend that you upgrade your wireshark packages.
\nBrian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL\ntransfer library, incorrectly parsed an IMAP FETCH response with size 0,\nleading to an out-of-bounds read.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 7.38.0-4+deb8u7.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52.1-5+deb9u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.56.1-1.
\nWe recommend that you upgrade your curl packages.
\nMultiple security issues have been found in the Xen virtualisation\nsolution, which may result in denial of service or information\ndisclosure.
\nFor the oldstable distribution (wheezy), an update will be provided\nlater.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u3.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your xen packages.
\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered that a script of lm-sensors,\nutilities to read temperature/voltage/fan sensors, creates a temporary\nfile with a predictable filename, leaving it vulnerable for a symlink\nattack.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.9.1-1sarge2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.9.1-7.
\nWe recommend that you upgrade your lm-sensors package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nErik Sj\u00f6lund discovered that playmidi, a MIDI player, contains a\nsetuid root program with a buffer overflow that can be exploited by a\nlocal attacker.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.4-4woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.4debian-3.
\nWe recommend that you upgrade your playmidi package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in phpgroupware, a\nWeb based groupware system written in PHP. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nAn SQL injection vulnerability was found in the authentication\n module.
Multiple directory traversal vulnerabilities were found in the\n addressbook module.
The authentication module is affected by cross-site scripting.
For the stable distribution (lenny) these problems have been fixed in\nversion 0.9.16.012+dfsg-8+lenny1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.9.16.012+dfsg-9.
\nWe recommend that you upgrade your phpgroupware packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nEugene Teo reported a local DoS issue in the ext2 and ext3\n filesystems. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that causes the kernel to output error messages in an\n infinite loop.
Milos Szeredi reported that the usage of splice() on files opened\n with O_APPEND allows users to write to the file at arbitrary\n offsets, enabling a bypass of possible assumed semantics of the\n O_APPEND flag.
Vlad Yasevich reported an issue in the SCTP subsystem that may\n allow remote users to cause a local DoS by triggering a kernel\n oops.
Wei Yongjun reported an issue in the SCTP subsystem that may allow\n remote users to cause a local DoS by triggering a kernel panic.
Eric Sesterhenn reported a local DoS issue in the hfsplus\n filesystem. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that causes the kernel to overrun a buffer, resulting\n in a system oops or memory corruption.
Eric Sesterhenn reported a local DoS issue in the hfsplus\n filesystem. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that results in a kernel oops due to an unchecked\n return value.
Eric Sesterhenn reported a local DoS issue in the hfs filesystem.\n Local users who have been granted the privileges necessary to\n mount a filesystem would be able to craft a filesystem with a\n corrupted catalog name length, resulting in a system oops or\n memory corruption.
Andrea Bittau reported a DoS issue in the unix socket subsystem\n that allows a local user to cause memory corruption, resulting in\n a kernel panic.
Johannes Berg reported a remote DoS issue in the libertas wireless\n driver, which can be triggered by a specially crafted beacon/probe\n response.
Al Viro reported race conditions in the inotify subsystem that may\n allow local users to acquire elevated privileges.
Dann Frazier reported a DoS condition that allows local users to\n cause the out of memory handler to kill off privileged processes\n or trigger soft lockups due to a starvation issue in the unix\n socket subsystem.
For the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.7.
\nWe recommend that you upgrade your linux-2.6.24 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTom\u00e1\u0161 Trnka discovered a heap-based buffer overflow within the gpgsm\nstatus handler of GPGME, a library designed to make access to GnuPG\neasier for applications. An attacker could use this issue to cause an\napplication using GPGME to crash (denial of service) or possibly to\nexecute arbitrary code.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.0-1.4+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.5.1-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.1-1.
\nWe recommend that you upgrade your gpgme1.0 packages.
\n\"infamous41md\" and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in gpdf, the GNOME version of the Portable Document\nFormat viewer, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.
\nThe old stable distribution (woody) does not contain gpdf packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.8.2-1.2sarge2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.10.0-2.
\nWe recommend that you upgrade your gpdf package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSebastian Krahmer discovered that Kauth used Policykit insecurely by\nrelying on the process ID. This could result in privilege escalation.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 4:4.8.4-4+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 4:4.13.3-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4:4.13.3-2.
\nWe recommend that you upgrade your kde4libs packages.
\nUlf H\u00e4rnhammar from the Debian Security Audit Project\ndiscovered a vulnerability in\nlbreakout2, a game, where proper bounds checking was not performed on\nenvironment variables. This bug could be exploited by a local\nattacker to gain the privileges of group \"games\".
\nFor the current stable distribution (woody) this problem has been\nfixed in version 2.2.2-1woody1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you update your lbreakout2 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMatthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain\nName System server, does not constrain offsets in the required manner,\nwhich allows remote attackers with control over a third-party subdomain\nserved by tinydns and axfrdns, to trigger DNS responses containing\narbitrary records via crafted zone data for this subdomain.
\nThe old stable distribution (etch) does not contain djbdns.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.05-4+lenny1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.05-5.
\nWe recommend that you upgrade your djbdns package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in qt4-x11, a cross-platform\nC++ application framework.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nArray index error in the insertItemBefore method in WebKit, as used in qt4-x11,\nallows remote attackers to execute arbitrary code.
The JavaScript garbage collector in WebKit, as used in qt4-x11 does not\nproperly handle allocation failures, which allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted HTML document that triggers write\naccess to an \"offset of a NULL pointer.
Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) by setting an unspecified property of\nan HTML tag that causes child elements to be freed and later accessed\nwhen an HTML error occurs.
WebKit in qt4-x11 does not initialize a pointer during handling of a\nCascading Style Sheets (CSS) attr function call with a large numerical\nargument, which allows remote attackers to execute arbitrary code or\ncause a denial of service (memory corruption and application crash) via\na crafted HTML document.
The XSL stylesheet implementation in WebKit, as used in qt4-x11 does\nnot properly handle XML external entities, which allows remote attackers to read\narbitrary files via a crafted DTD.
WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects,\nwhich allows remote attackers to execute arbitrary code or cause a denial\nof service (application crash) via a crafted HTML document.
WebKit in qt4-x11 does not prevent remote loading of local Java applets,\nwhich allows remote attackers to execute arbitrary code, gain privileges, or\nobtain sensitive information via an APPLET or OBJECT element.
The XSLT functionality in WebKit, as used in qt4-x11 does not properly\nimplement the document function, which allows remote attackers to read\narbitrary local files and files from different security zones.
WebKit in qt4-x11 does not properly handle numeric character references,\nwhich allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a\ncrafted HTML document.
qt4-x11 does not properly handle a '\\0' character in a domain name in the\nSubject Alternative Name field of an X.509 certificate, which allows\nman-in-the-middle attackers to spoof arbitrary SSL servers via a crafted\ncertificate issued by a legitimate Certification Authority.
The oldstable distribution (etch) is not affected by these problems.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 4.4.3-1+lenny1.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 4.5.3-1.
\nWe recommend that you upgrade your qt4-x11 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMichal Zalewski discovered that lynx, the popular text-mode WWW\nBrowser, is not able to grok invalid HTML including a TEXTAREA tag\nwith a large COLS value and a large tag name in an element that is not\nterminated, and loops forever trying to render the broken HTML. The\nsame code is present in lynx-ssl.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.3.
\nThe stable distribution (sarge) does not contain lynx-ssl packages\nanymore.
\nThe unstable distribution (sid) does not contain lynx-ssl packages\nanymore.
\nWe recommend that you upgrade your lynx-ssl package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSteve Kemp discovered a vulnerability in xatitv, one of the programs\nin the gatos package, which is used to display video with certain\nATI video cards.
\nxatitv is installed setuid root in order to gain direct access to the\nvideo hardware. It normally drops root privileges after successfully\ninitializing itself. However, if initialization fails due to a\nmissing configuration file, root privileges are not dropped, and\nxatitv executes the system(3) function to launch its configuration\nprogram without sanitizing user-supplied environment variables.
\nBy exploiting this vulnerability, a local user could gain root\nprivileges if the configuration file does not exist. However, a\ndefault configuration file is supplied with the package, and so this\nvulnerability is not exploitable unless this file is removed by the\nadministrator.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 0.0.5-6woody1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you update your gatos package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThe PNG library libpng has been affected by several vulnerabilities. The most\ncritical one is the identified as\nCVE-2011-2690. Using this vulnerability, an attacker is able to overwrite\nmemory with an arbitrary amount of data controlled by her via a crafted PNG\nimage.
\nThe other vulnerabilities are less critical and allow an attacker to\ncause a crash in the program (denial of service) via a crafted PNG\nimage.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.27-2+lenny5. Due to a technical limitation in the Debian\narchive processing scripts, the updated packages cannot be released\nin parallel with the packages for Squeeze. They will appear shortly.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.46-1.
\nWe recommend that you upgrade your libpng packages.
\nSeveral cross-site scripting vulnerabilities have been discovered in\nphpLDAPadmin, a web based interface for administering LDAP servers,\nthat allows remote attackers to inject arbitrary web script or HTML.
\nThe old stable distribution (woody) does not contain phpldapadmin\npackages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.5-3sarge3.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.9.8.3-1.
\nWe recommend that you upgrade your phpldapadmin package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo problems have been discovered in gzip, the GNU compression\nutility. The Common Vulnerabilities and Exposures project identifies\nthe following problems.
\nImran Ghory discovered a race condition in the permissions setting\n code in gzip. When decompressing a file in a directory an\n attacker has access to, gunzip could be tricked to set the file\n permissions to a different file the user has permissions to.
\nUlf H\u00e4rnhammar discovered a path traversal vulnerability in\n gunzip. When gunzip is used with the -N option an attacker could\n use\n this vulnerability to create files in an arbitrary directory with\n the permissions of the user.
\nFor the oldstable distribution (woody) these problems have been fixed in\nversion 1.3.2-3woody5.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.5-10.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.3.5-10.
\nWe recommend that you upgrade your gzip package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJason Hoover discovered that migrationtools, a collection of scripts\nto migrate user data to LDAP creates several temporary files insecurely,\nwhich might lead to denial of service through a symlink attack.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 46-1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 46-2.1.
\nWe recommend that you upgrade your migrationtools package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that libgtk2-perl, a Perl interface to the 2.x series\nof the Gimp Toolkit library, incorrectly frees memory which GTK+ still\nholds onto and might access later, leading to denial of service\n(application crash) or, potentially, to arbitrary code execution.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.244-1+deb7u1.
\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 2:1.2492-4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:1.2492-4.
\nWe recommend that you upgrade your libgtk2-perl packages.
\nSeveral vulnerabilities have been discovered in the chromium web browser.
\nJoerg Bornemann discovered multiple buffer overflow issues in the\n libpng library.
Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in Blink/Webkit.
Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in the Pepper Plugin API.
A bad cast was discovered.
cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
Rob Wu discovered a use-after-free issue in Blink/Webkit.
A way to bypass SubResource Integrity validation was discovered.
Keve Nagy discovered an information leak in the skia library.
Rob Wu discovered a WebAPI bypass issue.
Khalil Zhani discovered a use-after-free issue in the WebRTC\n implementation.
Luan Herrera discovered an issue with the Extensions user interface.
Atte Kettunen discovered a use-after-free issue in the handling of\n favorite icons.
The chrome 49 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the v8 javascript library, version 4.9.385.26.
For the stable distribution (jessie), these problems have been fixed in\nversion 49.0.2623.75-1~deb8u1.
\nFor the testing distribution (stretch), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 49.0.2623.75-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nJose Duart of the Google Security Team discovered a buffer overflow\nin e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file\nsystems. This issue can possibly lead to arbitrary code execution if\na malicious device is plugged in, the system is configured to\nautomatically mount it, and the mounting process chooses to run fsck\non the device's malicious filesystem.
\nBuffer overflow in the ext2/ext3/ext4 file system open/close\n routines.
Incomplete fix for\n CVE-2015-0247.
For the stable distribution (wheezy), these problems have been fixed in\nversion 1.42.5-1.1+deb7u1.
\nFor the upcoming stable (jessie) and unstable (sid) distributions,\nthese problems will be fixed soon.
\nWe recommend that you upgrade your e2fsprogs packages.
\nThis problem has been fixed in version 1.79-16a.1 for nvi and\n1.79+19991117-2.3 for nvi-m17n for the stable Debian GNU/Linux 2.2.\n
Even if we don't believe that this could lead into somebody gaining\naccess of another users account if they haven't lost their brain, we\nrecommend that you upgrade your nvi packages.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nAnton Rager and Jonathan Brossard from the Salesforce.com Product\nSecurity Team and Ben Laurie of Google discovered a denial of service\nvulnerability in xerces-c, a validating XML parser library for C++. The\nparser mishandles certain kinds of malformed input documents, resulting\nin a segmentation fault during a parse operation. An unauthenticated\nattacker could use this flaw to cause an application using the\nxerces-c library to crash.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.1-3+deb7u1.
\nWe recommend that you upgrade your xerces-c packages.
\nVarious vulnerabilities have been found in SquirrelMail, a webmail\napplication. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:
\nSquirrelMail did not prevent page rendering inside a third-party\n HTML frame, which makes it easier for remote attackers to conduct\n clickjacking attacks via a crafted web site.
Multiple small bugs in SquirrelMail allowed an attacker to inject\n malicious script into various pages or alter the contents of user\n preferences.
It was possible to inject arbitrary web script or HTML via a\n crafted STYLE element in an HTML part of an e-mail message.
For the oldstable distribution (lenny), these problems have been fixed in\nversion 1.4.15-4+lenny5.
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1.4.21-2.
\nFor the testing (wheezy) and unstable distribution (sid), these problems\nhave been fixed in version 1.4.22-1.
\nWe recommend that you upgrade your squirrelmail packages.
\nDragana Damjanovic discovered that an authenticated client could crash\nan OpenVPN server by sending a control packet containing less than\nfour bytes as payload.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.2.1-8+deb7u3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.4-5.
\nWe recommend that you upgrade your openvpn packages.
\nIt was discovered that libxslt, an XSLT processing runtime library,\ncould be coerced into executing arbitrary code via a buffer overflow\nwhen an XSL style sheet file with a long XSLT \"transformation match\"\ncondition triggered a large number of steps.
\nFor the stable distribution (etch), this problem has been fixed in version\n1.1.19-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.24-1.
\nWe recommend that you upgrade your libxslt package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\nBernhard Mueller of SEC Consult has discovered a format string\nvulnerability in perdition, an IMAP proxy. This vulnerability could\nallow an unauthenticated remote user to run arbitrary code on the\nperdition server by providing a specially formatted IMAP tag.\n
\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 1.15-5sarge1.\n
\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.17-7etch1.\n
\n\nWe recommend that you upgrade your perdition package.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMarek Vavru\u0161a and Lubos Slovak discovered that NSD, an authoritative\ndomain name server, is not properly handling non-standard DNS packets.\nThis can result in a NULL pointer dereference and crash the handling\nprocess. A remote attacker can abuse this flaw to perform denial of\nservice attacks.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.5-1.squeeze2.
\nFor the testing distribution (wheezy), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.12-1.
\nWe recommend that you upgrade your nsd3 packages.
\nA vulnerability was discovered in squid, an Internet object cache,\nwhereby access control lists based on URLs could be bypassed\n(CAN-2004-0189). Two other bugs were also fixed with patches\nsquid-2.4.STABLE7-url_escape.patch (a buffer overrun which does not\nappear to be exploitable) and squid-2.4.STABLE7-url_port.patch (a\npotential denial of service).
\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.5.5-1.
\nWe recommend that you update your squid package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.
\ntetex-bin includes a copy of the xpdf code and required an update as\nwell.
\nFor the oldstable distribution (sarge) this problem has been fixed in\nversion 2.0.2-30sarge5.
\nThe package from the stable distribution (etch) links dynamically\nagainst libpoppler and doesn't require a separate update.
\nThe package from the unstable distribution (sid) links dynamically\nagainst libpoppler and doesn't require a separate update.
\nWe recommend that you upgrade your tetex-bin packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAlvaro Martinez Echevarria discovered a problem in CUPS, the Common\nUNIX Printing System. An attacker can easily disable browsing in CUPS\nby sending a specially crafted UDP datagram to port 631 where cupsd is\nrunning.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.1.14-5woody6.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.1.20final+rc1-6.
\nWe recommend that you upgrade your cups packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJames P. Turk discovered that the ReST renderer in django-markupfield,\na custom Django field for easy use of markup in text fields, didn't\ndisable the ..raw directive, allowing remote attackers to include\narbitrary files.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.2-2+deb7u1.
\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 1.2.1-2+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.2-1.
\nWe recommend that you upgrade your django-markupfield packages.
\nWhile performing an audit of MySQL e-matters found several problems:
\nFor Debian GNU/Linux 3.0/woody this has been fixed in version 3.23.49-8.2\nand version 3.22.32-6.3 for Debian GNU/Linux 2.2/potato.
\nWe recommend that you upgrade your mysql packages as soon as possible.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in impersonation\nof Kerberos services, denial of service, sandbox bypass or HTTP header\ninjection.
\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 7u151-2.6.11-2~deb8u1.
\nWe recommend that you upgrade your openjdk-7 packages.
\nFor the detailed security status of openjdk-7 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjdk-7
\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation leaks.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.6.0esr-1~deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.6.0esr-1 of firefox-esr and version 50.1.0-1 of firefox.
\nWe recommend that you upgrade your firefox-esr packages.
\nSeveral vulnerabilities have been discovered in the FreeType font\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nMultiple stack-based buffer overflows in the\n cff_decoder_parse_charstrings function in the CFF Type2 CharStrings\n interpreter in cff/cffgload.c in FreeType allow remote attackers to\n execute arbitrary code or cause a denial of service (memory\n corruption) via crafted CFF opcodes in embedded fonts in a PDF\n document, as demonstrated by JailbreakMe.
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted font file.
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does\n not properly validate certain position values, which allows remote\n attackers to cause a denial of service (application crash) or\n possibly execute arbitrary code via a crafted font file
Array index error in the t42_parse_sfnts function in\n type42/t42parse.c in FreeType allows remote attackers to cause a\n denial of service (application crash) or possibly execute arbitrary\n code via negative size values for certain strings in FontType42 font\n files, leading to a heap-based buffer overflow.
FreeType uses incorrect integer data types during bounds checking,\n which allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via a crafted\n font file.
Buffer overflow in the Mac_Read_POST_Resource function in\n base/ftobjs.c in FreeType allows remote attackers to cause a denial\n of service (memory corruption and application crash) or possibly\n execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka\n LWFN) font.
bdf/bdflib.c in FreeType allows remote attackers to cause a denial of\n service (application crash) via a crafted BDF font file, related to\n an attempted modification of a value in a static string.
For the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny3
\nFor the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 2.4.2-1
\nWe recommend that you upgrade your freetype package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities were discovered in libtasn1-3, a library that\nmanages ASN1 (Abstract Syntax Notation One) structures. An attacker\ncould use those to cause a denial-of-service via out-of-bounds access\nor NULL pointer dereference.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.13-2+deb7u1.
\nWe recommend that you upgrade your libtasn1-3 packages.
\nSeveral vulnerabilities have been discovered in Iceweasel, a web\nbrowser based on Firefox. The included XULRunner library provides\nrendering services for several other applications included in Debian.
\nThe reported vulnerabilities could lead to the execution of arbitrary\ncode or the bypass of content-loading restrictions via the location\nobject.
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 3.5.16-18.
\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 10.0.7esr-2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.7esr-2.
\nWe recommend that you upgrade your iceweasel packages.
\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nDaniel Roethlisberger discovered two buffer overflows in the cm4040\n driver for the Omnikey CardMan 4040 device. A local user or malicious\n device could exploit this to execute arbitrary code in kernel space.
Santosh Eraniose reported a vulnerability that allows local users to read\n otherwise unreadable files by triggering a core dump while using PT_INTERP.\n This is related to CVE-2004-1073.
Jean Delvare reported a vulnerability in the appletalk subsystem.\n Systems with the appletalk module loaded can be triggered to crash\n by other systems on the local network via a malformed frame.
Masayuki Nakagawa discovered that flow labels were inadvertently\n being shared between listening sockets and child sockets. This defect\n can be exploited by local users to cause a DoS (Oops).
This problem has been fixed in the stable distribution in version\n2.6.18.dfsg.1-12etch1.
\nThe following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\nDebian 4.0 (etch) | |
---|---|
fai-kernels | 1.17etch1 |
user-mode-linux | 2.6.18-1um-2etch1 |
We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.
\nUpdated packages for the mips and mipsel architectures are not yet available.\nThey will be provided later.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in gdk-pixbuf, a toolkit\nfor image loading and pixel buffer manipulation. A remote attacker can\ntake advantage of these flaws to cause a denial-of-service against an\napplication using gdk-pixbuf (application crash), or potentially, to\nexecute arbitrary code with the privileges of the user running the\napplication, if a malformed image is opened.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.31.1-2+deb8u5.
\nWe recommend that you upgrade your gdk-pixbuf packages.
\nMultiple security issues have been discovered in PolarSSL, a lightweight\ncrypto and SSL/TLS library:
\nJack Lloyd discovered a denial of service vulnerability in the\n parsing of PEM-encoded certificates.
Paul Brodeur and TrustInSoft discovered a buffer overflow in the\n ssl_read_record() function, allowing the potential execution of\n arbitrary code.
Cyril Arnaud and Pierre-Alain Fouque discovered timing attacks against\n the RSA implementation.
For the oldstable distribution (squeeze), these problems will be fixed in\nversion 1.2.9-1~deb6u1 soon (due to a technical limitation the updates\ncannot be released synchronously).
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.9-1~deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.1-1.
\nWe recommend that you upgrade your polarssl packages.
\nTwo vulnerabilities were discovered in wordpress, a web blogging tool.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nShailesh Suthar discovered an open redirection vulnerability.
Ronni Skansing discovered a server-side request forgery (SSRF)\n vulnerability.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.6.1+dfsg-1~deb7u10.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u8.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.4.2+dfsg-1.
\nWe recommend that you upgrade your wordpress packages.
\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered several insecure temporary\nfile uses in cfengine, a tool for configuring and maintaining\nnetworked machines, that can be exploited by a symlink attack to\noverwrite arbitrary files owned by the user executing cfengine, which\nis probably root.
\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.6.3-9woody1.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.6.5-1sarge1.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your cfengine package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\niDEFENSE reports a security vulnerability in the klisa package, that\nprovides a LAN information service similar to \"Network Neighbourhood\",\nwhich was discovered by Texonet. It is possible for a local attacker\nto exploit a buffer overflow condition in resLISa, a restricted\nversion of KLISa. The vulnerability exists in the parsing of the\nLOGNAME environment variable, an overly long value will overwrite the\ninstruction pointer thereby allowing an attacker to seize control of\nthe executable.
\nThis problem has been fixed in version 2.2.2-14.2 for the current stable\ndistribution (woody) and in version 2.2.2-14.3 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since it doesn't contain a kdenetwork package.
\nWe recommend that you upgrade your klisa package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that the AttachFile action in moin, a python clone of\nWikiWiki, is prone to cross-site scripting attacks when renaming\nattachements or performing other sub-actions.
\nThe oldstable distribution (etch) is not vulnerable.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.7.1-3+lenny2.
\nFor the testing (squeeze) distribution and the unstable distribution\n(sid), this problem will be fixed soon.
\nWe recommend that you upgrade your moin packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral bugs were discovered in Clam AntiVirus, the antivirus scanner\nfor Unix, designed for integration with mail servers to perform\nattachment scanning. The following problems were identified:
\nNeel Mehta and Alex Wheeler discovered that Clam AntiVirus is\n vulnerable to integer overflows when handling the TNEF, CHM and\n FSG file formats.
\nMark Pizzolato fixed a possible infinite loop that could cause a\n denial of service.
\nThe old stable distribution (woody) is not affected as it doesn't contain clamav.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.86.2-1.
\nWe recommend that you upgrade your clamav package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIlja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.
\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 2:1.0.5-1+squeeze1.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2:1.0.7-1+deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:1.0.7-1+deb7u1.
\nWe recommend that you upgrade your libxv packages.
\nIt has been discovered that libpam-ldap, the Pluggable Authentication\nModule allowing LDAP interfaces, ignores the result of an attempt to\nauthenticate against an LDAP server that does not set an optional data\nfield.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 178-1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 178-1sarge1.
\nWe recommend that you upgrade your libpam-ldap package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA programming error has been discovered in sendmail, an alternative\nmail transport agent for Debian, that could allow a remote attacker to\ncrash the sendmail process by sending a specially crafted email\nmessage.
\nPlease note that in order to install this update you also need\nlibsasl2 library from proposed updates as outlined in DSA 1155-2.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 8.13.3-3sarge3.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 8.13.8-1.
\nWe recommend that you upgrade your sendmail package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nPavel Kankovsky discovered that several overflows found in the libXpm\nlibrary were also present in imlib, an imaging library for X and X11.\nAn attacker could create a carefully crafted image file in such a way\nthat it could cause an application linked with imlib to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nMultiple heap-based buffer overflows.
\nMultiple integer overflows.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.9.14-2woody2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.9.14-17.1 of imlib and in version 1.9.14-16.1 of imlib+png2\nwhich produces the imlib1 package.
\nWe recommend that you upgrade your imlib packages immediately.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\njoernchen of Phenoelit discovered two command injection flaws in Sup, a\nconsole-based email client. An attacker might execute arbitrary command\nif the user opens a maliciously crafted email.
\nSup wrongly handled the filename of attachments.
Sup did not sanitize the content-type of attachments.
For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.11-2+nmu1+deb6u1.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.12.1+git20120407.aaa852f-1+deb7u1.
\nWe recommend that you upgrade your sup-mail packages.
\nSteve Kemp discovered a vulnerability in xonix, a game, where an\nexternal program was invoked while retaining setgid privileges. A\nlocal attacker could exploit this vulnerability to gain gid \"games\".
\nFor the current stable distribution (woody) this problem will be fixed\nin version 1.4-19woody1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you update your xonix package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nA format string vulnerability was discovered in the PROFINET\n dissector.
The dissector for the Check Point High-Availability Protocol\n could be forced to crash.
Malformed Tektronix files could lead to a crash.
The old stable distribution (etch), is only affected by the\nCPHAP crash, which doesn't warrant an update on its own. The fix\nwill be queued up for an upcoming security update or a point release.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny5.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.7-1.
\nWe recommend that you upgrade your wireshark packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that php-net-ping, a PHP PEAR module to execute ping\nindependently of the Operating System, performs insufficient input\nsanitising, which might be used to inject arguments (no CVE yet) or\nexecute arbitrary commands (CVE-2009-4024) on a system that uses\nphp-net-ping.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.4.2-1+etch1.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.2-1+lenny1.
\nFor the testing distribution (squeeze), this problem will be fixed\nsoon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.2-1.1.
\nWe recommend that you upgrade your php-net-ping packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nStefan Esser discovered a heap overflow in the CVS server, which\nserves the popular Concurrent Versions System. Malformed \"Entry\"\nLines in combination with Is-modified and Unchanged can be used to\noverflow malloc()ed memory. This was proven to be exploitable.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.11.1p1debian-9woody4.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.12.5-6.
\nWe recommend that you upgrade your cvs package immediately.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nDominic Hargreaves and Niko Tyni discovered two format string\nvulnerabilities in YAML::LibYAML, a Perl interface to the libyaml\nlibrary.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.33-1+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.38-2.
\nWe recommend that you upgrade your libyaml-libyaml-perl packages.
\nSean Finney discovered several insecure temporary file uses in\ntoolchain-source, the GNU binutils and GCC source code and scripts.\nThese bugs can lead a local attacker with minimal knowledge to trick\nthe admin into overwriting arbitrary files via a symlink attack. The\nproblems exist inside the Debian-specific tpkg-* scripts.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 3.0.4-1woody1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.4-5.
\nWe recommend that you upgrade your toolchain-source package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThis has been fixed in version 2.2.5-3.2. This problem is logged\nas bug 233 in the squid bugtracker and will also be fixed in\nfuture squid releases.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nWill Dormann and Jared Allar discovered that the Lotus Word Pro import\nfilter of OpenOffice.org, a full-featured office productivity suite that\nprovides a near drop-in replacement for Microsoft Office, is not\nproperly handling object ids in the .lwp
file format. An attacker can\nexploit this with a specially crafted file and execute arbitrary code with\nthe rights of the victim importing the file.
The oldstable distribution (lenny) is not affected by this problem.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:3.2.1-11+squeeze3.
\nFor the testing distribution (wheezy), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nlibreoffice version 1:3.3.3-1.
\nWe recommend that you upgrade your openoffice.org packages.
\nSeveral vulnerabilities were discovered in krb5, the MIT implementation\nof Kerberos. The Common Vulnerabilities and Exposures project identifies\nthe following problems:
\nIt was discovered that applications which call gss_inquire_context()\n on a partially-established SPNEGO context can cause the GSS-API\n library to read from a pointer using the wrong type, leading to a\n process crash.
It was discovered that applications which call gss_inquire_context()\n on a partially-established IAKERB context can cause the GSS-API\n library to read from a pointer using the wrong type, leading to a\n process crash.
It was discovered that the build_principal_va() function incorrectly\n handles input strings. An authenticated attacker can take advantage\n of this flaw to cause a KDC to crash using a TGS request with a\n large realm field beginning with a null byte.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.10.1+dfsg-5+deb7u4.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+dfsg-19+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.13.2+dfsg-3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.13.2+dfsg-3.
\nWe recommend that you upgrade your krb5 packages.
\nTimothy D. Morgan discovered that run-mailcap, an utility to execute\nprograms via entries in the mailcap file, is prone to shell command\ninjection via shell meta-characters in filenames. In specific scenarios\nthis flaw could allow an attacker to remotely execute arbitrary code.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.52-1+deb7u1.
\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your mime-support packages.
\nSeveral remote vulnerabilities have been discovered in GNOME PeerCast,\nthe GNOME interface to PeerCast, a P2P audio and video streaming\nserver. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nLuigi Auriemma discovered that PeerCast is vulnerable to a heap\n overflow in the HTTP server code, which allows remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n long SOURCE request.
Nico Golde discovered that PeerCast, a P2P audio and video streaming\n server, is vulnerable to a buffer overflow in the HTTP Basic\n Authentication code, allowing a remote attacker to crash PeerCast or\n execute arbitrary code.
For the stable distribution (etch), these problems have been fixed in\nversion 0.5.4-1.1etch0.
\ngnome-peercast has been removed from the unstable distribution (sid).
\nWe recommend that you upgrade your gnome-peercast package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nRafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the\next2 file system utilities and libraries, contained multiple\ninteger overflows in memory allocations, based on sizes taken directly\nfrom filesystem information. These could result in heap-based\noverflows potentially allowing the execution of arbitrary code.
\nFor the stable distribution (etch), this problem has been fixed in version\n1.39+1.40-WIP-2006.11.14+dfsg-2etch1.
\nFor the unstable distribution (sid), this problem will be fixed shortly.
\nWe recommend that you upgrade your e2fsprogs package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\niDEFENSE has reported a buffer overflow in xpdf, the portable document\nformat (PDF) suite. A maliciously crafted PDF file could exploit this\nproblem, resulting in the execution of arbitrary code.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.00-3.4.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.00-12.
\nWe recommend that you upgrade your xpdf package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMalcolm Scott discovered a remote-exploitable buffer overflow in the\nRFC1413 (ident) client of cfingerd, a configurable finger daemon. This\nvulnerability was introduced in a previously applied patch to the\ncfingerd package in 1.4.3-3.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.3-3+squeeze1.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.4.3-3.1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.3-3.1.
\nWe recommend that you upgrade your cfingerd packages.
\nIn certain application programs packaged in the MIT Kerberos 5 source\ndistribution, calls to setuid() and seteuid() are not always checked\nfor success and may fail with some PAM configurations. A local\nuser could exploit one of these vulnerabilities to result in privilege\nescalation. No exploit code is known to exist at this time.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge3.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.3-9.
\nWe recommend that you upgrade your krb5 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:
\nSeveral vulnerabilities in the layout engine allow remote\n attackers to cause a denial of service and possibly permit them to\n execute arbitrary code. [MFSA 2006-68]
Several vulnerabilities in the JavaScript engine allow remote\n attackers to cause a denial of service and possibly permit them to\n execute arbitrary code. [MFSA 2006-68]
A bug in the js_dtoa function allows remote attackers to cause a\n denial of service. [MFSA 2006-68]
\"shutdown\" discovered a vulnerability that allows remote attackers\n to gain privileges and install malicious code via the watch\n JavaScript function. [MFSA 2006-70]
Steven Michaud discovered a programming bug that allows remote\n attackers to cause a denial of service. [MFSA 2006-71]
\"moz_bug_r_a4\" reported that the src attribute of an IMG element\n could be used to inject JavaScript code. [MFSA 2006-72]
For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8e.2.
\nFor the testing (etch) and unstable (sid) distribution these problems\nhave been fixed in version 1.5.0.9.dfsg1-1 of icedove.
\nWe recommend that you upgrade your Mozilla Thunderbird and Icedove packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nDrWhax
of the Tails project reported that Claws Mail is missing\nrange checks in some text conversion functions. A remote attacker\ncould exploit this to run arbitrary code under the account of a user\nthat receives a message from them using Claws Mail.
For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.8.1-2+deb7u1.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.11.1-3+deb8u1.
\nWe recommend that you upgrade your claws-mail packages.
\nIt was discovered that rtfm, the Request Tracker FAQ Manager, contains\nmultiple cross-site scripting vulnerabilities in the topic\nadministration page.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-4+squeeze1.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.0.6-4 of the\nrequest-tracker4 package.
\nWe recommend that you upgrade your rtfm packages.
\nAndres Salomon noticed a problem in the CGI session management of\nRuby, an object-oriented scripting language. CGI::Session's FileStore\n(and presumably PStore, but not in Debian woody) implementations store\nsession information insecurely. They simply create files, ignoring\npermission issues. This can lead an attacker who has also shell\naccess to the webserver to take over a session.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.6.7-3woody3.
\nFor the unstable and testing distributions (sid and sarge) this\nproblem has been fixed in version 1.8.1+1.8.2pre1-4.
\nWe recommend that you upgrade your libruby package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been found in Libvirt, a virtualisation\nabstraction library:
\nIt was discovered that insecure job usage could lead to denial of\n service against libvirtd.
It was discovered that a race condition in keepalive handling could\n lead to denial of service against libvirtd.
For the stable distribution (wheezy), these problems have been fixed in\nversion 0.9.12.3-1. This bugfix point release also addresses some\nadditional bugfixes.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.1-1.
\nWe recommend that you upgrade your libvirt packages.
\nInsufficient input sanitising in libwmf, a library to process Windows\nmetafile data, may result in denial of service or the execution of\narbitrary code if a malformed WMF file is opened.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 0.2.8.4-10.3+deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.2.8.4-10.3+deb8u1.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your libwmf packages.
\n\nAlin Rad Pop discovered that Samba, a LanManager-like file and printer server\nfor Unix, is vulnerable to a buffer overflow in the nmbd code which handles\nGETDC mailslot requests, which might lead to the execution of arbitrary code.\n
\n\nFor the old stable distribution (sarge), this problem has been fixed in version\n3.0.14a-3sarge11. Packages for m68k will be provided later.\n
\n\nFor the stable distribution (etch), this problem has been fixed in version\n3.0.24-6etch9.\n
\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n
\n\nWe recommend that you upgrade your samba packages.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that a buffer overflow in libtiff's parsing of files\nusing PixarLog compression could lead to the execution of arbitrary\ncode.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze6.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 3.9.6-9 of the tiff3\nsource package and in version 4.0.2-4 of the tiff source package.
\nWe recommend that you upgrade your tiff packages.
\nMultiple stack-based buffer overflows were discovered in libupnp, a library\nused for handling the Universal Plug and Play protocol. HD Moore from Rapid7\ndiscovered that SSDP queries where not correctly handled by the\nunique_service_name() function.
\nAn attacker sending carefully crafted SSDP queries to a daemon built on libupnp\ncould generate a buffer overflow, overwriting the stack, leading to the daemon\ncrash and possible remote code execution.
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.6-5+squeeze1.
\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 1:1.6.17-1.2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.6.17-1.2.
\nWe recommend that you upgrade your libupnp packages.
\nA buffer overflow was discovered in OpenConnect, a client for the Cisco\nAnyConnect VPN, which could result in denial of service.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.25-0.1+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.18-1.
\nWe recommend that you upgrade your openconnect packages.
\nJoern Schneeweisz discovered that git, a distributed revision control\nsystem, did not correctly handle maliciously constructed ssh://\nURLs. This allowed an attacker to run an arbitrary shell command, for\ninstance via git submodules.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1:2.1.4-2.1+deb8u4.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u1.
\nWe recommend that you upgrade your git packages.
\nDawid Golunski of LegalHackers discovered that the Tomcat init script\nperformed unsafe file handling, which could result in local privilege\nescalation.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u3.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your tomcat8 packages.
\nIt was discovered that incorrect pointer handling in the purple library,\nan internal component of the multi-protocol instant messaging client\nPidgin, could lead to denial of service or the execution of arbitrary\ncode through malformed contact requests.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny5.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.3-1.
\nWe recommend that you upgrade your pidgin package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n
\n\n Michal Zalewski discovered that the unload event handler had access to\n the address of the next page to be loaded, which could allow information\n disclosure or spoofing.\n
\n Stefano Di Paola discovered that insufficient validation of user names\n used in Digest authentication on a web site allows HTTP response splitting\n attacks.\n
\n It was discovered that insecure focus handling of the file upload\n control can lead to information disclosure. This is a variant of\n CVE-2006-2894.\n
\n Eli Friedman discovered that web pages written in Xul markup can hide the\n titlebar of windows, which can lead to spoofing attacks.\n
\n Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI\n schemes may lead to information disclosure. This vulnerability is only\n exploitable if Gnome-VFS support is present on the system.\n
\nmoz_bug_r_a4
discovered that the protection scheme offered by XPCNativeWrappers\n could be bypassed, which might allow privilege escalation.\n
\n L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,\n Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of arbitrary code.\n
\n Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the\n JavaScript engine, which might allow the execution of arbitrary code.\n
\nThe Mozilla products in the oldstable distribution (sarge) are no longer\nsupported with security updates.\n
\n\nFor the stable distribution (etch) these problems have been fixed in version\n1.0.11~pre071022-0etch1.\n
\n\nFor the unstable distribution (sid) these problems have been fixed in version\n1.1.5-1.\n
\n\nWe recommend that you upgrade your iceape packages.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nEvgeny Legerov discovered that gnupg, the GNU privacy guard, a free\nPGP replacement contains an integer overflow that can cause a\nsegmentation fault and possibly overwrite memory via a large user ID\nstring.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 1.0.6-4woody6.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1.sarge4.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.4.3-2.
\nWe recommend that you upgrade your gnupg package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nUlf H\u00e4rnhammar has reported two vulnerabilities in SoX, a universal\nsound sample translator, which may be exploited by malicious people to\ncompromise a user's system with a specially crafted .wav file.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 12.17.3-4woody2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 12.17.4-9.
\nWe recommend that you upgrade your sox package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMichael Brooks (Sitewatch) discovered a reflective XSS flaw in\nCGI:IRC, a web based IRC client, which could lead to the execution\nof arbitrary javascript.
\nFor the old-stable distribution (lenny), this problem has been fixed in\nversion 0.5.9-3lenny1.
\nFor the stable distribution (squeeze), and unstable distribution (sid),\nthis problem will be fixed shortly.
\nWe recommend that you upgrade your cgiirc packages.
\nIt was discovered that incorrect SASL authentication in the Inspircd\nIRC server may lead to users impersonating other users.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.0.17-1+deb8u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.23-1.
\nWe recommend that you upgrade your inspircd packages.
\nDawid Golunski of LegalHackers discovered that the Tomcat init script\nperformed unsafe file handling, which could result in local privilege\nescalation.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u4.
\nWe recommend that you upgrade your tomcat7 packages.
\nThe bugfix has been backported to the version of analog from Debian\n2.2. Version 4.01-1potato1 is fixed.\n
We recommend you upgrade your analog packages immediately.
\nLuigi Auriemma discovered that PeerCast, a P2P audio and video streaming\nserver, is vulnerable to a heap overflow in the HTTP server code, which\nallows remote attackers to cause a denial of service and possibly execute\narbitrary code via a long SOURCE request.\n
\n\nThe old stable distribution (sarge) does not contain peercast.\n
\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.1217.toots.20060314-1etch0.\n
\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1218+svn20071220+2.\n
\n\nWe recommend that you upgrade your peercast packages.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nChris Moore discovered that flex, a scanner generator, generates code,\nwhich allocates insufficient memory, if the grammar contains REJECT\nstatements or trailing context rules. This may lead to a buffer overflow\nand the execution of arbitrary code.
\nIf you use code, which is derived from a vulnerable lex grammar in\nan untrusted environment you need to regenerate your scanner with the\nfixed version of flex.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.5.31-31sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.5.33-1.
\nWe recommend that you upgrade your flex package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral problems have been discovered in pdns, a versatile nameserver\nthat can lead to a denial of service. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nNorbert Sendetzky and Jan de Groot discovered that the LDAP backend\n did not properly escape all queries, allowing it to fail and not\n answer queries anymore.
\nWilco Baan discovered that queries from clients without recursion\n permission can temporarily blank out domains to clients with\n recursion permitted. This enables outside users to blank out a\n domain temporarily to normal users.
\nThe old stable distribution (woody) does not contain pdns packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.9.17-13sarge1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.9.18-1.
\nWe recommend that you upgrade your pdns package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nIt was discovered that missing boundary checks on a reference\n counter for CSS objects can lead to the execution of arbitrary code.
Billy Rios discovered that passing an URL containing a pipe symbol\n to Iceweasel can lead to Chrome privilege escalation.
For the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.16-0etch1. Updated packages for ia64, arm and mips are\nnot yet available and will be released as soon as they have been built.
\nFor the unstable distribution (sid), these problems have been fixed in\nxulrunner 1.9.0.1-1 and iceweasel 3.0.1-1.
\nWe recommend that you upgrade your iceweasel package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that bottle, a WSGI-framework for the Python\nprogramming language, did not properly filter \"\\r\\n\" sequences when\nhandling redirections. This allowed an attacker to perform CRLF\nattacks such as HTTP header injection.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.12.7-1+deb8u1.
\nFor the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 0.12.11-1.
\nWe recommend that you upgrade your python-bottle packages.
\nDaniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal\nencryption subkeys in applications using the libgcrypt11 library, for\nexample GnuPG 2.x, could be leaked via a side-channel attack.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.5.0-5+deb7u2.
\nWe recommend that you upgrade your libgcrypt11 packages.
\nTim Zingelmann discovered that due an incorrect configure script the\nkerborised FTP server failed to set the effective GID correctly,\nresulting in privilege escalation.
\nThe oldstable distribution (lenny) is not affected.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.1-1.1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your krb5-appl packages.
\nSeveral vulnerabilities have been discovered in mediawiki1.7, a website engine\nfor collaborative work. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nDavid Remahl discovered that mediawiki1.7 is prone to a cross-site scripting attack.
David Remahl discovered that mediawiki1.7, when Internet Explorer is used and\nuploads are enabled, or an SVG scripting browser is used and SVG uploads are\nenabled, allows remote authenticated users to inject arbitrary web script or\nHTML by editing a wiki page.
David Remahl discovered that mediawiki1.7 is prone to a cross-site request\nforgery vulnerability in the Special:Import feature.
It was discovered that mediawiki1.7 is prone to a cross-site scripting attack in\nthe web-based installer.
For the oldstable distribution (etch), these problems have been fixed in version\n1.7.1-9etch1 for mediawiki1.7, and mediawiki is not affected (it is a\nmetapackage for mediawiki1.7).
\nThe stable (lenny) distribution does not include mediawiki1.7, and these\nproblems have been fixed in version 1:1.12.0-2lenny3 for mediawiki which was\nalready included in the lenny release.
\nThe unstable (sid) and testing (squeeze) distributions do not\ninclude mediawiki1.7, and these problems have been fixed in version 1:1.14.0-1\nfor mediawiki.
\nWe recommend that you upgrade your mediawiki1.7 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMax Vozeler discovered several format string vulnerabilities in the\nmovemail utility of Emacs, the well-known editor. Via connecting to a\nmalicious POP server an attacker can execute arbitrary code under the\nprivileges of group mail.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 21.4.6-8woody2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 21.4.16-2.
\nWe recommend that you upgrade your emacs packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that cyrus-imapd, a highly scalable mail system designed\nfor use in enterprise environments, is not properly parsing mail headers\nwhen a client makes use of the IMAP threading feature. As a result, a NULL\npointer is dereferenced which crashes the daemon. An attacker can trigger\nthis by sending a mail containing crafted reference headers and access the\nmail with a client that uses the server threading feature of IMAP.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.2.13-14+lenny6.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.13-19+squeeze3.
\nFor the testing (wheezy) and unstable (sid) distributions, this problem has been\nfixed in cyrus-imapd-2.4 version 2.4.11-1.
\nWe recommend that you upgrade your cyrus-imapd-2.2 packages.
\nIt was discovered that php-mail, a PHP PEAR module for sending email,\nhas insufficient input sanitising, which might be used to obtain\nsensitive data from the system that uses php-mail.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.1.6-2+etch1.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.1.14-1+lenny1.
\nFor the testing distribution (squeeze), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.14-2.
\nWe recommend that you upgrade your php-mail packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA vulnerability was discovered in mysql-connector-java, a Java database\n(JDBC) driver for MySQL, which may result in unauthorized update, insert\nor delete access to some MySQL Connectors accessible data as well as\nread access to a subset of MySQL Connectors accessible data. The\nvulnerability was addressed by upgrading mysql-connector-java to the new\nupstream version 5.1.39, which includes additional changes, such as bug\nfixes, new features, and possibly incompatible changes. Please see the\nMySQL Connector/J Release Notes and Oracle's Critical Patch Update\nadvisory for further details:
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.1.39-1~deb8u1.
\nWe recommend that you upgrade your mysql-connector-java packages.
\nA vulnerability has been discovered in webcalendar, a PHP based\nmulti-user calendar, that can lead to the disclosure of sensitive\ninformation to unauthorised parties.
\nThe old stable distribution (woody) does not contain the webcalendar package.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.9.45-6.
\nWe recommend that you upgrade your webcalendar package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nWojciech Purczynski found out that it is possible for scripts to pass\narbitrary text to sendmail as commandline extension when sending a\nmail through PHP even when safe_mode is turned on. Passing 5th\nargument should be disabled if PHP is configured in safe_mode, which\nis the case for newer PHP versions and for the versions below. This\ndoes not affect PHP3, though.
\nWojciech Purczynski also found out that arbitrary ASCII control\ncharacters may be injected into string arguments of the mail() function.\nIf mail() arguments are taken from user's input it may give the user\nability to alter message content including mail headers.
\nUlf H\u00e4rnhammar discovered that file() and fopen() are vulnerable to\nCRLF injection. An attacker could use it to escape certain\nrestrictions and add arbitrary text to alleged HTTP requests that are\npassed through.
\nHowever this only happens if something is passed to these functions\nwhich is neither a valid file name nor a valid url. Any string that\ncontains control chars cannot be a valid url. Before you pass a\nstring that should be a url to any function you must use urlencode()\nto encode it.
\nThree problems have been identified in PHP:
\nThese problems have been fixed in version 3.0.18-23.1woody1 for PHP3\nand 4.1.2-5 for PHP4 for the current stable distribution (woody), in\nversion 3.0.18-0potato1.2 for PHP3 and 4.0.3pl1-0potato4 for PHP4 in\nthe old stable distribution (potato) and in version 3.0.18-23.2 for\nPHP3 and 4.2.3-3 for PHP4 for the unstable distribution (sid).
\nWe recommend that you upgrade your PHP packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nJoel R. Voss discovered that the IAX2 module of Asterisk, a free\nsoftware PBX and telephony toolkit performs insufficient validation of\nIAX2 protocol messages, which may lead to denial of service.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.2.13~dfsg-2etch4.
\nFor the unstable distribution (sid), this problem has been fixed\nin version 1.4.19.1~dfsg-1.
\nWe recommend that you upgrade your asterisk packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nRonald Volgers discovered that the lppasswd component of the cups suite,\nthe Common UNIX Printing System, is vulnerable to format string attacks\ndue to insecure use of the LOCALEDIR environment variable. An attacker\ncan abuse this behaviour to execute arbitrary code via crafted localization\nfiles and triggering calls to _cupsLangprintf(). This works as the lppasswd\nbinary happens to be installed with setuid 0 permissions.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny8.
\nFor the testing distribution (squeeze) this problem will be fixed soon.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.4.2-9.1.
\nWe recommend that you upgrade your cups packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSaulius Lapinskas from Lithuanian State Social Insurance Fund Board\ndiscovered that Squid3, a fully featured web proxy cache, does not\nproperly process responses to If-None-Modified HTTP conditional\nrequests, leading to client-specific Cookie data being leaked to other\nclients. A remote attacker can take advantage of this flaw to discover\nprivate and sensitive information about another clients browsing\nsession.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.4.8-6+deb8u4. In addition, this update includes a fix for\n#819563.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.23-1.
\nWe recommend that you upgrade your squid3 packages.
\nCurrent versions of l2tpd, a layer 2 tunneling client/server program,\nforgot to initialize the random generator which made it vulnerable\nsince all generated random number were 100% guessable. When dealing\nwith the size of the value in an attribute value pair, too many bytes\nwere able to be copied, which could lead into the vendor field being\noverwritten.
\nThese problems have been fixed in version 0.67-1.1 for the current\nstable distribution (woody) and in version 0.68-1 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected, since it doesn't contain the l2tpd package.
\nWe recommend that you upgrade your l2tpd packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMark Litchfield found a denial of service attack in the Apache\nweb-server. While investigating the problem the Apache Software\nFoundation discovered that the code for handling invalid requests which\nuse chunked encoding also might allow arbitrary code execution on 64\nbit architectures.
\nThis has been fixed in version 1.3.9-14.1 of the Debian apache package,\nas well as upstream versions 1.3.26 and 2.0.37. We strongly recommend\nthat you upgrade your apache package immediately.
\nThe package upgrade does not restart the apache server automatically,\nthis will have to be done manually. Please make sure your\nconfiguration is correct (\"apachectl configtest\" will verify that for\nyou) and restart it using \"/etc/init.d/apache restart\"
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMultiple vulnerabilities have been discovered in xine-lib, a library\nwhich supplies most of the application functionality of the xine\nmultimedia player. The Common Vulnerabilities and Exposures project\nidentifies the following three problems:
\nInteger overflow vulnerabilities exist in xine's FLV, QuickTime,\n RealMedia, MVE and CAK demuxers, as well as the EBML parser used\n by the Matroska demuxer. These weaknesses allow an attacker to\n overflow heap buffers and potentially execute arbitrary code by\n supplying a maliciously crafted file of those types.
Insufficient input validation in the Speex implementation used\n by this version of xine enables an invalid array access and the\n execution of arbitrary code by supplying a maliciously crafted\n Speex file.
Inadequate bounds checking in the NES Sound Format (NSF) demuxer\n enables a stack buffer overflow and the execution of arbitrary\n code through a maliciously crafted NSF file.
For the stable distribution (etch), these problems have been fixed in\nversion 1.1.2+dfsg-7.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.12-2.
\nWe recommend that you upgrade your xine-lib packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nDrew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.
Drew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.
Drew Yao discovered that a programming error in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.
Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.
Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.
It was discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.
For the stable distribution (etch), these problems have been fixed in\nversion 1.8.5-4etch2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7.22-2.
\nWe recommend that you upgrade your ruby1.8 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that the ActiveMQ Java message broker performs unsafe\ndeserialisation. For additional information, please refer to the\nupstream advisory at\nhttp://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 5.6.0+dfsg-1+deb7u2.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.6.0+dfsg1-4+deb8u2.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 5.13.2+dfsg-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.13.2+dfsg-1.
\nWe recommend that you upgrade your activemq packages.
\ntypespeed is a game which challenges the player to type words\ncorrectly and quickly. It contains a network play mode which allows\nplayers on different systems to play competitively. The network code\ncontains a buffer overflow which could allow a remote attacker to\nexecute arbitrary code under the privileges of the user invoking\ntypespeed, in addition to gid games.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.4.1-2.2.
\nFor the old stable distribution (potato) this problem has been fixed\nin version 0.4.0-5.2.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you update your typespeed package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nThis update for Iceweasel, a web browser based on Firefox, updates the\ncertificate blacklist for several fraudulent HTTPS certificates.
\nMore details can be found in a blog posting by Jacob Appelbaum of the Tor project.\n
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-9 of the xulrunner source package.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-6.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.18-1.
\nFor the experimental distribution, this problem has been fixed in\nversion 4.0~rc2-1.
\nWe recommend that you upgrade your iceweasel packages.
\nTimo Sirainen reported a vulnerability in screen, a terminal\nmultiplexor with VT100/ANSI terminal emulation, that can lead an\nattacker to gain group utmp privileges.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.9.11-5woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 4.0.2-0.1.
\nWe recommend that you upgrade your screen package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities were discovered in SystemTap, an instrumentation\nsystem for Linux:
\nIt was discovered that a race condition in staprun could lead to\n privilege escalation.
It was discovered that insufficient validation of environment\n variables in staprun could lead to privilege escalation.
It was discovered that insufficient validation of module unloading\n could lead to denial of service.
For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2-5+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6-1.
\nWe recommend that you upgrade your systemtap packages.
\nAlasdair Kergon discovered that the cluster logical volume manager daemon\n(clvmd) in LVM2, The Linux Logical Volume Manager, does not verify client\ncredentials upon a socket connection, which allows local users to cause a\ndenial of service.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.02.39-8.
\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.02.66-3.
\nWe recommend that you upgrade your lvm2 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that in ZoneCheck, a tool to check DNS configurations,\nthe CGI does not perform sufficient sanitation of user input; an\nattacker can take advantage of this and pass script code in order to\nperform cross-site scripting attacks.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.0.4-13lenny1.
\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 2.1.1-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.1-1.
\nWe recommend that you upgrade your zonecheck packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA buffer overflow has been discovered in nagios, a host, service and\nnetwork monitoring and management system, that could be exploited by\nremote attackers to execute arbitrary code.
\nThe old stable distribution (woody) does not contain nagios packages.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.3-cvs.20050402-2.sarge.2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.4-1 and 2.3-1.
\nWe recommend that you upgrade your nagios package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nLaurent Almeras and Guillaume Smet have discovered a possible SQL\ninjection vulnerability and cross-site scripting vulnerabilities in\ngforge, a collaborative development tool. Due to insufficient input\nsanitising, it was possible to inject arbitrary SQL statements and use\nseveral parameters to conduct cross-site scripting attacks.
\nFor the stable distribution (lenny), these problem have been fixed in\nversion 4.7~rc2-7lenny1.
\nThe oldstable distribution (etch), these problems have been fixed in\nversion 4.5.14-22etch11.
\nFor the testing distribution (squeeze), these problems will be fixed\nsoon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.7.3-2.
\nWe recommend that you upgrade your gforge packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSteve Henson of the OpenSSL core team identified and prepared fixes\nfor a number of vulnerabilities in the OpenSSL ASN1 code that were\ndiscovered after running a test suite by British National\nInfrastructure Security Coordination Centre (NISCC).
\nA bug in OpenSSLs SSL/TLS protocol was also identified which causes\nOpenSSL to parse a client certificate from an SSL/TLS client when it\nshould reject it as a protocol error.
\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nInteger overflow in OpenSSL that allows remote attackers to cause a\n denial of service (crash) via an SSL client certificate with\n certain ASN.1 tag values.
\nOpenSSL does not properly track the number of characters in certain\n ASN.1 inputs, which allows remote attackers to cause a denial of\n service (crash) via an SSL client certificate that causes OpenSSL\n to read past the end of a buffer when the long form is used.
\nDouble-free vulnerability allows remote attackers to cause a denial\n of service (crash) and possibly execute arbitrary code via an SSL\n client certificate with a certain invalid ASN.1 encoding. This bug\n was only present in OpenSSL 0.9.7 and is listed here only for\n reference.
\nFor the stable distribution (woody) this problem has been\nfixed in openssl095 version 0.9.5a-6.woody.3.
\nThis package is not present in the unstable (sid) or testing (sarge)\ndistribution.
\nWe recommend that you upgrade your libssl095a packages and restart\nservices using this library. Debian doesn't ship any packages that\nare linked against this library.
\nThe following commandline (courtesy of Ray Dassen) produces a list of\nnames of running processes that have libssl095 mapped into their\nmemory space:
\n\n find /proc -name maps -exec egrep -l 'libssl095' {} /dev/null \\; | sed -e 's/[^0-9]//g' | xargs --no-run-if-empty ps --no-headers -p | sed -e 's/^\\+//' -e 's/ \\+/ /g' | cut -d ' ' -f 5 | sort | uniq\n\n
You should restart the associated services.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMichal Zalewski discovered multiple vulnerabilities in SQLite, which\nmay result in denial of service or the execution of arbitrary code.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.8.7.1-1+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed in\nversion 3.8.9-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.8.9-1.
\nWe recommend that you upgrade your sqlite3 packages.
\nWe recommend you upgrade your jazip package immediately.
Several vulnerabilities were found in c-icap, an ICAP server\nimplementation, which could allow a remote attacker to cause c-icap to\ncrash, or have other, unspecified impacts.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:0.1.6-1.1+deb7u1.
\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1:0.3.1-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:0.3.1-1.
\nWe recommend that you upgrade your c-icap packages.
\nMax Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet\ndriver from Roaring Penguin. When the program is running setuid root\n(which is not the case in a default Debian installation), an attacker\ncould overwrite any file on the file system.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.3-1.2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.5-4.
\nWe recommend that you upgrade your pppoe package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral local (remote) vulnerabilities have been discovered in libvorbis,\na library for the Vorbis general-purpose compressed audio codec. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nlibvorbis does not properly handle a zero value which allows remote\n attackers to cause a denial of service (crash or infinite loop) or\n trigger an integer overflow.
Integer overflow in libvorbis allows remote attackers to execute\n arbitrary code via a crafted OGG file, which triggers a heap overflow.
Integer overflow in libvorbis allows remote attackers to cause a denial\n of service (crash) or execute arbitrary code via a crafted OGG file\n which triggers a heap overflow.
For the stable distribution (etch), these problems have been fixed in version\n1.1.2.dfsg-1.4.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.dfsg-3.1.
\nWe recommend that you upgrade your libvorbis package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nBastian Blank discovered a vulnerability in bsmtpd, a batched SMTP mailer for\nsendmail and postfix. Unsanitised addresses can cause the execution\nof arbitrary commands during alleged mail delivery.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.3pl8b-12woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.3pl8b-16.
\nWe recommend that you upgrade your bsmtpd package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, out of\nbound reads, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, information disclosure, denial of\nservice.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 24.4.0esr-1~deb7u2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 24.4.0esr-1.
\nWe recommend that you upgrade your iceweasel packages.
\nSeveral vulnerabilities were discovered in the International Components\nfor Unicode (ICU) library.
\nThe Unicode Bidirectional Algorithm implementation does not properly\n track directionally isolated pieces of text, which allows remote\n attackers to cause a denial of service (heap-based buffer overflow)\n or possibly execute arbitrary code via crafted text.
The Unicode Bidirectional Algorithm implementation uses an integer\n data type that is inconsistent with a header file, which allows\n remote attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary code via\n crafted text.
The Layout Engine was missing multiple boundary checks. These could\n lead to buffer overflows and memory corruption. A specially crafted\n file could cause an application using ICU to parse untrusted font\n files to crash and, possibly, execute arbitrary code.
Additionally, it was discovered that the patch applied to ICU in DSA-3187-1\nfor CVE-2014-6585 was incomplete, possibly leading to an invalid memory\naccess. This could allow remote attackers to disclose portion of private\nmemory via crafted font files.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 4.8.1.1-12+deb7u3.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.1-8+deb8u2.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 52.1-10.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.1-10.
\nWe recommend that you upgrade your icu packages.
\nSeveral remote vulnerabilities have been discovered in the Horde web\napplication framework, which may lead to the execution of arbitrary\nweb script code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nNull characters in the URL parameter bypass a sanity check, which\n allowed remote attackers to read arbitrary files, which allowed\n information disclosure.
User input in the help viewer was passed unsanitised to the eval()\n function, which allowed injection of arbitrary web code.
The old stable distribution (woody) doesn't contain horde2 packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.2.8-1sarge2.
\nThe unstable distribution (sid) does no longer contain horde2 packages.
\nWe recommend that you upgrade your horde2 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.
Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4
, shutdown
,\n Philip Taylor and tgirmann
discovered crashes in the Javascript\n engine, which might allow the execution of arbitrary code.
hong
and Gregory Fleischer discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.
moz_bug_r_a4
and Boris Zbarsky discovered several\n vulnerabilities in Javascript handling, which could allow\n privilege escalation.
Justin Dolske discovered that the password storage mechanism could\n be abused by malicious web sites to corrupt existing saved passwords.
Gerry Eisenhaur and moz_bug_r_a4
discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.
David Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure and\n potentially the execution of arbitrary code.
Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (by disabling dialog elements until a timeout is reached)\n could be bypassed by window focus changes through Javascript.
It was discovered that malformed content declarations of saved\n attachments could prevent a user in the opening local files\n with a .txt
file name, resulting in minor denial of service.
Martin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.
Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with <div> elements.
The Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.
\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.12~pre080131b-0etch1.
\nWe recommend that you upgrade your iceape packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in information disclosure,\nthe bypass of CSRF protections and bypass of the SecurityManager.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 7.0.28-4+deb7u4. This update also fixes CVE-2014-0119 and\nCVE-2014-0096.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u2.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 7.0.68-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.68-1.
\nWe recommend that you upgrade your tomcat7 packages.
\n\nIt was discovered that several buffer overflows in tcpreen, a tool for\nmonitoring a TCP connection, may lead to denial of service.\n
\n\nThe old stable distribution (sarge) doesn't contain tcpreen.\n
\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.3-0.1etch1.\n
\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.3-0.3.\n
\n\nWe recommend that you upgrade your tcpreen package.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nBrian Caswell discovered that an improperly formatted SMB packet could\nmake ethereal hang and eat CPU endlessly.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.4-1woody9.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.10.8-1.
\nWe recommend that you upgrade your ethereal packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nUlf H\u00e4rnhammar discovered a buffer overflow vulnerability in www-sql,\na CGI program which enables the creation of dynamic web pages by\nembedding SQL statements in HTML. By exploiting this\nvulnerability, a local user could cause the execution of arbitrary\ncode by creating a web page and processing it with www-sql.
\nFor the current stable distribution (woody), this problem has been\nfixed in version 0.5.7-17woody1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you update your www-sql package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that the message header parser in the Dovecot mail\nserver parsed NUL characters incorrectly, which could lead to denial\nof service through malformed mail headers.
\nThe oldstable distribution (lenny) is not affected.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.15-7.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.13-1.
\nWe recommend that you upgrade your dovecot packages.
\nJan Braun discovered that the fbgs script of fbi, an image viewer for\nthe framebuffer environment, creates an directory in a predictable manner,\nwhich allows denial of service through symlink attacks.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 1.23woody1.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.01-1.2sarge1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your fbi package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nCross site scripting was possible in search, that allowed\n a remote attacker to inject arbitrary web script or HTML.
Cross site scripting was possible in errors, that allowed\n a remote attacker to inject arbitrary web script or HTML.
Display of PHP's phpinfo() function was available to world, but only\n if this functionality had been enabled (defaults to off). This may\n leak some information about the host system.
For the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny7.
\nFor the testing (squeeze) and unstable distribution (sid), these problems\nhave been fixed in version 3.3.7-3.
\nWe recommend that you upgrade your phpmyadmin package.
\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/
\nIt was discovered that GnuTLS, a library implementing the TLS and SSL\nprotocols, incorrectly validates the first byte of padding in CBC modes.\nA remote attacker can possibly take advantage of this flaw to perform a\npadding oracle attack.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.12.20-8+deb7u4.
\nWe recommend that you upgrade your gnutls26 packages.
\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\nThe vlc media player links statically against libavcodec.
\nThe old stable distribution (woody) isn't affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.8.1.svn20050314-1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.8.4.debian-2.
\nWe recommend that you upgrade your vlc package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral SQL injection vulnerabilities have been discovered in Cacti, an\nRRDTool frontend written in PHP. Specially crafted input can be used by\nan attacker in the rra_id value of the graph.php script to execute\narbitrary SQL commands on the database.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 0.8.8a+dfsg-5+deb7u7.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.8.8b+dfsg-8+deb8u3.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 0.8.8f+ds1-3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.8f+ds1-3.
\nWe recommend that you upgrade your cacti packages.
\nMoritz Jodeit discovered that ClamAV, an anti-virus solution, suffers\nfrom an off-by-one-error in its VBA project file processing, leading to\na heap-based buffer overflow and potentially arbitrary code execution\n(CVE-2008-5050).
\nIlja van Sprundel discovered that ClamAV contains a denial of service\ncondition in its JPEG file processing because it does not limit the\nrecursion depth when processing JPEG thumbnails (CVE-2008-5314).
\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.90.1dfsg-4etch16.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.94.dfsg.2-1.
\nThe testing distribution (lenny) will be fixed soon.
\nWe recommend that you upgrade your clamav packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nNikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag\nLibrary, may lead to denial of service through symlink attacks.
\nFor the oldstable distribution (sarge) this problem has been fixed in\nversion 3.8.3-4.1sarge1.
\nDue to a technical limitation in the archive management scripts the fix\nfor the stable distribution (etch) can only be released in a few days.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.8.3-7.
\nWe recommend that you upgrade your id3lib3.8.3 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThis problem has been fixed in version 3.12-10.1. Since that code is\nnot turned on by default a standard installation is not vulnerable,\nbut we still recommend to upgrade your exim package.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nThe developers of courier, an integrated user side mail server,\ndiscovered a problem in the PostgreSQL auth module. Not all\npotentially malicious characters were sanitized before the username\nwas passed to the PostgreSQL engine. An attacker could inject\narbitrary SQL commands and queries exploiting this vulnerability. The\nMySQL auth module is not affected.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.37.3-3.3.
\nThe old stable distribution (potato) does not contain courier packages.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.40.2-3.
\nWe recommend that you upgrade your courier-authpostgresql package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt has been discovered that popfile, a bayesian mail classifier, can\nbe forced into a crash through malformed character sets within email\nmessages, which allows denial of service.
\nThe old stable distribution (woody) does not contain popfile packages.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.22.2-2sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.22.4-1.
\nWe recommend that you upgrade your popfile package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJoxean Koret discovered several security problems in tutos, a web-based\nteam organization software. The Common Vulnerabilities and Exposures Project\nidentifies the following problems:
\nAn SQL injection vulnerability allows the execution of SQL commands\n through the link_id parameter in file_overview.php.
Cross-Site-Scripting vulnerabilities in the search function of the\n address book and in app_new.php allow the execution of web script\n code.
The old stable distribution (woody) does not contain tutos packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.1.20031017-2+1sarge1.
\nThe unstable distribution (sid) does no longer contain tutos packages.
\nWe recommend that you upgrade your tutos package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nDawid Golunski from LegalHackers discovered that PHP Swift Mailer, a\nmailing solution for PHP, did not correctly validate user input. This\nallowed a remote attacker to execute arbitrary code by passing\nspecially formatted email addresses in specific email headers.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.2-1+deb8u1.
\nFor the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 5.4.2-1.1.
\nWe recommend that you upgrade your libphp-swiftmailer packages.
\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts of\nthe Java sandbox, information disclosur, denial of service and insecure\ncryptography.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 7u95-2.6.4-1~deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7u95-2.6.4-1~deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u95-2.6.4-1.
\nWe recommend that you upgrade your openjdk-7 packages.
\nThe TERASOLUNA Framework Development Team discovered a denial of service\nvulnerability in Apache Commons FileUpload, a package to make it\neasy to add robust, high-performance, file upload capability to servlets\nand web applications. A remote attacker can take advantage of this flaw\nby sending file upload requests that cause the HTTP server using the\nApache Commons Fileupload library to become unresponsive, preventing the\nserver from servicing other requests.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.3.1-1+deb8u1.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 1.3.2-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.2-1.
\nWe recommend that you upgrade your libcommons-fileupload-java packages.
\nSeveral vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nMarti Raudsepp reported that a user with a hardcoded password is\n created when running tests with an Oracle database.
Aymeric Augustin discovered that Django does not properly validate\n the Host header against settings.ALLOWED_HOSTS when the debug\n setting is enabled. A remote attacker can take advantage of this\n flaw to perform DNS rebinding attacks.
It was discovered that is_safe_url() does not properly handle\n certain numeric URLs as safe. A remote attacker can take advantage\n of this flaw to perform XSS attacks or to use a Django server as an\n open redirect.
Phithon from Chaitin Tech discovered an open redirect vulnerability\n in the django.views.static.serve() view. Note that this view is not\n intended for production use.
For the stable distribution (jessie), these problems have been fixed in\nversion 1.7.11-1+deb8u2.
\nWe recommend that you upgrade your python-django packages.
\nSeveral vulnerabilities have been discovered in the chromium web browser.
\nA type confusion issue was discovered in the handling of extensions.
cloudfuzzer discovered a use-after-free issue.
Inti De Ceukelaire discovered a way to inject HTML into\n serialized web pages.
The chrome 47 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the v8 javascript library, version 4.7.80.23.
For the stable distribution (jessie), these problems have been fixed in\nversion 47.0.2526.80-1~deb8u1.
\nFor the testing distribution (stretch), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 47.0.2526.80-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nAniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and\nJSP engine, static error pages used the original request's HTTP method\nto serve content, instead of systematically using the GET method. This\ncould under certain conditions result in undesirable results,\nincluding the replacement or removal of the custom error page.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 7.0.56-3+deb8u11.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.0.72-3.
\nFor the testing distribution (buster), this problem has been fixed\nin version 7.0.72-3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.0.72-3.
\nWe recommend that you upgrade your tomcat7 packages.
\nJoshua Morin, Mikko Varpiola and Jukka Taimisto discovered an assertion\nerror in squid3, a full featured Web Proxy cache, which could lead to\na denial of service attack.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 3.0.PRE5-5+etch1.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3, which was already included in the lenny release.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 3.0.STABLE8-3.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSebastian Krahmer and Marius Tomaschewski discovered that dhclient of\nisc-dhcp, a DHCP client, is not properly filtering shell meta-characters\nin certain options in DHCP server responses. These options are reused in\nan insecure fashion by dhclient scripts. This allows an attacker to execute\narbitrary commands with the privileges of such a process by sending crafted\nDHCP options to a client using a rogue server.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nadditional update for dhcp3.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze2.
\nFor the testing distribution (wheezy), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.1.1-P1-16.1.
\nWe recommend that you upgrade your isc-dhcp packages.
\nZenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It\npermits a local user to copy any file to anywhere which is writable by\nthe uucp uid, which effectively means that a local user can completely\nsubvert the UUCP subsystem, including stealing mail, etc.
\nIf a remote user with UUCP access is able to create files on the local\nsystem, and can successfully make certain guesses about the local\ndirectory structure layout, then the remote user can also subvert the\nUUCP system. A default installation of UUCP will permit a remote user\nto create files on the local system if the UUCP public directory has\nbeen created with world write permissions.
\nObviously this security hole is serious for anybody who uses UUCP on a\nmulti-user system with untrusted users, or anybody who uses UUCP and\npermits connections from untrusted remote systems.
\nIt was thought that this problem has been fixed with DSA 079-1, but\nthat didn't fix all variations of the problem. The problem is fixed\nin version 1.06.1-11potato2 of uucp which uses a patch from the\nupstream author Ian Lance Taylor.
\nWe recommend that you upgrade your uucp package immediately.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nLeo Iannacone and Colin Watson discovered a format string vulnerability\nin the Python bindings for the Clearsilver HTML template system, which\nmay lead to denial of service or the execution of arbitrary code.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.10.4-1.3+lenny1.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.10.5-1+squeeze1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your clearsilver packages.
\nSeveral vulnerabilities were discovered in the chromium web browser.
\nSkyLined discovered a use-after-free issue in speech\n recognition.
An out-of-bounds write issue was discovered that could be used to\n escape from the sandbox.
A cross-origin bypass issue was discovered in the DOM parser.
A cross-origin bypass issue was discovered in the DOM editing\n feature.
Khalil Zhani discovered a use-after-free issue in WebAudio.
Atte Kettunen discovered a use-after-free issue in the SVG\n implementation.
miaubiz discovered an overflow issue in the SVG implementation.
cloudfuzzer discovered an invalid size parameter used in the\n libvpx library.
Atte Kettunen discovered an uninitialized memory issue in the\n pdfium library.
Khalil Zhani discovered multiple use-after-free issues in chromium's\n interface to the WebRTC library.
Juho Nurminen discovered a URL bar spoofing issue.
miaubiz discovered the use of an uninitialized class member in\n font handling.
Mike Ruddy discovered that downloading the spellcheck dictionary\n was not done over HTTPS.
K0r3Ph1L discovered a cross-site scripting issue that could be\n triggered by bookmarking a site.
The chrome 43 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the libv8 library, version 4.3.61.21.
For the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.
\nFor the testing distribution (stretch), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nGunnar Wolf noticed that the correction for the following problem was\nnot complete and requires an update. For completeness we're\nproviding the original problem description:
\n\n\nAn algorithm weakness has been discovered in Apache2::Request, the\ngeneric request library for Apache2 which can be exploited remotely\nand cause a denial of service via CPU consumption.
\n
The old stable distribution (woody) does not contain this package.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.04-dev-1sarge2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.07-1.
\nWe recommend that you upgrade your libapreq2, libapache2-mod-apreq2\nand libapache2-request-perl packages.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nThe cPanel Security Team reported a time of check to time of use\n(TOCTTOU) race condition flaw in File::Path, a core module from Perl to\ncreate or remove directory trees. An attacker can take advantage of this\nflaw to set the mode on an attacker-chosen file to a attacker-chosen\nvalue.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.20.2-3+deb8u7.
\nFor the upcoming stable distribution (stretch), this problem has been\nfixed in version 5.24.1-3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.24.1-3.
\nWe recommend that you upgrade your perl packages.
\nIt was discovered that XStream, a Java library to serialize objects to\nXML and back again, was susceptible to XML External Entity attacks.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.4.7-2+deb8u1.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 1.4.9-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.9-1.
\nWe recommend that you upgrade your libxstream-java packages.
\nJohn Heasman and others discovered a bug in the PostgreSQL engine\nwhich would allow any user load an arbitrary local library into it.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 7.2.1-2woody7.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 7.4.7-1.
\nWe recommend that you upgrade your postgresql packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMariusz Mlynski discovered that websites could open a download\n dialog \u2014\u00a0which has open
as the default action\u00a0\u2014, while a user\n presses the ENTER key.
Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes\n in the rendering engine, which could lead to the execution of\n arbitrary code.
Mark Kaplan discovered an integer underflow in the JavaScript\n engine, which could lead to the execution of arbitrary code.
Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the same-origin\n policy.
Ian Graham discovered that multiple Location headers might lead to\n CRLF injection.
As indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze5.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1.
\nWe recommend that you upgrade your icedove packages.
\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nUse-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote\n attackers to cause a denial of service or possibly have unspecified other\n impact via vectors related to image loading.
Google Chrome before 9.0.597.84 does not properly restrict drag and drop\n operations, which might allow remote attackers to bypass the Same Origin\n Policy via unspecified vectors.
Unspecified vulnerability in Google Chrome before 9.0.597.84 allows\n user-assisted remote attackers to cause a denial of service\n (application crash) via vectors involving a bad volume setting
.
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks,\n which allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors that lead to a stale pointer
.
Google Chrome before 9.0.597.94 does not properly perform event handling for\n animations, which allows remote attackers to cause a denial of service or\n possibly have unspecified other impact via unknown vectors that lead to a\n stale pointer
.
Google Chrome before 9.0.597.94 does not properly handle plug-ins, which\n allows remote attackers to cause a denial of service (out-of-bounds read)\n via unspecified vectors.
Google Chrome before 9.0.597.94 does not properly perform process termination\n upon memory exhaustion, which has unspecified impact and remote attack vectors.
For the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze2.
\nFor the testing distribution (wheezy), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed\nin version 9.0.597.98~r74359-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nIt was discovered that jhead, a tool to manipulate the non-image part of\nEXIF compliant JPEG files, is prone to an out-of-bounds access\nvulnerability, which may result in denial of service or, potentially,\nthe execution of arbitrary code if an image with specially crafted EXIF\ndata is processed.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:2.97-1+deb8u1.
\nFor the upcoming stable distribution (stretch), this problem has been\nfixed in version 1:3.00-4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:3.00-4.
\nWe recommend that you upgrade your jhead packages.
\nQinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an\nimplementation of the IETF Service Location Protocol. This could allow\nremote attackers to cause a denial of service (crash).
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.2.1-9+deb7u1.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.2.1-10+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.1-11.
\nWe recommend that you upgrade your openslp-dfsg packages.
\nMarkus Pieton and Vytautas Paulikas discovered that the embedded video\nand audio player in the TYPO3 web content management system is suspectible\nto cross-site-scripting.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 4.5.19+dfsg1-5+wheezy1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 4.5.29+dfsg1-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.5.29+dfsg1-1.
\nWe recommend that you upgrade your typo3-src packages.
\nErik Sj\u00f6lund discovered that programs linked against xview are\nvulnerable to a number of buffer overflows in the XView library. When\nthe overflow is triggered in a program which is installed setuid root\na malicious user could perhaps execute arbitrary code as privileged\nuser.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 3.2p1.4-16woody2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.2p1.4-19.
\nWe recommend that you upgrade your xview packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15\n
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.15-1.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your libav packages.
\nSeveral vulnerabilities have been discovered in libgd2, a library for\nprogrammatic graphics creation and manipulation. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nKees Cook discovered a buffer overflow in libgd2's font renderer. An\n attacker could cause denial of service (application crash) and\n possibly execute arbitrary code via a crafted string with a JIS\n encoded font. This issue only affects the oldstable distribution\n (etch).
Tomas Hoger discovered a boundary error in the \"_gdGetColors()\"\n function. An attacker could conduct a buffer overflow or buffer\n over-read attacks via a crafted GD file.
For the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.33-5.2etch2.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.36~rc1~dfsg-3+lenny1.
\nFor the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version\n2.0.36~rc1~dfsg-3.1.
\nWe recommend that you upgrade your libgd2 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\ngPS is a graphical application to watch system processes. In release\n1.1.0 of the gps package, several security vulnerabilities were fixed,\nas detailed in the changelog:
\nAll of these problems affect Debian's gps package version 0.9.4-1 in\nDebian woody. Debian potato also contains a gps package (version\n0.4.1-2), but it is not affected by these problems, as the relevant\nfunctionality is not implemented in that version.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.9.4-1woody1.
\nThe old stable distribution (potato) is not affected by these problems.
\nFor the unstable distribution (sid) these problems are fixed in\nversion 1.1.0-1.
\nWe recommend that you update your gps package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nA use-after-free vulnerability was discovered in XML::LibXML, a Perl\ninterface to the libxml2 library, allowing an attacker to execute\narbitrary code by controlling the arguments to a replaceChild() call.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.0116+dfsg-1+deb8u2.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.0128+dfsg-1+deb9u1.
\nWe recommend that you upgrade your libxml-libxml-perl packages.
\nFor the detailed security status of libxml-libxml-perl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libxml-libxml-perl
\nSeveral vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:
\nThe UNIX socket handling allowed attackers to trigger a buffer overflow\n via a long path name.
The crypt_blowfish function did not properly handle 8-bit characters,\n which made it easier for attackers to determine a cleartext password\n by using knowledge of a password hash.
When used on 32 bit platforms, the exif extension could be used to\n trigger an integer overflow in the exif_process_IFD_TAG function\n when processing a JPEG file.
It was possible to trigger hash collisions predictably when parsing\n form parameters, which allows remote attackers to cause a denial of\n service by sending many crafted parameters.
When applying a crafted XSLT transform, an attacker could write files\n to arbitrary places in the filesystem.
NOTE: the fix for\nCVE-2011-2483\nrequired changing the behaviour of this function: it is now incompatible with\nsome old (wrongly) generated hashes for passwords containing 8-bit characters.\nSee the package NEWS entry for details. This change has not been applied to the\nLenny version of PHP.
\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny15.
\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze6.
\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 5.3.9-1.
\nWe recommend that you upgrade your php5 packages.
\nTwo vulnerabilities have been found in unzip, a de-archiver for .zip\nfiles. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nGustavo Grieco discovered that unzip incorrectly handled certain\n password protected archives. If a user or automated system were\n tricked into processing a specially crafted zip archive, an attacker\n could possibly execute arbitrary code.
Gustavo Grieco discovered that unzip incorrectly handled certain\n malformed archives. If a user or automated system were tricked into\n processing a specially crafted zip archive, an attacker could\n possibly cause unzip to hang, resulting in a denial of service.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 6.0-8+deb7u4.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 6.0-16+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 6.0-19.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6.0-19.
\nWe recommend that you upgrade your unzip packages.
\nIt was discovered that Bottle, a WSGI-framework for Python, performed\na too permissive detection of JSON content, resulting a potential\nbypass of security mechanisms.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.10.11-1+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 0.12.6-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.12.6-1.
\nWe recommend that you upgrade your python-bottle packages.
\nTavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not\nscrub the environment before executing mount or umount with elevated\nprivileges. A local user can take advantage of this flaw to overwrite\narbitrary files and gain elevated privileges by accessing debugging\nfeatures via the environment that would not normally be safe for\nunprivileged users.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.9.0-2+deb7u2.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.9.3-15+deb8u1.
\nFor the testing distribution (stretch) and the unstable distribution\n(sid), this problem will be fixed soon.
\nWe recommend that you upgrade your fuse packages.
\nColin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.
\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your asterisk packages.
\nSeveral vulnerabilities have been discovered in the chromium web browser.
\nIt was discovered that a maliciously crafted extension could bypass\n the Same Origin Policy.
Mariusz Mlynski discovered a way to bypass the Same Origin Policy.
lukezli discovered a buffer overflow issue in the Brotli library.
Jann Horn discovered a way to cause the Chrome Instant feature to\n navigate to unintended destinations.
An out-of-bounds read issue was discovered in the openjpeg library.
It was discovered that the Developer Tools did not validate URLs.
An out-of-bounds read issue was discovered in the pdfium library.
A way to bypass the Same Origin Policy was discovered in Blink/WebKit,\n along with a way to escape the chromium sandbox.
For the stable distribution (jessie), these problems have been fixed in\nversion 48.0.2564.116-1~deb8u1.
\nFor the testing distribution (stretch), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 48.0.2564.116-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nHanno Boeck discovered a heap-based buffer overflow flaw in the way\nLibtasn1, a library to manage ASN.1 structures, decoded certain\nDER-encoded input. A specially crafted DER-encoded input could cause an\napplication using the Libtasn1 library to crash, or potentially to\nexecute arbitrary code.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.2-3+deb8u1.
\nFor the testing distribution (stretch), this problem has been fixed in\nversion 4.4-3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.4-3.
\nWe recommend that you upgrade your libtasn1-6 packages.
\nVladimir Kolesnikov discovered a SQL injection vulnerability in WordPress,\na weblog manager.\nAn authenticated user could execute arbitrary SQL commands via the Send\nTrackbacks field.
\nFor the stable distribution (lenny), this problem has been fixed\nin version 2.5.1-11+lenny4.
\nFor the unstable distribution (sid), and the testing distribution (squeeze),\nthis problem has been fixed in version 3.0.2-1.
\nWe recommend that you upgrade your wordpress package.
\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/
\nMichael Brooks discovered that phpMyAdmin, a tool to administrate MySQL\nover the web, performs insufficient input sanitising allowing a user\nassisted remote attacker to execute code on the webserver.
\nFor the stable distribution (etch), this problem has been fixed in version\n2.9.1.1-10.
\nFor the testing distribution (lenny) and unstable distribution (sid), this\nproblem has been fixed in version 2.11.8.1-5.
\nWe recommend that you upgrade your phpmyadmin package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Ethereal network\nscanner, which may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nIt was discovered that the Q.2391 dissector is vulnerable to denial\n of service caused by memory exhaustion.
It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are\n vulnerable to denial of service caused by memory exhaustion.
It was discovered that the IrDA and SMB dissectors are vulnerable to\n denial of service caused by memory corruption.
It was discovered that the SLIMP3 and AgentX dissectors are vulnerable\n to code injection caused by buffer overflows.
It was discovered that the BER dissector is vulnerable to denial of\n service caused by an infinite loop.
It was discovered that the NCP and RTnet dissectors are vulnerable to\n denial of service caused by a null pointer dereference.
It was discovered that the X11 dissector is vulnerable to denial of service\n caused by a division through zero.
This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which\nwas introduced in a previous DSA.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.10.10-2sarge8.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.99.2-5.1 of wireshark, the network sniffer formerly known as\nethereal.
\nWe recommend that you upgrade your ethereal packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJakub Wilk reported that sudo, a program designed to provide limited\nsuper user privileges to specific users, preserves the TZ variable from\na user's environment without any sanitization. A user with sudo access\nmay take advantage of this to exploit bugs in the C library functions\nwhich parse the TZ environment variable or to open files that the user\nwould not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.8.5p2-1+nmu2.
\nWe recommend that you upgrade your sudo packages.
\nMultiple vulnerabilities have been found in Iceape, the Debian Internet suite\nbased on Mozilla Seamonkey:
\nHeap-based buffer overflow in the nsWindow::OnExposeEvent function could\n allow remote attackers to execute arbitrary code.
Multiple unspecified vulnerabilities in the browser engine could allow remote\n attackers to cause a denial of service (memory corruption and application\n crash) or possibly execute arbitrary code.
The HZ-GB-2312 character-set implementation does not properly handle a ~\n (tilde) character in proximity to a chunk delimiter, which allows remote\n attackers to conduct cross-site scripting (XSS) attacks via a crafted\n document.
The evalInSandbox implementation uses an incorrect context during the\n handling of JavaScript code that sets the location.href property, which\n allows remote attackers to conduct cross-site scripting (XSS) attacks or read\n arbitrary files by leveraging a sandboxed add-on.
Use-after-free vulnerability in the gfxFont::GetFontEntry function allows\n remote attackers to execute arbitrary code or cause a denial of service (heap\n memory corruption) via unspecified vectors.
For the stable distribution (squeeze), these problems have been fixed in\nversion 2.0.11-17.
\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 2.7.11-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.7.11-1.
\nWe recommend that you upgrade your iceape packages.
\nTomas Hoger discovered that the upstream fix for CVE-2009-3995 was\ninsufficient. This update provides a corrected package.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.1.11-6.0.1+lenny1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.1.11-6.3.
\nWe recommend that you upgrade your libmikmod packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: multiple memory safety errors,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code or denial of service. This update also\naddresses a vulnerability in DHE key processing commonly known as\nthe LogJam
vulnerability.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 31.8.0-1~deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 31.8.0-1~deb8u1.
\nFor the unstable distribution (sid), these problems will be fixed\nshortly.
\nWe recommend that you upgrade your icedove packages.
\nPhilip Hazel announced a buffer overflow in the host_aton function in\nexim, the default mail-transport-agent in Debian, which can lead to the\nexecution of arbitrary code via an illegal IPv6 address.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.35-1woody4.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.36-13 of exim and 4.34-10 of exim4.
\nWe recommend that you upgrade your exim and exim4 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nOlof Johansson reported a local DoS (Denial of Service) vulnerability\n on the PPC970 platform. Unprivileged users can hang the system by\n executing the attn
instruction, which was not being disabled at boot.
Kirill Korotaev reported a local DoS (Denial of Service) vulnerability\n on the ia64 and sparc architectures. A user could cause the system to\n crash by executing a malformed ELF binary due to insufficient verification\n of the memory layout.
ADLab Venustech Info Ltd reported a potential remote DoS (Denial of\n Service) vulnerability in the IP over ATM subsystem. A remote system\n could cause the system to crash by sending specially crafted packets\n that would trigger an attempt to free an already-freed pointer\n resulting in a system crash.
Martin Schwidefsky reported a potential leak of sensitive information\n on s390 systems. The copy_from_user function did not clear the remaining\n bytes of the kernel buffer after receiving a fault on the userspace\n address, resulting in a leak of uninitialized kernel memory. A local user\n could exploit this by appending to a file from a bad address.
Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service)\n vulnerability on powerpc systems. The alignment exception only\n checked the exception table for -EFAULT, not for other errors. This can\n be exploited by a local user to cause a system crash (panic).
Bill Allombert reported that various mount options are ignored by smbfs\n when UNIX extensions are enabled. This includes the uid, gid and mode\n options. Client systems would silently use the server-provided settings\n instead of honoring these options, changing the security model. This\n update includes a fix from Haroldo Gamal that forces the kernel to honor\n these mount options. Note that, since the current versions of smbmount\n always pass values for these options to the kernel, it is not currently\n possible to activate unix extensions by omitting mount options. However,\n this behavior is currently consistent with the current behavior of the\n next Debian release, 'etch'.
The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:
\nDebian 3.1 (sarge) | |
---|---|
Source | 2.4.27-10sarge5 |
Alpha architecture | 2.4.27-10sarge5 |
ARM architecture | 2.4.27-2sarge5 |
Intel IA-32 architecture | 2.4.27-10sarge5 |
Intel IA-64 architecture | 2.4.27-10sarge5 |
Motorola 680x0 architecture | 2.4.27-3sarge5 |
Big endian MIPS | 2.4.27-10.sarge4.040815-2 |
Little endian MIPS | 2.4.27-10.sarge4.040815-2 |
PowerPC architecture | 2.4.27-10sarge5 |
IBM S/390 architecture | 2.4.27-2sarge5 |
Sun Sparc architecture | 2.4.27-9sarge5 |
The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\nDebian 3.1 (sarge) | |
---|---|
fai-kernels | 1.9.1sarge5 |
kernel-image-2.4.27-speakup | 2.4.27-1.1sarge4 |
mindi-kernel | 2.4.27-2sarge4 |
systemimager | 3.2.3-6sarge4 |
We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nMichal Zalewski discovered that the unload event handler had access to\n the address of the next page to be loaded, which could allow information\n disclosure or spoofing.
Stefano Di Paola discovered that insufficient validation of user names\n used in Digest authentication on a web site allows HTTP response splitting\n attacks.
It was discovered that insecure focus handling of the file upload\n control can lead to information disclosure. This is a variant of\n CVE-2006-2894.
Eli Friedman discovered that web pages written in Xul markup can hide the\n titlebar of windows, which can lead to spoofing attacks.
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI\n schemes may lead to information disclosure. This vulnerability is only\n exploitable if Gnome-VFS support is present on the system.
moz_bug_r_a4
discovered that the protection scheme offered by XPCNativeWrappers\n could be bypassed, which might allow privilege escalation.
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,\n Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of arbitrary code.
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the\n JavaScript engine, which might allow the execution of arbitrary code.
The oldstable distribution (sarge) doesn't contain xulrunner.
\nFor the stable distribution (etch) these problems have been fixed in version\n1.8.0.14~pre071019b-0etch1. Builds for hppa and mipsel will be provided later.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your xulrunner packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral programming errors in the wrestool tool of icoutils, a suite\nof tools to create and extract MS Windows icons and cursors, allow\ndenial of service or the execution of arbitrary code if a malformed\nbinary is parsed.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.31.0-2+deb8u2.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 0.31.1-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.31.1-1.
\nWe recommend that you upgrade your icoutils packages.
\nA heap overflow vulnerability has been discovered in the TIFF parsing\ncode of the OpenOffice.org suite. The parser uses untrusted values\nfrom the TIFF file to calculate the number of bytes of memory to\nallocate. A specially crafted TIFF image could trigger an integer\noverflow and subsequently a buffer overflow that could cause the\nexecution of arbitrary code.
\nFor the old stable distribution (sarge) this problem has been fixed in\nversion 1.1.3-9sarge8.
\nFor the stable distribution (etch) this problem has been fixed in\nversion 2.0.4.dfsg.2-7etch2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.2.1-9.
\nFor the experimental distribution this problem has been fixed in\nversion 2.3.0~src680m224-1.
\nWe recommend that you upgrade your openoffice.org packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\nSeveral remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n
\n\n It was discovered that a buffer overflow in MIME decoding can lead\n to the execution of arbitrary code.\n
\n It was discovered that missing boundary checks on a reference\n counter for CSS objects can lead to the execution of arbitrary code.\n
\n Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code.\n
\n Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in\n the Javascript engine, which might allow the execution of arbitrary code.\n
\n \"moz_bug_r_a4\" discovered that XUL documents can escalate\n privileges by accessing the pre-compiled \"fastload\" file.\n
\n \"moz_bug_r_a4\" discovered that missing input sanitising in the\n mozIJSSubScriptLoader.loadSubScript() function could lead to the\n execution of arbitrary code. Iceweasel itself is not affected, but\n some addons are.\n
\n Daniel Glazman discovered that a programming error in the code for\n parsing .properties files could lead to memory content being\n exposed to addons, which could lead to information disclosure.\n
\n John G. Myers, Frank Benkstein and Nils Toedtmann discovered that\n alternate names on self-signed certificates were handled\n insufficiently, which could lead to spoofings secure connections.\n
\n Greg McManus discovered discovered a crash in the block reflow\n code, which might allow the execution of arbitrary code.\n
\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1.\nPackages for s390 are not yet available and will be provided later.\n
\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.0.16-1.\n
\n\nWe recommend that you upgrade your icedove package.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, unauthorised\ninformation disclosure or unauthorised information modification.
\nJann Horn discovered that when a subdirectory of a filesystem was\n bind-mounted into a chroot or mount namespace, a user that should\n be confined to that chroot or namespace could access the whole of\n that filesystem if they had write permission on an ancestor of\n the subdirectory. This is not a common configuration for wheezy,\n and the issue has previously been fixed for jessie.
Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB\n device could cause a denial of service (crash) by imitating a\n Whiteheat USB serial device but presenting a smaller number of\n endpoints.
Marcelo Ricardo Leitner discovered that creating multiple SCTP\n sockets at the same time could cause a denial of service (crash)\n if the sctp module had not previously been loaded. This issue\n only affects jessie.
Dmitry Vyukov discovered that System V IPC objects (message queues\n and shared memory segments) were made accessible before their\n ownership and other attributes were fully initialised. If a local\n user can race against another user or service creating a new IPC\n object, this may result in unauthorised information disclosure,\n unauthorised information modification, denial of service and/or\n privilege escalation.
\nA similar issue existed with System V semaphore arrays, but was\n less severe because they were always cleared before being fully\n initialised.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.68-1+deb7u5.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u5.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.2.3-1 or earlier versions.
\nWe recommend that you upgrade your linux packages.
\nIt was discovered that the Piston framework can deserializes untrusted\nYAML and Pickle data, leading to remote code execution (CVE-2011-4103).\n
\nThe old stable distribution (lenny) does not contain a\npython-django-piston package.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.2.2-1+squeeze1.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 0.2.2-2.
\nWe recommend that you upgrade your python-django-piston packages.
\nIt was discovered that APT, the high level package manager, does not\nproperly invalidate unauthenticated data\n(CVE-2014-0488), performs\nincorrect verification of 304 replies\n(CVE-2014-0487), does not perform\nthe checksum check when the Acquire::GzipIndexes option is used\n(CVE-2014-0489) and does not properly perform validation for binary\npackages downloaded by the apt-get download
command\n(CVE-2014-0490).
For the stable distribution (wheezy), these problems have been fixed in\nversion 0.9.7.9+deb7u3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.9.
\nWe recommend that you upgrade your apt packages.
\nA vulnerability has been discovered in the Linux kernel that may lead\nto privilege escalation. The Common Vulnerabilities and Exposures project\nidentifies the following problem:
\nTavis Ormandy and Julien Tinnes discovered an issue with how the\n sendpage function is initialized in the proto_ops structure.\n Local users can exploit this vulnerability to gain elevated\n privileges.
For the oldstable distribution (etch), this problem will be fixed in\nupdates to linux-2.6 and linux-2.6.24.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-17lenny2.
\nWe recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.
\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nStephane Chazelas discovered that the GNU C library, glibc, processed\n\"..\" path segments in locale-related environment variables, possibly\nallowing attackers to circumvent intended restrictions, such as\nForceCommand in OpenSSH, assuming that they can supply crafted locale\nsettings.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.13-38+deb7u3.
\nThis update also includes changes previously scheduled for the next\nwheezy point release as version 2.13-38+deb7u2. See the Debian\nchangelog for details.
\nWe recommend that you upgrade your eglibc packages.
\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nLMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted cramfs filesystem.
LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted ext2 filesystem.
LMH reported an issue in the minix filesystem that allows local users\n with mount privileges to create a DoS (printk flood) by mounting a\n specially crafted corrupt filesystem.
OpenVZ Linux kernel team reported an issue in the smbfs filesystem which\n can be exploited by local users to cause a DoS (oops) during mount.
Ilja van Sprundel discovered that kernel memory could be leaked via the\n Bluetooth setsockopt call due to an uninitialized stack buffer. This\n could be used by local attackers to read the contents of sensitive kernel\n memory.
Thomas Graf reported a typo in the DECnet protocol handler that could\n be used by a local attacker to overrun an array via crafted packets,\n potentially resulting in a Denial of Service (system crash).\n A similar issue exists in the IPV4 protocol handler and will be fixed\n in a subsequent update.
Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused\n by releasing a socket before PPPIOCGCHAN is called upon it. This could\n be used by a local user to DoS a system by consuming all available memory.
The PaX Team discovered a potential buffer overflow in the random number\n generator which may permit local users to cause a denial of service or\n gain additional privileges. This issue is not believed to effect default\n Debian installations where only root has sufficient privileges to exploit\n it.
Adam Litke reported a potential local denial of service (oops) on\n powerpc platforms resulting from unchecked VMA expansion into address\n space reserved for hugetlb pages.
Steve French reported that CIFS filesystems with CAP_UNIX enabled\n were not honoring a process' umask which may lead to unintentionally\n relaxed permissions.
Wojciech Purczynski discovered that pdeath_signal was not being reset\n properly under certain conditions which may allow local users to gain\n privileges by sending arbitrary signals to suid binaries.
Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs.\n A misconversion of hugetlb_vmtruncate_list to prio_tree may allow\n local users to trigger a BUG_ON() call in exit_mmap.
Alan Cox reported an issue in the aacraid driver that allows unprivileged\n local users to make ioctl calls which should be restricted to admin\n privileges.
Wojciech Purczynski discovered a vulnerability that can be exploited\n by a local user to obtain superuser privileges on x86_64 systems.\n This resulted from improper clearing of the high bits of registers\n during ia32 system call emulation. This vulnerability is relevant\n to the Debian amd64 port as well as users of the i386 port who run\n the amd64 linux-image flavour.
Alex Smith discovered an issue with the pwc driver for certain webcam\n devices. If the device is removed while a userspace application has it\n open, the driver will wait for userspace to close the device, resulting\n in a blocked USB subsystem. This issue is of low security impact as\n it requires the attacker to either have physical access to the system\n or to convince a user with local access to remove the device on their\n behalf.
Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl\n handling, exploitable by a local user.
ADLAB discovered a possible memory overrun in the ISDN subsystem that\n may permit a local user to overwrite kernel memory by issuing\n ioctls with unterminated data.
Blake Frantz discovered that when a core file owned by a non-root user\n exists, and a root-owned process dumps core over it, the core file\n retains its original ownership. This could be used by a local user to\n gain access to sensitive information.
Cyrill Gorcunov reported a NULL pointer dereference in code specific\n to the CHRP PowerPC platforms. Local users could exploit this issue\n to achieve a Denial of Service (DoS).
Nick Piggin of SuSE discovered a number of issues in subsystems which\n register a fault handler for memory mapped areas. This issue can be\n exploited by local users to achieve a Denial of Service (DoS) and possibly\n execute arbitrary code.
The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | Debian 3.1 (sarge) |
---|---|
kernel-image-2.6.8-alpha | 2.6.8-17sarge1 |
kernel-image-2.6.8-amd64 | 2.6.8-17sarge1 |
kernel-image-2.6.8-hppa | 2.6.8-7sarge1 |
kernel-image-2.6.8-i386 | 2.6.8-17sarge1 |
kernel-image-2.6.8-ia64 | 2.6.8-15sarge1 |
kernel-image-2.6.8-m68k | 2.6.8-5sarge1 |
kernel-image-2.6.8-s390 | 2.6.8-6sarge1 |
kernel-image-2.6.8-sparc | 2.6.8-16sarge1 |
kernel-patch-powerpc-2.6.8 | 2.6.8-13sarge1 |
fai-kernels | 1.9.1sarge8 |
We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that Quagga, an IP routing daemon, could no longer\nprocess the Internet routing table due to broken handling of multiple\n4-byte AS numbers in an AS path. If such a prefix is received, the\nBGP daemon crashes with an assert failure, leading to a denial of\nservice.
\nThe old stable distribution (etch) is not affected by this issue.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.99.10-1lenny2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.99.11-2.
\nWe recommend that you upgrade your quagga package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo vulnerabilities have been discovered in the web interface of the\nDeluge BitTorrent client (directory traversal and cross-site request\nforgery).
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.3.10-3+deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.13+git20161130.48cedf63-3.
\nWe recommend that you upgrade your deluge packages.
\nHironori Sakamoto, one of the w3m developers, found two security\nvulnerabilities in w3m and associated programs. The w3m browser does\nnot properly escape HTML tags in frame contents and img alt\nattributes. A malicious HTML frame or img alt attribute may deceive a\nuser to send their local cookies which are used for configuration. The\ninformation is not leaked automatically, though.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.3.p23.3-1.5. Please note that the update also contains an\nimportant patch to make the program work on the powerpc platform again.
\nThe old stable distribution (potato) is not affected by these\nproblems.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.3.p24.17-3 and later.
\nWe recommend that you upgrade your w3mmee-ssl packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in the interpreter for the\nRuby language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nBen Murphy discovered that unrestricted entity expansion in REXML\n can lead to a Denial of Service by consuming all host memory.
William (B.J.) Snow Orvis discovered a vulnerability in the hostname\n checking in Ruby's SSL client that could allow man-in-the-middle\n attackers to spoof SSL servers via a crafted certificate issued by a\n trusted certification authority.
Charlie Somerville discovered that Ruby incorrectly handled floating\n point number conversion. If an application using Ruby accepted\n untrusted input strings and converted them to floating point\n numbers, an attacker able to provide such input could cause the\n application to crash or, possibly, execute arbitrary code with the\n privileges of the application.
For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.8.7.302-2squeeze2.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.7.358-7.1+deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7.358-9.
\nWe recommend that you upgrade your ruby1.8 packages.
\nSeveral security relevant problems have been discovered in lsh, the\nalternative secure shell v2 (SSH2) protocol server. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:
\nBennett Todd discovered a heap buffer overflow in lshd which could\n lead to the execution of arbitrary code.
\nNiels M\u00f6ller discovered a denial of service condition in lshd.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.2.5-2woody3.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.0.1-2.
\nWe recommend that you upgrade your lsh-server package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in WebKit, a Web content engine\nlibrary for GTK+. The Common Vulnerabilities and Exposures project identifies\nthe following problems:
\nWebKit does not properly handle dynamic modification of a text node, which\n allows remote attackers to execute arbitrary code or cause a denial of service\n (memory corruption and application crash) via a crafted HTML\n document.
The rendering implementation in WebKit allows remote attackers to cause a\n denial of service (memory corruption) or possibly have unspecified other\n impact via unknown vectors.
WebKit does not properly perform a cast of an unspecified variable during\n processing of an SVG <use> element, which allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via a crafted SVG\n document.
WebKit does not properly handle animated GIF images, which allows remote\n attackers to cause a denial of service (memory corruption) or possibly have\n unspecified other impact via a crafted image.
Use-after-free vulnerability in WebKit allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n involving SVG animations.
Use-after-free vulnerability in WebKit allows remote attackers to cause a\n denial of service via vectors related to the handling of mouse dragging\n events.
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in\n WebKit does not properly parse Cascading Style Sheets (CSS) token sequences,\n which allows remote attackers to cause a denial of service (out-of-bounds\n read) via a crafted local font, related to Type Confusion
.
WebKit does not properly perform cursor handling, which allows remote\n attackers to cause a denial of service or possibly have unspecified other\n impact via unknown vectors that lead to stale pointers
.
WebKit does not properly perform a cast of an unspecified variable during\n handling of anchors, which allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via a crafted HTML\n document.
WebKit does not properly restrict drag and drop operations, which might\n allow remote attackers to bypass the Same Origin Policy via unspecified\n vectors.
For the stable distribution (squeeze), these problems have been fixed\nin version 1.2.7-0+squeeze1.
\nFor the testing distribution (wheezy), and the unstable distribution (sid),\nthese problems have been fixed in version 1.2.7-1.
\nSecurity support for WebKit has been discontinued for the oldstable\ndistribution (lenny). The current version in oldstable is not supported by\nupstream anymore and is affected by several security issues. Backporting fixes\nfor these and any future issues has become unfeasible and therefore we need to\ndrop our security support for the version in oldstable.
\nWe recommend that you upgrade your webkit packages.
\nSeveral remote vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nCross-site scripting (XSS) vulnerability allows remote attackers to\n inject arbitrary web script or HTML via a crafted MySQL table name.
SQL injection vulnerability in the PDF schema generator functionality\n allows remote attackers to execute arbitrary SQL commands. This issue\n does not apply to the version in Debian 4.0 Etch.
Additionally, extra fortification has been added for the web based setup.php\nscript. Although the shipped web server configuration should ensure that\nthis script is protected, in practice this turned out not always to be the\ncase. The config.inc.php file is not writable anymore by the webserver user.\nSee README.Debian for details on how to enable the setup.php\nscript if and when you need it.
\nFor the old stable distribution (etch), these problems have been fixed in\nversion 2.9.1.1-13.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.2.2.1-1.
\nWe recommend that you upgrade your phpmyadmin package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been found in PostgreSQL-9.1, a SQL\ndatabase system.
\nJosh Kupershmidt discovered a vulnerability in the crypt() function\n in the pgCrypto extension. Certain invalid salt arguments can cause\n the server to crash or to disclose a few bytes of server memory.
A privilege escalation vulnerability for users of PL/Java was\n discovered. Certain custom configuration settings (GUCs) for PL/Java\n will now be modifiable only by the database superuser to mitigate\n this issue.
Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL\n processes specially crafted regular expressions. Very large\n character ranges in bracket expressions could cause infinite\n loops or memory overwrites. A remote attacker can exploit this\n flaw to cause a denial of service or, potentially, to execute\n arbitrary code.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 9.1.20-0+deb7u1.
\nWe recommend that you upgrade your postgresql-9.1 packages.
\nTwo SQL injection vulnerabilities have been found in proftpd, a\nvirtual-hosting FTP daemon. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nShino discovered that proftpd is prone to an SQL injection\n vulnerability via the use of certain characters in the username.
TJ Saunders discovered that proftpd is prone to an SQL injection\n vulnerability due to insufficient escaping mechanisms, when\n multybite character encodings are used.
For the stable distribution (lenny), these problems have been fixed in\nversion 1.3.1-17lenny1.
\nFor the oldstable distribution (etch), these problems will be fixed\nsoon.
\nFor the testing distribution (squeeze), these problems will be fixed\nsoon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.2-1.
\nWe recommend that you upgrade your proftpd-dfsg package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that the GD graphics library performs insufficient checks\nof the validity of GIF images, which might lead to denial of service by\ntricking the application into an infinite loop.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.0.33-1.1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.0.33-5.
\nWe recommend that you upgrade your libgd2 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in ProFTPD, a versatile,\nvirtual-hosting FTP daemon:
\nIncorrect handling of the ABOR command could lead to\n denial of service through elevated CPU consumption.
Several directory traversal vulnerabilities have been\n discovered in the mod_site_misc module.
A SQL injection vulnerability was discovered in the\n mod_sql module.
For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny6.
\nThe stable distribution (squeeze) and the unstable distribution (sid)\nare not affected, these vulnerabilities have been fixed prior to the\nrelease of Debian 6.0 (squeeze).
\nWe recommend that you upgrade your proftpd-dfsg packages.
\nGjoko Krstic of Zero Science Labs discovered that dcmtk, a collection\nof libraries implementing the DICOM standard, did not properly handle\nthe size of data received from the network. This could lead to\ndenial-of-service (via application crash) or arbitrary code execution.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.6.0-15+deb8u1.
\nFor the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 3.6.1~20160216-2.
\nWe recommend that you upgrade your dcmtk packages.
\nSteve Rigler discovered that the PAM module for authentication against\nLDAP servers processes PasswordPolicyReponse control messages incorrectly,\nwhich might lead to an attacker being able to login into a suspended\nsystem account.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 178-1sarge3. Due to technical problems with the security\nbuildd infrastructure this update lacks a build for the Sun Sparc\narchitecture. It will be released as soon as the problems are resolved.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 180-1.2.
\nWe recommend that you upgrade your libpam-ldap package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, would display the source to CGI scripts if their execution\nfailed in some circumstances.
\nFor the stable distribution (etch), this problem has been fixed in version\n1.4.13-4etch5.
\nFor the unstable distribution, this problem will be fixed soon.
\nWe recommend that you upgrade your lighttpd package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nStefan Esser discovered that a buffer overflow in the zip extension\n allows the execution of arbitrary code.
It was discovered that a buffer overflow in the xmlrpc extension\n allows the execution of arbitrary code.
The oldstable distribution (sarge) doesn't include php5.
\nFor the stable distribution (etch) these problems have been fixed\nin version 5.2.0-8+etch7.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 5.2.2-1.
\nWe recommend that you upgrade your PHP packages. Packages for the littleendian Mips architecture are not yet available, due to problems on the\nbuild host. They will be provided later.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nR\u00e9mi Denis-Courmont discovered that dbus, a message bus application,\nis not properly limiting the nesting level when examining messages with\nextensive nested variants. This allows an attacker to crash the dbus system\ndaemon due to a call stack overflow via crafted messages.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.1-5+lenny2.
\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.2.24-4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.24-4.
\nWe recommend that you upgrade your dbus packages.
\nSeveral security related problems have been discovered in Mozilla\nFirefox. The Common Vulnerabilities and Exposures project identifies\nthe following vulnerabilities:
\nWeb pages with extremely long titles cause subsequent launches of\n the browser to appear to \"hang\" for up to a few minutes, or even\n crash if the computer has insufficient memory. [MFSA-2006-03]
The JavaScript interpreter does not properly dereference objects,\n which allows remote attackers to cause a denial of service or\n execute arbitrary code. [MFSA-2006-01]
The function allocation code allows attackers to cause a denial of\n service and possibly execute arbitrary code. [MFSA-2006-01]
XULDocument.persist() did not validate the attribute name,\n allowing an attacker to inject arbitrary XML and JavaScript code\n into localstore.rdf that would be read and acted upon during\n startup. [MFSA-2006-05]
An anonymous researcher for TippingPoint and the Zero Day\n Initiative reported that an invalid and nonsensical ordering of\n table-related tags can be exploited to execute arbitrary code.\n [MFSA-2006-27]
A particular sequence of HTML tags can cause memory corruption\n that can be exploited to execute arbitrary code. [MFSA-2006-18]
Georgi Guninski reported two variants of using scripts in an XBL\n control to gain chrome privileges when the page is viewed under\n \"Print Preview\". [MFSA-2006-25]
\"shutdown\" discovered that the crypto.generateCRMFRequest method\n can be used to run arbitrary code with the privilege of the user\n running the browser, which could enable an attacker to install\n malware. [MFSA-2006-24]
Claus J\u00f8rgensen reported that a text input box can be pre-filled\n with a filename and then turned into a file-upload control,\n allowing a malicious website to steal any local file whose name\n they can guess. [MFSA-2006-23]
An anonymous researcher for TippingPoint and the Zero Day\n Initiative discovered an integer overflow triggered by the CSS\n letter-spacing property, which could be exploited to execute\n arbitrary code. [MFSA-2006-22]
\"moz_bug_r_a4\" discovered that some internal functions return\n prototypes instead of objects, which allows remote attackers to\n conduct cross-site scripting attacks. [MFSA-2006-19]
\"shutdown\" discovered that it is possible to bypass same-origin\n protections, allowing a malicious site to inject script into\n content from another site, which could allow the malicious page to\n steal information such as cookies or passwords from the other\n site, or perform transactions on the user's behalf if the user\n were already logged in. [MFSA-2006-17]
\"moz_bug_r_a4\" discovered that the compilation scope of privileged\n built-in XBL bindings is not fully protected from web content and\n can still be executed which could be used to execute arbitrary\n JavaScript, which could allow an attacker to install malware such\n as viruses and password sniffers. [MFSA-2006-16]
\"shutdown\" discovered that it is possible to access an internal\n function object which could then be used to run arbitrary\n JavaScript code with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-15]
It is possible to create JavaScript functions that would get\n compiled with the wrong privileges, allowing an attacker to run\n code of their choice with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-14]
It is possible to trick users into downloading and saving an\n executable file via an image that is overlaid by a transparent\n image link that points to the executable. [MFSA-2006-13]
An integer overflow allows remote attackers to cause a denial of\n service and possibly execute arbitrary bytecode via JavaScript\n with a large regular expression. [MFSA-2006-11]
An unspecified vulnerability allows remote attackers to cause a\n denial of service. [MFSA-2006-11]
Certain Cascading Style Sheets (CSS) can cause an out-of-bounds\n array write and buffer overflow that could lead to a denial of\n service and the possible execution of arbitrary code. [MFSA-2006-11]
It is possible for remote attackers to spoof secure site\n indicators such as the locked icon by opening the trusted site in\n a popup window, then changing the location to a malicious site.\n [MFSA-2006-12]
\"shutdown\" discovered that it is possible to inject arbitrary\n JavaScript code into a page on another site using a modal alert to\n suspend an event handler while a new page is being loaded. This\n could be used to steal confidential information. [MFSA-2006-09]
Igor Bukanov discovered that the JavaScript engine does not\n properly handle temporary variables, which might allow remote\n attackers to trigger operations on freed memory and cause memory\n corruption. [MFSA-2006-10]
A regression fix that could lead to memory corruption allows\n remote attackers to cause a denial of service and possibly execute\n arbitrary code. [MFSA-2006-11]
For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge6.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.5.dfsg+1.5.0.2-2.
\nWe recommend that you upgrade your Mozilla Firefox packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA buffer overflow has been discovered in the Socks-5 proxy code of\nXChat, an IRC client for X similar to AmIRC. This allows an attacker\nto execute arbitrary code on the users' machine.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.8.9-0woody3.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.0.8-1.
\nWe recommend that you upgrade your xchat and related packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo vulnerabilities were discovered in tomcat7, a servlet and JSP\nengine.
\nPipelined requests were processed incorrectly, which could result in\n some responses appearing to be sent for the wrong request.
Some application listeners calls were issued against the wrong\n objects, allowing untrusted applications running under a\n SecurityManager to bypass that protection mechanism and access or\n modify information associated with other web applications.
For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u10.
\nFor the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 7.0.72-3.
\nWe recommend that you upgrade your tomcat7 packages.
\nSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:
\nJouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC\n code which can lead to denial of service (crashes and high cpu\n consumption) and man-in-the-middle attacks.
Stefan Metzmacher of SerNet and the Samba Team discovered that the\n feature negotiation of NTLMSSP does not protect against downgrade\n attacks.
When Samba is configured as domain controller, it allows remote\n attackers to spoof the computer name of a secure channel's endpoint,\n and obtain sensitive session information. This flaw corresponds to\n the same vulnerability as CVE-2015-0005 for Windows, discovered by\n Alberto Solino from Core Security.
Stefan Metzmacher of SerNet and the Samba Team discovered that a\n man-in-the-middle attacker can downgrade LDAP connections to avoid\n integrity protection.
Stefan Metzmacher of SerNet and the Samba Team discovered that\n man-in-the-middle attacks are possible for client triggered LDAP\n connections and ncacn_http connections.
Stefan Metzmacher of SerNet and the Samba Team discovered that Samba\n does not enforce required smb signing even if explicitly configured.
Stefan Metzmacher of SerNet and the Samba Team discovered that SMB\n connections for IPC traffic are not integrity-protected.
Stefan Metzmacher of SerNet and the Samba Team discovered that a\n man-in-the-middle attacker can intercept any DCERPC traffic between\n a client and a server in order to impersonate the client and obtain\n the same privileges as the authenticated user account.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.6.6-6+deb7u9. The oldstable distribution is not affected\nby CVE-2016-2113 and CVE-2016-2114.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading\nto the new upstream version 4.2.10, which includes additional changes\nand bugfixes. The depending libraries ldb, talloc, tdb and tevent\nrequired as well an update to new upstream versions for this update.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.3.7+dfsg-1.
\nPlease refer to
\nfor further details (in particular for new options and defaults).
\nWe'd like to thank Andreas Schneider and Guenther Deschner (Red Hat),\nStefan Metzmacher and Ralph Boehme (SerNet) and Aurelien Aptel (SUSE)\nfor the massive backporting work required to support Samba 3.6 and Samba\n4.2 and Andrew Bartlett (Catalyst), Jelmer Vernooij and Mathieu Parent\nfor their help in preparing updates of Samba and the underlying\ninfrastructure libraries.
\nWe recommend that you upgrade your samba packages.
\nThe KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.
\nBy carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.
\nFor the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-3.2.
\nThe old stable distribution (potato) does not contain KDE packages.
\nFor the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.
\nWe recommend that you upgrade your KDE packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, sensitive memory leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nSolar Designer discovered a missing capability check in the\n z90crypt driver or s390 systems. This vulnerability may allow\n a local user to gain elevated privileges.
Arjan van de Ven discovered an issue in the AX.25 protocol\n implementation. A specially crafted call to setsockopt() can\n result in a denial of service (kernel oops).
Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE\n 802.2 LLC implementation. This is not exploitable in the Debian\n lenny kernel as root privileges are required to exploit this\n issue.
Eric Dumazet fixed several sensitive memory leaks in the IrDA,\n X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area\n Network (CAN) implementations. Local users can exploit these\n issues to gain access to kernel memory.
Eric Dumazet reported an instance of uninitialized kernel memory\n in the network packet scheduler. Local users may be able to\n exploit this issue to read the contents of sensitive kernel\n memory.
Linus Torvalds provided a change to the get_random_int() function\n to increase its randomness.
Eric Paris discovered an issue with the NFSv4 server\n implementation. When an O_EXCL create fails, files may be left\n with corrupted permissions, possibly granting unintentional\n privileges to other local users.
Earl Chew discovered a NULL pointer dereference issue in the\n pipe_rdwr_open function which can be used by local users to gain\n elevated privileges.
Jiri Pirko discovered a typo in the initialization of a structure\n in the netlink subsystem that may allow local users to gain access\n to sensitive kernel memory.
Tomoki Sekiyama discovered a deadlock condition in the UNIX domain\n socket implementation. Local users can exploit this vulnerability\n to cause a denial of service (system hang).
For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-26etch1.
\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.
\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.
\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | Debian 4.0 (etch) |
---|---|
fai-kernels | 1.17+etch.26etch1 |
user-mode-linux | 2.6.18-1um-2etch.26etch1 |
MD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA vulnerability has been discovered in horde2, a web application\nsuite, that allows attackers to insert arbitrary script code into the\nerror web page.
\nThe old stable distribution (woody) does not contain horde2 packages.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.2.8-1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.2.9-1.
\nWe recommend that you upgrade your horde2 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that Tk, a cross-platform graphical toolkit for Tcl,\nperforms insufficient input validation in the code used to load GIF\nimages, which may lead to the execution of arbitrary code.
\nFor the old stable distribution (sarge), this problem has been fixed\nin version 8.4.9-1sarge1.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 8.4.12-1etch1.
\nWe recommend that you upgrade your tk8.4 packages. Updated packages for\nsparc will be provided later.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nDavid Wheeler discovered a buffer overflow in ldns's code to parse\nRR records, which could lead to the execution of arbitrary code.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.0-1+lenny2.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.6-2+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.11-1.
\nWe recommend that you upgrade your ldns packages.
\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.46. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.5.46-0+deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.46-0+deb8u1.
\nWe recommend that you upgrade your mysql-5.5 packages.
\nSeveral vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:
\nGunnar Wrobel discovered a directory traversal vulnerability, which\nallows attackers to include and execute arbitrary local files via the\ndriver parameter in Horde_Image.
It was discovered that an attacker could perform a cross-site scripting\nattack via the contact name, which allows attackers to inject arbitrary\nhtml code. This requires that the attacker has access to create\ncontacts.
It was discovered that the horde XSS filter is prone to a cross-site\nscripting attack, which allows attackers to inject arbitrary html code.\nThis is only exploitable when Internet Explorer is used.
For the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch5.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2, which was already included in the lenny\nrelease.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.2.2+debian0-2.
\nWe recommend that you upgrade your horde3 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that aircrack-ng, a WEP/WPA security analysis tool,\nperforms insufficient validation of 802.11 authentication packets, which\nallows the execution of arbitrary code.
\nThe oldstable distribution (sarge) doesn't contain aircrack-ng packages.
\nFor the stable distribution (etch) this problem has been fixed in\nversion 0.6.2-7etch1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.7-3.
\nWe recommend that you upgrade your aircrack-ng packages. Packages for\nthe arm, sparc, mips and mipsel architectures are not yet available. They\nwill be provided later.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTobias Stoeckmann discovered that cache files are insufficiently\nvalidated in fontconfig, a generic font configuration library. An\nattacker can trigger arbitrary free() calls, which in turn allows double\nfree attacks and therefore arbitrary code execution. In combination with\nsetuid binaries using crafted cache files, this could allow privilege\nescalation.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.11.0-6.3+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.11.0-6.5.
\nWe recommend that you upgrade your fontconfig packages.
\nIt was discovered that BIND, a DNS server, contains a race condition\nwhen processing zones updates in an authoritative server, either\nthrough dynamic DNS updates or incremental zone transfer (IXFR). Such\nan update while processing a query could result in deadlock and denial\nof service.\n(CVE-2011-0414)
\nIn addition, this security update addresses a defect related to the\nprocessing of new DNSSEC DS records by the caching resolver, which may\nlead to name resolution failures in the delegated zone. If DNSSEC\nvalidation is enabled, this issue can make domains ending in .COM\nunavailable when the DS record for .COM is added to the DNS root zone\non March 31st, 2011. An unpatched server which is affected by this\nissue can be restarted, thus re-enabling resolution of .COM domains.\nThis workaround applies to the version in oldstable, too.
\nConfigurations not using DNSSEC validations are not affected by this\nsecond issue.
\nFor the oldstable distribution (lenny), the DS record issue has been\nfixed in version 1:9.6.ESV.R4+dfsg-0+lenny1.\n(CVE-2011-0414 does not affect the lenny version.)
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze1.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1:9.7.3.dfsg-1.
\nWe recommend that you upgrade your bind9 packages.
\nThis has been fixed in version 0.61.1-4.1 of the Debian package, and\nupstream version 0.65.1. We recommend that you update your Window\nMaker package immediately.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMark Litchfield found a denial of service attack in the Apache\nweb-server. While investigating the problem the Apache Software\nFoundation discovered that the code for handling invalid requests which\nuse chunked encoding also might allow arbitrary code execution.
\nThis has been fixed in version 1.3.9-14.1-1.21.20000309-1 of the Debian\napache-perl package and we recommend that you upgrade your apache-perl\npackage immediately.
\nAn update for the soon to be released Debian GNU/Linux 3.0/woody\ndistribution will be available soon.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nBas Wijnen discovered that the gnocatan server is vulnerable to\nseveral buffer overflows which could be exploited to execute arbitrary\ncode on the server system.
\nFor the stable distribution (woody), this problem has been fixed in\nversion 0.6.1-5woody2.
\nThe old stable distribution (potato) does not contain a gnocatan package.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you update your gnocatan package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nIt was discovered that wordpress is prone to an open redirect\nvulnerability which allows remote attackers to conduct phishing atacks.
It was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack.
It was discovered that wordpress lacks authentication checks in the\nplugin configuration, which might leak sensitive information.
It was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions.
It was discovered that the administrator interface is prone to a\ncross-site scripting attack.
It was discovered that remote attackers can gain privileges via certain\ndirect requests.
It was discovered that the _bad_protocol_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting\nattacks.
It was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user.
It was discovered that the get_category_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code.
It was discovered that the _httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell\nmetacharacters in https URLs.
It was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform\nattacks via crafted cookies.
\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch4.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1.
\nWe recommend that you upgrade your wordpress packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that the mutt mail reader performs insufficient\nvalidation of values returned from an IMAP server, which might overflow\na buffer and potentially lead to the injection of arbitrary code.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.5.9-2sarge2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.5.11+cvs20060403-2.
\nWe recommend that you upgrade your mutt package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Common Unix\nPrinting System (CUPS). The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nBuffer overflows in the HP-GL input filter allowed to possibly run\n arbitrary code through crafted HP-GL files.
Buffer overflow in the GIF filter allowed to possibly run arbitrary\n code through crafted GIF files.
Integer overflows in the PNG filter allowed to possibly run arbitrary\n code through crafted PNG files.
For the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch4 of package cupsys.
\nFor the testing (lenny) and unstable distribution (sid), these problems\nhave been fixed in version 1.3.7-2 of package cups.
\nWe recommend that you upgrade your cupsys package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJoxean Koret discovered that the Python SVG import plugin in dia, a\nvector-oriented diagram editor, does not properly sanitise data read\nfrom an SVG file and is hence vulnerable to execute arbitrary Python\ncode.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.94.0-7sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.94.0-15.
\nWe recommend that you upgrade your dia package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nJedediah Smith reported that the WSGI environ in Django does not\n distinguish between headers containing dashes and headers containing\n underscores. A remote attacker could use this flaw to spoof WSGI\n headers.
Mikko Ohtamaa discovered that the django.util.http.is_safe_url()\n function in Django does not properly handle leading whitespaces in\n user-supplied redirect URLs. A remote attacker could potentially use\n this flaw to perform a cross-site scripting attack.
Alex Gaynor reported a flaw in the way Django handles reading files\n in the django.views.static.serve() view. A remote attacker could\n possibly use this flaw to mount a denial of service via resource\n consumption.
For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.5-1+deb7u9.
\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.7.1-1.1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.7.1-1.1.
\nWe recommend that you upgrade your python-django packages.
\nThe security update DSA 761-1 for heartbeat contained a bug which caused a\nregression. \u00a0This problem is corrected with this advisory. \u00a0For\ncompleteness below please find the original advisory text:
\n\n\nEric Romang discovered several insecure temporary file creations in\nheartbeat, the subsystem for High-Availability Linux.
\n
For the old stable distribution (woody) these problems have been fixed in\nversion 0.4.9.0l-7.3.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.2.3-9sarge3.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.2.3-12.
\nWe recommend that you upgrade your heartbeat package.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nGerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an\nIPSec implementation for linux, is prone to a denial of service attack\nvia a malicious packet.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.8.0+dfsg-1+etch1.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 4.2.4-5+lenny1.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.
\nWe recommend that you upgrade your strongswan packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo security vulnerabilities related to EXIF processing were\ndiscovered in ImageMagick, a suite of programs to manipulate images.
\nWhen parsing a maliciously crafted image with incorrect offset\n\tand count in the ResolutionUnit tag in EXIF IFD0, ImageMagick\n\twrites two bytes to an invalid address.
Parsing a maliciously crafted image with an IFD whose all IOP\n\ttags value offsets point to the beginning of the IFD itself\n\tresults in an endless loop and a denial of service.
For the stable distribution (squeeze), these problems have been fixed\nin version 8:6.6.0.4-3+squeeze1.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 8:6.6.9.7-6.
\nWe recommend that you upgrade your imagemagick packages.
\nShadowman131 discovered that jqueryui, a JavaScript UI library for\ndynamic web applications, failed to properly sanitize its title
\noption. This would allow a remote attacker to inject arbitrary code\nthrough cross-site scripting.
For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.8.ooops.21+dfsg-2+deb7u1.
\nFor the stable distribution (jessie), testing distribution (stretch)\nand unstable distribution (sid), this problem has been fixed in\nversion 1.10.1+dfsg-1.
\nWe recommend that you upgrade your jqueryui packages.
\nA denial of service condition has been discovered in bluez-hcidump, a\nutility that analyses Bluetooth HCI packets, which can be triggered\nremotely.
\nThe old stable distribution (woody) does not contain bluez-hcidump packages.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.17-1sarge1
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.30-1.
\nWe recommend that you upgrade your bluez-hcidump package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in phpgroupware, a web\nbased groupware system written in PHP. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nStefan Esser discovered another vulnerability in the XML-RPC\n libraries that allows injection of arbitrary PHP code into eval()\n statements. The XMLRPC component has been disabled.
\nAlexander Heidenreich discovered a cross-site scripting problem\n in the tree view of FUD Forum Bulletin Board Software, which is\n also present in phpgroupware.
\nA global cross-site scripting fix has also been included that\n protects against potential malicious scripts embedded in CSS and\n xmlns in various parts of the application and modules.
\nThis update also contains a postinst bugfix that has been approved for\nthe next update to the stable release.
\nFor the old stable distribution (woody) these problems don't apply.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.16.005-3.sarge2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.9.16.008.
\nWe recommend that you upgrade your phpgroupware packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nQualys Vulnerability & Malware Research Labs discovered a vulnerability in\nModSecurity, a security module for the Apache webserver. In situations where\nboth Content:Disposition: attachment
and Content-Type: multipart
were\npresent in HTTP headers, the vulnerability could allow an attacker to bypass\npolicy and execute cross-site script (XSS) attacks through properly crafted\nHTML documents.
For the stable distribution (squeeze), this problem has been fixed in\nversion 2.5.12-1+squeeze1.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.6.6-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.6-1.
\nIn testing and unstable distribution, the source package has been renamed to\nmodsecurity-apache.
\nWe recommend that you upgrade your libapache-mod-security packages.
\nIt was discovered that applications using the mesa library, a free\nimplementation of the OpenGL API, may crash or execute arbitrary code\ndue to an out of bounds memory access in the library.\nThis vulnerability only affects systems with Intel chipsets.
\nThe oldstable distribution (squeeze) is not affected by this problem.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 8.0.5-4+deb7u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.0.5-7.
\nWe recommend that you upgrade your mesa packages.
\nStefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool\nto build tag file indexes of source code definitions: Certain JavaScript\nfiles cause ctags to enter an infinite loop until it runs out of disk\nspace, resulting in denial of service.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:5.9~svn20110310-4+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1:5.9~svn20110310-8.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:5.9~svn20110310-8.
\nWe recommend that you upgrade your exuberant-ctags packages.
\n[Bind version 9, the bind9 package, is not affected by these problems.]
\nISS X-Force has discovered several serious vulnerabilities in the Berkeley\nInternet Name Domain Server (BIND). BIND is the most common implementation\nof the DNS (Domain Name Service) protocol, which is used on the vast\nmajority of DNS servers on the Internet. DNS is a vital Internet protocol\nthat maintains a database of easy-to-remember domain names (host names) and\ntheir corresponding numerical IP addresses.
\nCircumstantial evidence suggests that the Internet Software Consortium\n(ISC), maintainers of BIND, was made aware of these issues in mid-October.\nDistributors of Open Source operating systems, including Debian, were\nnotified of these vulnerabilities via CERT about 12 hours before the release\nof the advisories on November 12th. This notification did not include any\ndetails that allowed us to identify the vulnerable code, much less prepare\ntimely fixes.
\nUnfortunately ISS and the ISC released their security advisories with only\ndescriptions of the vulnerabilities, without any patches. Even though there\nwere no signs that these exploits are known to the black-hat community, and\nthere were no reports of active attacks, such attacks could have been\ndeveloped in the meantime - with no fixes available.
\nWe can all express our regret at the inability of the ironically named\nInternet Software Consortium to work with the Internet community in handling\nthis problem. Hopefully this will not become a model for dealing with\nsecurity issues in the future.
\nThe Common Vulnerabilities and Exposures (CVE) project identified the\nfollowing vulnerabilities:
\nThese problems have been fixed in version 8.3.3-2.0woody1 for the current\nstable distribution (woody), in version 8.2.3-0.potato.3 for the previous stable\ndistribution (potato) and in version 8.3.3-3 for the unstable distribution\n(sid). The fixed packages for unstable will enter the archive today.
\nWe recommend that you upgrade your bind package immediately, update to\nbind9, or switch to another DNS server implementation.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:
\nJan Beulich from SUSE discovered that Xen does not properly honor\n CR0.TS and CR0.EM for x86 HVM guests, potentially allowing guest\n users to read or modify FPU, MMX, or XMM register state information\n belonging to arbitrary tasks on the guest by modifying an\n instruction while the hypervisor is preparing to emulate it.
Daniel Richman and Gabor Szarka of the Cambridge University\n Student-Run Computing Facility discovered that pygrub, the boot\n loader emulator, fails to quote (or sanity check) its results when\n reporting them to its caller. A malicious guest administrator can\n take advantage of this flaw to cause an information leak or denial\n of service.
Jan Beulich of SUSE discovered that Xen does not properly handle x86\n task switches to VM86 mode. A unprivileged guest process can take\n advantage of this flaw to crash the guest or, escalate its\n privileges to that of the guest operating system.
George Dunlap of Citrix discovered that the Xen x86 64-bit bit test\n instruction emulation is broken. A malicious guest can take\n advantage of this flaw to modify arbitrary memory, allowing for\n arbitrary code execution, denial of service (host crash), or\n information leaks.
Andrew Cooper of Citrix discovered that Xen's x86 segment base write\n emulation lacks canonical address checks. A malicious guest\n administrator can take advantage of this flaw to crash the host,\n leading to a denial of service.
Andrew Cooper of Citrix discovered that x86 null segments are not\n always treated as unusable. An unprivileged guest user program\n may be able to elevate its privilege to that of the guest\n operating system.
For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u8.
\nWe recommend that you upgrade your xen packages.
\nHelmut Grohne discovered that denyhosts, a tool preventing SSH\nbrute-force attacks, could be used to perform remote denial of service\nagainst the SSH daemon. Incorrectly specified regular expressions used\nto detect brute force attacks in authentication logs could be exploited\nby a malicious user to forge crafted login names in order to make\ndenyhosts ban arbitrary IP addresses.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6-7+deb6u2.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.6-10+deb7u2.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 2.6-10.1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6-10.1.
\nWe recommend that you upgrade your denyhosts packages.
\nSeveral vulnerabilities have been fixed in phpMyAdmin, the web-based\nMySQL administration interface.
\nThe suggestPassword function relied on a non-secure random number\n generator which makes it easier for remote attackers to guess\n generated passwords via a brute-force approach.
CSRF token values were generated by a non-secure random number\n generator, which allows remote attackers to bypass intended access\n restrictions by predicting a value.
Multiple cross-site scripting (XSS) vulnerabilities allow remote\n authenticated users to inject arbitrary web script or HTML.
phpMyAdmin does not use a constant-time algorithm for comparing\n CSRF tokens, which makes it easier for remote attackers to bypass\n intended access restrictions by measuring time differences.
Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.
Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.
Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.
For installations running on plain HTTP, phpMyAdmin allows remote\n attackers to conduct BBCode injection attacks against HTTP sessions\n via a crafted URI.
Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.
phpMyAdmin allows remote attackers to cause a denial of service\n (resource consumption) via a large array in the scripts parameter.
A cross-site scripting (XSS) vulnerability allows remote\n attackers to inject arbitrary web script or HTML.
Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.
A specially crafted Transformation could leak information which\n a remote attacker could use to perform cross site request forgeries.
For the stable distribution (jessie), these problems have been fixed in\nversion 4:4.2.12-2+deb8u2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:4.6.3-1.
\nWe recommend that you upgrade your phpmyadmin packages.
\nEd Moyle recently\nfound a buffer overflow in Apache-SSL and mod_ssl.\nWith session caching enabled, mod_ssl will serialize SSL session\nvariables to store them for later use. These variables were stored in\na buffer of a fixed size without proper boundary checks.
\nTo exploit the overflow, the server must be configured to require client\ncertificates, and an attacker must obtain a carefully crafted client\ncertificate that has been signed by a Certificate Authority which is\ntrusted by the server. If these conditions are met, it would be possible\nfor an attacker to execute arbitrary code on the server.
\nThis problem has been fixed in version 1.3.9.13-4 of Apache-SSL and\nversion 2.4.10-1.3.9-1potato1 of libapache-mod-ssl for the stable\nDebian distribution as well as in version 1.3.23.1+1.47-1 of\nApache-SSL and version 2.8.7-1 of libapache-mod-ssl for the testing\nand unstable distribution of Debian.
\nWe recommend that you upgrade your Apache-SSL and mod_ssl packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the bypass of\nJava sandbox restrictions, denial of service, arbitrary code execution,\nincorrect parsing of URLs/LDAP DNs or cryptographic timing side channel\nattacks.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7u121-2.6.8-2~deb8u1.
\nWe recommend that you upgrade your openjdk-7 packages.
\nNick Brunn reported a possible cross-site scripting vulnerability in\npython-django, a high-level Python web development framework.
\nThe is_safe_url utility function used to validate that a used URL is on\nthe current host to avoid potentially dangerous redirects from\nmaliciously-constructed querystrings, worked as intended for HTTP and\nHTTPS URLs, but permitted redirects to other schemes, such as\njavascript:.
\nThe is_safe_url function has been modified to properly recognize and\nreject URLs which specify a scheme other than HTTP or HTTPS, to prevent\ncross-site scripting attacks through redirecting to other schemes.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze6.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.5-1+deb7u2.
\nFor the testing distribution (jessie) and the unstable distribution\n(sid), this problem has been fixed in version 1.5.2-1.
\nWe recommend that you upgrade your python-django packages.
\nIt was discovered that an integer overflow in the \"Probe Request\" packet\nparser of the Ralinktech wireless drivers might lead to remote denial of\nservice or the execution of arbitrary code.
\nPlease note that you need to rebuild your driver from the source\npackage in order to set this update into effect. Detailed\ninstructions can be found in /usr/share/doc/rt2570-source/README.Debian
\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.1.0+cvs20060620-3+etch1.
\nFor the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version\n1.1.0+cvs20080623-2.
\nWe recommend that you upgrade your rt2570 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-7.
\nFor the upcoming stable version (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version 3.5.15-1.
\nFor the experimental distribution, these problems have been fixed in\nversion 3.6.13-1.
\nWe recommend that you upgrade your xulrunner packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTavis Ormandy discovered that the Tag Image File Format (TIFF) library\nis vulnerable to a buffer overflow triggered by a crafted OJPEG file\nwhich allows for a crash and potentially execution of arbitrary code.
\nThe oldstable distribution (lenny) is not affected by this problem.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze2.
\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 3.9.5-1.
\nWe recommend that you upgrade your tiff packages.
\nA buffer overflow has been discovered in ethereal, a commonly used\nnetwork traffic analyser that causes a denial of service and may\npotentially allow the execution of arbitrary code.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.9.4-1woody14.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.10.10-2sarge3.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your ethereal packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities have been discovered in the GD Graphics Library,\nwhich may result in denial of service or potentially the execution of\narbitrary code if a malformed file is processed.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-5+deb8u7.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your libgd2 packages.
\nAccording to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several vulnerabilities have been found in the Apache\npackage, a commonly used webserver. Most of the code is shared\nbetween the Apache and Apache-SSL packages, so vulnerabilities are\nshared as well. These vulnerabilities could allow an attacker to\nenact a denial of service against a server or execute a cross\nscripting attack, or steal cookies from other web site users.\nVulnerabilities in the included legacy programs htdigest, htpasswd and\nApacheBench can be exploited when called via CGI. Additionally the\ninsecure temporary file creation in htdigest and htpasswd can also be\nexploited locally. The Common Vulnerabilities and Exposures (CVE)\nproject identified the following vulnerabilities:
\nThis is the same vulnerability as CAN-2002-1233, which was fixed in\n potato already but got lost later and was never applied upstream.\n (binaries not included in apache-ssl package though)
These problems have been fixed in version 1.3.26.1+1.48-0woody3 for\nthe current stable distribution (woody) and in 1.3.9.13-4.2 for the\nold stable distribution (potato). Corrected packages for the unstable\ndistribution (sid) are expected soon.
\nWe recommend that you upgrade your Apache-SSL package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMultiple vulnerabilities have been discovered in Drupal, a\nfully-featured content management framework. The Common Vulnerabilities\nand Exposures project identifies the following issues:
\nChristian Mainka and Vladislav Mladenov reported a vulnerability\n in the OpenID module that allows a malicious user to log in as\n other users on the site, including administrators, and hijack\n their accounts.
Matt Vance and Damien Tournoud reported an access bypass\n vulnerability in the taxonomy module. Under certain circumstances,\n unpublished content can appear on listing pages provided by the\n taxonomy module and will be visible to users who should not have\n permission to see it.
These fixes require extra updates to the database which can be done from\nthe administration pages. Furthermore this update introduces a new\nsecurity hardening element for the form API. Please refer to the\nupstream advisory at drupal.org/SA-CORE-2014-001 for further\ninformation.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.14-2+deb7u2.
\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.26-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.26-1.
\nWe recommend that you upgrade your drupal7 packages.
\nVinny Guido discovered that multiple input sanitising vulnerabilities\nin Fckeditor, a rich text web editor component, may lead to the\nexecution of arbitrary code.
\nThe old stable distribution (etch) doesn't contain fckeditor.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1:2.6.2-1lenny1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.6.4.1-1.
\nWe recommend that you upgrade your fckeditor package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was reported that a race condition exists in libnss-ldap, an\nNSS module for using LDAP as a naming service, which could cause\ndenial of service attacks if applications use pthreads.
\nThis problem was spotted in the dovecot IMAP/POP server but\npotentially affects more programs.
\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 238-1sarge1.
\nFor the stable distribution (etch), this problem has been fixed in version\n251-7.5etch1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 256-1.
\nWe recommend that you upgrade your libnss-ldap package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt has been discovered, that cpio, a program to manage archives of\nfiles, creates output files with -O and -F with broken permissions due\nto a reset zero umask which allows local users to read or overwrite\nthose files.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.4.2-39woody1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your cpio package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThe latest security updates of Mozilla Thunderbird introduced a\nregression that led to a dysfunctional attachment panel which warrants\na correction to fix this issue. For reference please find below the\noriginal advisory text:
\n\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:
\n\n
\n- CVE-2006-2779\n
\nMozilla team members discovered several crashes during testing of\n the browser engine showing evidence of memory corruption which may\n also lead to the execution of arbitrary code. The last bit of\n this problem will be corrected with the next update. You can\n prevent any trouble by disabling Javascript. [MFSA-2006-32]
- CVE-2006-3805\n
\nThe Javascript engine might allow remote attackers to execute\n arbitrary code. [MFSA-2006-50]
- CVE-2006-3806\n
\nMultiple integer overflows in the Javascript engine might allow\n remote attackers to execute arbitrary code. [MFSA-2006-50]
- CVE-2006-3807\n
\nSpecially crafted Javascript allows remote attackers to execute\n arbitrary code. [MFSA-2006-51]
- CVE-2006-3808\n
\nRemote Proxy AutoConfig (PAC) servers could execute code with elevated\n privileges via a specially crafted PAC script. [MFSA-2006-52]
- CVE-2006-3809\n
\nScripts with the UniversalBrowserRead privilege could gain\n UniversalXPConnect privileges and possibly execute code or obtain\n sensitive data. [MFSA-2006-53]
- CVE-2006-3810\n
\nA cross-site scripting vulnerability allows remote attackers to\n inject arbitrary web script or HTML. [MFSA-2006-54]
For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8b.2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.5.0.5-1.
\nWe recommend that you upgrade your mozilla-thunderbird package.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.26. Please see the MariaDB 10.0 Release Notes for further\ndetails:
\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.26-0+deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.26-1.
\nWe recommend that you upgrade your mariadb-10.0 packages.
\nYan Rong Ge discovered that wrong permissions on a shared memory page\nin heartbeat, the subsystem for High-Availability Linux could be\nexploited by a local attacker to cause a denial of service.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.2.3-9sarge5.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your heartbeat packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nzen-parse found a vulnerability in the XChat IRC client that allows an\nattacker to take over the users IRC session.
\nIt is possible to trick XChat IRC clients into sending arbitrary\ncommands to the IRC server they are on, potentially allowing social\nengineering attacks, channel takeovers, and denial of service. This\nproblem exists in versions 1.4.2 and 1.4.3. Later versions of XChat\nare vulnerable as well, but this behaviour is controlled by the\nconfiguration variable \u00bbpercascii\u00ab, which defaults to 0. If it is set\nto 1 then the problem becomes apparent in 1.6/1.8 as well.
\nThis problem has been fixed in upstream version 1.8.7 and in version\n1.4.3-1 for the current stable Debian release (2.2) with a patch\nprovided from the upstream author Peter Zelezny. We recommend that\nyou upgrade your XChat packages immediately, since this problem is\nalready actively being exploited.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nBastian Blank reported a denial of service vulnerability in\nEmail::Address, a Perl module for RFC 2822 address parsing and creation.\nEmail::Address::parse used significant time on parsing empty quoted\nstrings. A remote attacker able to supply specifically crafted input to\nan application using Email::Address for parsing, could use this flaw to\nmount a denial of service attack against the application.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.895-1+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.905-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.905-1.
\nWe recommend that you upgrade your libemail-address-perl packages.
\nBoth problems have been fixed in version 1.0.6-0potato1.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nAnsgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple\nvulnerabilities in DTC, a web control panel for admin and accounting\nhosting services:
\nA possible shell insertion has been found in the mailing list\n handling.
Unix rights for the apache2.conf were set incorrectly (world\n readable).
Incorrect input sanitising for the $_SERVER[\"addrlink\"] parameter\n could lead to SQL insertion.
DTC was using the -b option of htpasswd, possibly revealing\n password in clear text using ps or reading /proc.
A possible HTML/JavaScript insertion vulnerability has been found\n in the DNS & MX section of the user panel.
This update also fixes several vulnerabilities, for which no CVE ID\nhas been assigned:
\nIt has been discovered that DTC performs insufficient input sanitising\nin the package installer, leading to possible unwanted destination\ndirectory for installed packages if some DTC application packages\nare installed (note that these aren't available in Debian main).
\nDTC was setting-up /etc/sudoers with permissive sudo rights to\nchrootuid.
\nIncorrect input sanitizing in the package installer could lead to\nSQL insertion.
\nA malicious user could enter a specially crafted support ticket\nsubject leading to an SQL injection in the draw_user_admin.php.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.29.18-1+lenny2.
\nThe stable distribution (squeeze) doesn't include dtc.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.34.1-1.
\nWe recommend that you upgrade your dtc packages.
\nA vulnerability has been found in SPIP, a website engine for publishing,\nwhich allows a malicious registered author to disconnect the website\nfrom its database, resulting in denial of service.
\nThe oldstable distribution (lenny) doesn't include spip.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.1-3squeeze1.
\nThe unstable distribution (sid) will be fixed soon.
\nWe recommend that you upgrade your spip packages.
\nSeveral vulnerabilities were discovered in Ghostscript, the GPL\nPostScript/PDF interpreter, which may lead to the execution of arbitrary\ncode or denial of service if a specially crafted Postscript file is\nprocessed.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 9.06~dfsg-2+deb8u5.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.20~dfsg-3.1 or earlier versions.
\nWe recommend that you upgrade your ghostscript packages.
\nIt was discovered that a buffer overflow in the GIF image parsing code\nof Tk, a cross-platform graphical toolkit, could lead to a denial of\nservice and potentially the execution of arbitrary code.
\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 8.4.9-1sarge2.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 8.4.12-1etch2.
\nWe recommend that you upgrade your tk8.4 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJose Duart of the Google Security Team discovered heap-based buffer\noverflow flaws in JasPer, a library for manipulating JPEG-2000 files,\nwhich could lead to denial of service (application crash) or the\nexecution of arbitrary code.
\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.900.1-13+deb7u1.
\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your jasper packages.
\nA read buffer overflow was discovered in the idtech3 (Quake III Arena)\nfamily of game engines. This allows remote attackers to cause a denial\nof service (application crash) or possibly have unspecified other impact\nvia a crafted packet.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.50a+dfsg1-3+deb9u1.
\nWe recommend that you upgrade your iortcw packages.
\nTatsuya Kinoshita discovered that IM, which contains interface\ncommands and Perl libraries for E-mail and NetNews, creates temporary\nfiles insecurely.
\nThese problems have been fixed in version 141-18.1 for the current\nstable distribution (woody), in version 133-2.2 of the old stable\ndistribution (potato) and in version 141-20 for the unstable\ndistribution (sid).
\nWe recommend that you upgrade your IM package.
\nMD5 checksums of the listed files are available in the original advisory.\n
MD5 checksums of the listed files are available in the revised advisory.\n
\n\n\nA format string vulnerability has been discovered in gedit, a\nlight-weight text editor for GNOME, that may allow attackers to cause\na denial of service (application crash) via a binary file with format\nstring specifiers in the filename. Since gedit supports opening files\nvia \"http://\" URLs (through GNOME vfs) and other schemes, this might\nbe a remotely exploitable vulnerability.
\nThe old stable distribution (woody) is not vulnerable to this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.8.3-4sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.10.3-1.
\nWe recommend that you upgrade your gedit package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral local/remote vulnerabilities have been discovered in cupsys, the\nCommon Unix Printing System. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\n\nHeap-based buffer overflow in CUPS, when printer sharing is enabled,\nallows remote attackers to execute arbitrary code via crafted search\nexpressions.\n
\n\nDouble free vulnerability in the process_browse_data function in CUPS\n1.3.5 allows remote attackers to cause a denial of service (daemon\ncrash) and possibly the execution of arbitrary code via crafted packets to the\ncupsd port (631/udp), related to an unspecified manipulation of a\nremote printer.\n
\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch3.
\nWe recommend that you upgrade your cupsys packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities were discovered in the dissectors/parsers for\nSigComp UDVM, AMQP, NCP and TN5250, which could result in denial of\nservice.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy13.
\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.12.1+g01b65bf-2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-2.
\nWe recommend that you upgrade your wireshark packages.
\nFlorian Zumbiehl reported a vulnerability in pam-pgsql whereby the\nusername to be used for authentication is used as a format string when\nwriting a log message. This vulnerability may allow an attacker to\nexecute arbitrary code with the privileges of the program requesting\nPAM authentication.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.5.2-3woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.5.2-7.
\nWe recommend that you update your pam-pgsql package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nFelix Wilhelm discovered that the Evince document viewer made insecure\nuse of tar when opening tar comic book archives (CBT). Opening a\nmalicious CBT archive could result in the execution of arbitrary code.\nThis update disables the CBT format entirely.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 3.14.1-2+deb8u2.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 3.22.1-3+deb9u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.22.1-4.
\nWe recommend that you upgrade your evince packages.
\nSeveral vulnerabilities have been discovered in Ruby, an object-oriented\nscripting language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nIt was discovered that the Ruby HTTP(S) module performs insufficient\n validation of SSL certificates, which may lead to man-in-the-middle\n attacks.
It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP\n and SMTP perform insufficient validation of SSL certificates, which\n may lead to man-in-the-middle attacks.
The old stable distribution (sarge) doesn't contain ruby1.9 packages.
\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.9.0+20060609-1etch1. Updated packages for hppa and sparc will\nbe provided later.
\nWe recommend that you upgrade your ruby1.9 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that znc, an IRC proxy, did not properly process\ncertain DCC requests, allowing attackers to upload arbitrary files.
\nFor the old stable distribution (etch), this problem has been fixed in\nversion 0.045-3+etch3.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.058-2+lenny3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.074-1.
\nWe recommend that you upgrade your znc package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThe file type identification tool, file, and its associated library,\nlibmagic, do not properly process malformed files in the Composite\nDocument File (CDF) format, leading to crashes.
\nNote that after this update, file may return different detection\nresults for CDF files (well-formed or not). The new detections are\nbelieved to be more accurate.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 5.04-5+squeeze2.
\nWe recommend that you upgrade your file packages.
\nTobias Klein discovered that integer overflows in the code the Amarok\nmedia player uses to parse Audible files may lead to the execution of\narbitrary code.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.4-4etch1. Updated packages for sparc and arm will be\nprovided later.
\nFor the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version 1.4.10-2.
\nWe recommend that you upgrade your amarok packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA problem has been discovered in ecartis, a mailing-list manager,\nwhich allows an attacker in the same domain as the list admin to gain\nadministrator privileges and alter list settings.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.129a+1.0.0-snap20020514-1.3.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0.0+cvs.20030911-8.
\nWe recommend that you upgrade your ecartis package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nRapha\u00ebl Enrici discovered that the KDE screensaver can crash under\ncertain local circumstances. This can be exploited by an attacker\nwith physical access to the workstation to take over the desktop\nsession.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-14.9.
\nThis problem has been fixed upstream in KDE 3.0.5 and is therefore\nfixed in the unstable (sid) and testing (sarge) distributions already.
\nWe recommend that you upgrade your kscreensaver package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been discovered in the Drupal content\nmanagement system, ranging from denial of service to cross-site\nscripting. More information can be found at https://www.drupal.org/SA-CORE-2014-003.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 7.14-2+deb7u5.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 7.29-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.29-1.
\nWe recommend that you upgrade your drupal7 packages.
\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:
\nFrank Schmirler reported that the ssl23_get_client_hello function in\n OpenSSL does not properly handle attempts to use unsupported\n protocols. When OpenSSL is built with the no-ssl3 option and a SSL\n v3 ClientHello is received, the ssl method would be set to NULL which\n could later result in a NULL pointer dereference and daemon crash.
Pieter Wuille of Blockstream reported that the bignum squaring\n (BN_sqr) may produce incorrect results on some platforms, which\n might make it easier for remote attackers to defeat cryptographic\n protection mechanisms.
Markus Stenberg of Cisco Systems, Inc. reported that a carefully\n crafted DTLS message can cause a segmentation fault in OpenSSL due\n to a NULL pointer dereference. A remote attacker could use this flaw\n to mount a denial of service attack.
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n OpenSSL client would accept a handshake using an ephemeral ECDH\n ciphersuite if the server key exchange message is omitted. This\n allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\n and trigger a loss of forward secrecy.
Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\n and Konrad Kraszewski of Google reported various certificate\n fingerprint issues, which allow remote attackers to defeat a\n fingerprint-based certificate-blacklist protection mechanism.
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that\n an OpenSSL client will accept the use of an ephemeral RSA key in a\n non-export RSA key exchange ciphersuite, violating the TLS\n standard. This allows remote SSL servers to downgrade the security\n of the session.
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n OpenSSL server will accept a DH certificate for client\n authentication without the certificate verify message. This flaw\n effectively allows a client to authenticate without the use of a\n private key via crafted TLS handshake protocol traffic to a server\n that recognizes a certification authority with DH support.
Chris Mueller discovered a memory leak in the dtls1_buffer_record\n function. A remote attacker could exploit this flaw to mount a\n denial of service through memory exhaustion by repeatedly sending\n specially crafted DTLS records.
For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u14.
\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1k-1.
\nWe recommend that you upgrade your openssl packages.
\nJun Mao discovered that Samba, an implementation of the SMB/CIFS protocol\nfor Unix systems, is not properly handling certain offset values when\nprocessing chained SMB1 packets. This enables an unauthenticated attacker\nto write to an arbitrary memory location resulting in the possibility to\nexecute arbitrary code with root privileges or to perform denial of service\nattacks by crashing the samba daemon.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.2.5-4lenny12.
\nThis problem does not affect the versions in the testing (squeeze) and\nunstable (sid) distribution.
\nWe recommend that you upgrade your samba packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that Apache POI, a Java implementation of the\nMicrosoft Office file formats, would allocate arbitrary amounts of\nmemory when processing crafted documents. This could impact the\nstability of the Java virtual machine.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.6+dfsg-1+squeeze1.
\nWe recommend that you upgrade your libjakarta-poi-java packages.
\nTwo problems were discovered with lighttpd, a fast webserver with\nminimal memory footprint, which could allow denial of service.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nRemote attackers could cause denial of service by disconnecting\n partway through making a request.
A NULL pointer dereference could cause a crash when serving files\n with a mtime of 0.
For the stable distribution (etch) these problems have been fixed in\nversion 1.4.13-4etch1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.14-1.
\nWe recommend that you upgrade your lighttpd package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMore potential integer overflows have been found in the GD graphics\nlibrary which weren't covered by our security advisory\nDSA 591. They\ncould be exploited by a specially crafted graphic and could lead to\nthe execution of arbitrary code on the victim's machine.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.0.1-10woody2.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your libgd2 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTobias Stoeckmann discovered that the libXpm library contained two\ninteger overflow flaws, leading to a heap out-of-bounds write, while\nparsing XPM extensions in a file. An attacker can provide a specially\ncrafted XPM file that, when processed by an application using the libXpm\nlibrary, would cause a denial-of-service against the application, or\npotentially, the execution of arbitrary code with the privileges of the\nuser running the application.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:3.5.12-0+deb8u1. This update is based on a new upstream\nversion of libxpm including additional bug fixes.
\nFor the testing distribution (stretch) and the unstable distribution\n(sid), this problem has been fixed in version 1:3.5.12-1.
\nWe recommend that you upgrade your libxpm packages.
\nMax Vozeler discovered that pstotext, a utility to extract text from\nPostScript and PDF files, did not execute ghostscript with the -dSAFER\nargument, which prevents potential malicious operations to happen.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 1.8g-5woody1.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.9-1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.9-2.
\nWe recommend that you upgrade your pstotext package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple SQL injection vulnerabilities have been discovered in the Mantis\nbug tracking system.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.11-1.2+deb7u1.
\nWe recommend that you upgrade your mantis packages.
\nIt was discovered that vzctl, a set of control tools for the OpenVZ\nserver virtualisation solution, determined the storage layout of\ncontainers based on the presence of an XML file inside the container.\nAn attacker with local root privileges in a simfs-based container\ncould gain control over ploop-based containers. Further information on\nthe prerequisites of such an attack can be found at\nsrc.openvz.org.
\nThe oldstable distribution (wheezy) is not affected.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.8-1+deb8u2. During the update existing configurations are\nautomatically updated.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 4.9.4-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.9.4-2.
\nWe recommend that you upgrade your vzctl packages.
\nTwo issues have been found in the Apache HTTPD web server:
\nmod_proxy_ajp would return the wrong status code if it encountered an\nerror, causing a backend server to be put into an error state until the\nretry timeout expired. A remote attacker could send malicious requests\nto trigger this issue, resulting in denial of service.
A flaw in the core subrequest process code was found, which could lead\nto a daemon crash (segfault) or disclosure of sensitive information\nif the headers of a subrequest were modified by modules such as\nmod_headers.
For the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny7.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.2.15-1.
\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.
\nWe recommend that you upgrade your apache2 and apache2-mpm-itk packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that LibreOffice, an office productivity suite, could\ntry to write to invalid memory areas when importing malformed RTF files.\nThis could allow remote attackers to cause a denial of service (crash)\nor arbitrary code execution via crafted RTF files.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:3.5.4+dfsg2-0+deb7u3.
\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 1:4.3.3-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:4.3.3-2.
\nWe recommend that you upgrade your libreoffice packages.
\nIt was discovered that the JasPer JPEG-2000 runtime library allowed an\nattacker to create a crafted input file that could lead to denial of\nservice and heap corruption.
\nBesides addressing this vulnerability, this updates also addresses a\nregression introduced in the security fix for CVE-2008-3521, applied\nbefore Debian Lenny's release, that could cause errors when reading some\nJPEG input files.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.900.1-5.1+lenny1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.900.1-6.
\nWe recommend that you upgrade your jasper package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in TYPO3. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:
\nMultiple remote file disclosure vulnerabilities in the jumpUrl\n\tmechanism and the Extension Manager allowed attackers to read\n\tfiles with the privileges of the account under which the web\n\tserver was running.
The TYPO3 backend contained several cross-site scripting\n\tvulnerabilities, and the RemoveXSS function did not filter\n\tall Javascript code.
Malicious editors with user creation permission could escalate\n\ttheir privileges by creating new users in arbitrary groups, due\n\tto lack of input validation in the taskcenter.
TYPO3 exposed a crasher bug in the PHP filter_var function,\n\tenabling attackers to cause the web server process to crash\n\tand thus consume additional system resources.
For the stable distribution (lenny), these problems have been fixed in\nversion 4.2.5-1+lenny6.
\nFor the unstable distribution (sid) and the upcoming stable\ndistribution (squeeze), these problems have been fixed in version\n4.3.7-1.
\nWe recommend that you upgrade your TYPO3 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nEvgeny Legerov discovered several out-of-bounds memory accesses in the\nDER decoding component of the Tiny ASN.1 Library, which is\nalso present and used in GnuTLS, the GNU implementation for Transport\nLayer Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols\nand which allows attackers to crash the DER decoder and possibly\nexecute arbitrary code.
\nThe old stable distribution (woody) is not affected by these problems.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.16-13.2.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your gnutls packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities were discovered in the dissectors/parsers for\nPKTC, IAX2, GSM CBCH and NCP, SPOOLS, IEEE 802.11, UMTS FP, USB,\nToshiba, CoSine, NetScreen, WBXML which could result in denial of service\nor potentially the execution of arbitrary code.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u7.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.0.4+gdd7746e-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.4+gdd7746e-1.
\nWe recommend that you upgrade your wireshark packages.
\nThe Qualys Research Labs discovered various problems in the dynamic\nlinker of the GNU C Library which allow local privilege escalation by\nclashing the stack. For the full details, please refer to their advisory\npublished at:\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.19-18+deb8u10.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.24-11+deb9u1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your glibc packages.
\nA weakness has been discovered in squid, a caching proxy server. The\nflaw was introduced upstream in response to CVE-2007-6239, and\nannounced by Debian in DSA-1482-1. The flaw involves an\nover-aggressive bounds check on an array resize, and could be\nexploited by an authorized client to induce a denial of service\ncondition against squid.
\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.5-6etch2.
\nWe recommend that you upgrade your squid packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral local vulnerabilities have been discovered in Xine, a\nmedia player library, allowed for a denial of service or arbitrary code\nexecution, which could be exploited through viewing malicious content.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:
\nThe DMO_VideoDecoder_Open function does not set the biSize before use in a\n memcpy, which allows user-assisted remote attackers to cause a buffer overflow\n and possibly execute arbitrary code (applies to sarge only).
Array index error in the sdpplin_parse function allows remote RTSP servers\n to execute arbitrary code via a large streamid SDP parameter.
Array index vulnerability in libmpdemux/demux_audio.c might allow remote\n attackers to execute arbitrary code via a crafted FLAC tag, which triggers\n a buffer overflow (applies to etch only).
Buffer overflow in the Matroska demuxer allows remote attackers to cause a\n denial of service (crash) and possibly execute arbitrary code via a Matroska\n file with invalid frame sizes.
For the old stable distribution (sarge), these problems have been fixed in\nversion 1.0.1-1sarge7.
\nFor the stable distribution (etch), these problems have been fixed in version\n1.1.2+dfsg-6.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.11-1.
\nWe recommend that you upgrade your xine-lib package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAn information disclosure vulnerability was discovered in Drupal, a\nfully-featured content management framework. When pages are cached for\nanonymous users, form state may leak between anonymous users. Sensitive\nor private information recorded for one anonymous user could thus be\ndisclosed to other users interacting with the same form at the same\ntime.
\nThis security update introduces small API changes, see the upstream\nadvisory at drupal.org/SA-CORE-2014-002 for further information.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 6.31-1.
\nWe recommend that you upgrade your drupal6 packages.
\nSeveral vulnerabilities have been discovered in jffnms, a web-based\nNetwork Management System for IP networks. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\n\n Cross-site scripting (XSS) vulnerability in auth.php, which allows\n a remote attacker to inject arbitrary web script or HTML via the\n user
parameter.\n
\n Multiple SQL injection vulnerabilities in auth.php, which allow\n remote attackers to execute arbitrary SQL commands via the\n user
and pass
parameters.\n
\n Direct requests to URLs make it possible for remote attackers to\n access configuration information, bypassing login restrictions.\n
\n\nFor the stable distribution (etch), these problems have been fixed in version\n0.8.3dfsg.1-2.1etch1.\n
\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.8.3dfsg.1-4.\n
\n\nWe recommend that you upgrade your jffnms package.\n
\nMD5 checksums of the listed files are available in the original advisory.
\nTwo vulnerabilities were discovered in php4:
\nThe memory_limit functionality in PHP 4.x up to\n 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as\n when register_globals is enabled, allows remote attackers to\n execute arbitrary code by triggering a memory_limit abort during\n execution of the zend_hash_init function and overwriting a\n HashTable destructor pointer before the initialization of key data\n structures is complete.
\nThe strip_tags function in PHP 4.x up to 4.3.7, and\n 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag\n names when restricting input to allowed tags, which allows\n dangerous tags to be processed by web browsers such as Internet\n Explorer and Safari, which ignore null characters and facilitate\n the exploitation of cross-site scripting (XSS) vulnerabilities.
\nFor the current stable distribution (woody), these problems have been\nfixed in version 4.1.2-7.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:4.3.8-1.
\nWe recommend that you update your php4 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nVincent LE GARREC discovered an integer overflow in pixman, a\npixel-manipulation library for X and cairo. A remote attacker can\nexploit this flaw to cause an application using the pixman library to\ncrash, or potentially, to execute arbitrary code with the privileges of\nthe user running the application.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 0.26.0-4+deb7u2.
\nFor the stable distribution (jessie), the testing distribution (stretch)\nand the unstable distribution (sid), this problem was already fixed in\nversion 0.32.6-1.
\nWe recommend that you upgrade your pixman packages.
\nA vulnerability has been discovered in Mozilla and Mozilla Firefox\nthat allows remote attackers to inject arbitrary Javascript from one\npage into the frameset of another site. Thunderbird is not affected\nby this and Galeon will be automatically fixed as it uses Mozilla\ncomponents.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.7.8-1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.7.10-1.
\nWe recommend that you upgrade your Mozilla package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nBen Hayak discovered that objects embedded in Writer and Calc documents\nmay result in information disclosure. Please see \nhttps://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/\nfor additional information.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:4.3.3-2+deb8u6.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 1:5.2.3-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:5.2.3-1.
\nWe recommend that you upgrade your libreoffice packages.
\nDanny Fullerton discovered a use-after-free in the Dropbear SSH daemon,\nresulting in potential execution of arbitrary code. Exploitation is\nlimited to users, who have been authenticated through public key\nauthentication and for which command restrictions are in place.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.52-5+squeeze1.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2012.55-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2012.55-1.
\nWe recommend that you upgrade your dropbear packages.
\nIt has been discovered that the signal handler implementing the login\ntimeout in Debian's version of the OpenSSH server uses functions which\nare not async-signal-safe, leading to a denial of service\nvulnerability (CVE-2008-4109).
\nThe problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051),\nbut the patch backported to the version released with etch was\nincorrect.
\nSystems affected by this issue suffer from lots of zombie sshd\nprocesses. Processes stuck with a \"[net]\" process title have also been\nobserved. Over time, a sufficient number of processes may accumulate\nsuch that further login attempts are impossible. Presence of these\nprocesses does not indicate active exploitation of this vulnerability.\nIt is possible to trigger this denial of service condition by accident.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 4.3p2-9etch3.
\nFor the unstable distribution (sid) and the testing distribution\n(lenny), this problem has been fixed in version 4.6p1-1.
\nWe recommend that you upgrade your openssh packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThe Phar extension for PHP does not properly handle crafted tar files,\nleading to a heap-based buffer overflow. PHP applications processing\ntar files could crash or, potentially, execute arbitrary code.
\nIn addition, this update addresses a regression which caused a crash\nwhen accessing a global object that is returned as $this from __get.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze13.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 5.4.4~rc1-1.
\nWe recommend that you upgrade your php5 packages.
\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nStephane Eranian discovered a local DoS (Denial of Service) vulnerability\n on the ia64 architecture. A local user could exhaust the available file\n descriptors by exploiting a counting error in the permonctl() system call.
Kirill Korotaev reported a local DoS (Denial of Service) vulnerability\n on the ia64 and sparc architectures. A user could cause the system to\n crash by executing a malformed ELF binary due to insufficient verification\n of the memory layout.
Dmitriy Monakhov reported a potential memory leak in the\n __block_prepare_write function. __block_prepare_write does not properly\n sanitize kernel buffers during error recovery, which could be exploited\n by local users to gain access to sensitive kernel memory.
ADLab Venustech Info Ltd reported a potential remote DoS (Denial of\n Service) vulnerability in the IP over ATM subsystem. A remote system\n could cause the system to crash by sending specially crafted packets\n that would trigger an attempt to free an already-freed pointer\n resulting in a system crash.
Martin Schwidefsky reported a potential leak of sensitive information\n on s390 systems. The copy_from_user function did not clear the remaining\n bytes of the kernel buffer after receiving a fault on the userspace\n address, resulting in a leak of uninitialized kernel memory. A local user\n could exploit this by appending to a file from a bad address.
James Morris reported a potential local DoS (Denial of Service)\n vulnerability that could be used to hang or oops a system. The seqfile\n handling for /proc/net/ip6_flowlabel has a flaw that can be exploited to\n cause an infinite loop by reading this file after creating a flowlabel.
Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service)\n vulnerability on powerpc systems. The alignment exception only\n checked the exception table for -EFAULT, not for other errors. This can\n be exploited by a local user to cause a system crash (panic).
Eugene Teo reported a vulnerability in the get_fdb_entries function that\n could potentially be exploited to allow arbitrary code execution with\n escalated privileges.
Bill Allombert reported that various mount options are ignored by smbfs\n when UNIX extensions are enabled. This includes the uid, gid and mode\n options. Client systems would silently use the server-provided settings\n instead of honoring these options, changing the security model. This\n update includes a fix from Haroldo Gamal that forces the kernel to honor\n these mount options. Note that, since the current versions of smbmount\n always pass values for these options to the kernel, it is not currently\n possible to activate unix extensions by omitting mount options. However,\n this behavior is currently consistent with the current behavior of the\n next Debian release, 'etch'.
The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:
\nDebian 3.1 (sarge) | |
---|---|
Source | 2.6.8-16sarge6 |
Alpha architecture | 2.6.8-16sarge6 |
AMD64 architecture | 2.6.8-16sarge6 |
HP Precision architecture | 2.6.8-6sarge6 |
Intel IA-32 architecture | 2.6.8-16sarge6 |
Intel IA-64 architecture | 2.6.8-14sarge6 |
Motorola 680x0 architecture | 2.6.8-4sarge6 |
PowerPC architecture | 2.6.8-12sarge6 |
IBM S/390 architecture | 2.6.8-5sarge6 |
Sun Sparc architecture | 2.6.8-15sarge6 |
The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\nDebian 3.1 (sarge) | |
---|---|
fai-kernels | 1.9.1sarge5 |
We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities have been discovered in Request Tracker, an\nextensible trouble-ticket tracking system. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nA user with the ModifyTicket right can bypass the DeleteTicket right\n or any custom lifecycle transition rights and thus modify ticket data\n without authorization.
The rt command line tool uses semi-predictable temporary files. A\n malicious user can use this flaw to overwrite files with permissions\n of the user running the rt command line tool.
A malicious user who is allowed to see administration pages can run\n arbitrary Mason components (without control of arguments), which may\n have negative side-effects.
Request Tracker allows direct requests to private callback\n components, which could be used to exploit a Request Tracker\n extension or a local callback which uses the arguments passed to it\n insecurely.
Request Tracker is vulnerable to cross-site scripting attacks via\n attachment filenames.
Dominic Hargreaves discovered that Request Tracker is vulnerable to\n an HTTP header injection limited to the value of the\n Content-Disposition header.
Request Tracker is vulnerable to a MIME header injection in outgoing\n email generated by Request Tracker.
\nRequest Tracker stock templates are resolved by this update. But any\n custom email templates should be updated to ensure that values\n interpolated into mail headers do not contain newlines.
Request Tracker is vulnerable to limited session re-use when using\n the file-based session store, Apache::Session::File. However Request\n Tracker's default session configuration only uses\n Apache::Session::File when configured for Oracle databases.
This version of Request Tracker includes a database content upgrade. If\nyou are using a dbconfig-managed database, you will be offered the\nchoice of applying this automatically. Otherwise see the explanation in\n/usr/share/doc/request-tracker4/NEWS.Debian.gz for the manual steps to\nperform.
\nPlease note that if you run request-tracker4 under the Apache web\nserver, you must stop and start Apache manually. The restart
mechanism\nis not recommended, especially when using mod_perl or any form of\npersistent Perl process such as FastCGI or SpeedyCGI.
For the stable distribution (wheezy), these problems have been fixed in\nversion 4.0.7-5+deb7u2.
\nFor the testing distribution (jessie), these problems will be fixed\nsoon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.12-2.
\nWe recommend that you upgrade your request-tracker4 packages.
\nTwo vulnerabilities were found in Dropbear, a lightweight SSH2 server\nand client:
\nMark Shepard discovered a double free in the TCP listener cleanup\n which could result in denial of service by an authenticated user if\n Dropbear is running with the \"-a\" option.
Jann Horn discovered a local information leak in parsing the\n .authorized_keys file.
For the stable distribution (jessie), these problems have been fixed in\nversion 2014.65-1+deb8u2.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your dropbear packages.
\nSpike Spiegel discovered a stack-based buffer overflow in gmetad, the\nmeta-daemon for the ganglia cluster monitoring toolkit, which could be\ntriggered via a request with long path names and might enable\narbitrary code execution.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.5.7-3.1etch1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.5.7-5.
\nFor the testing distribution (lenny), this problem will be fixed soon.
\nWe recommend that you upgrade your ganglia-monitor-core packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThe account management of the CVS pserver (which is used to give remote\naccess to CVS repositories) uses a CVSROOT/passwd file in each\nrepository which contains the accounts and their authentication\ninformation as well as the name of the local unix account to use when a\npserver account is used. Since CVS performed no checking on what unix\naccount was specified anyone who could modify the CVSROOT/passwd\ncould gain access to all local users on the CVS server, including root.
\nThis has been fixed in upstream version 1.11.11 by preventing pserver\nfrom running as root. For Debian this problem is solved in version\n1.11.1p1debian-9 in two different ways:
\nAdditionally, CVS pserver had a bug in parsing module requests which\ncould be used to create files and directories outside a repository.\nThis has been fixed upstream in version 1.11.11 and Debian version\n1.11.1p1debian-9.
\nFinally, the umask used for \u201ccvs init\u201d and\n\u201ccvs-makerepos\u201d has been\nchanged to prevent repositories from being created with group write\npermissions.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:
\nJan Beulich from SUSE discovered that Xen does not properly handle\n writes to the hardware FSW.ES bit when running on AMD64 processors.\n A malicious domain can take advantage of this flaw to obtain address\n space usage and timing information, about another domain, at a\n fairly low rate.
Ling Liu and Yihan Lian of the Cloud Security Team, Qihoo 360\n discovered an integer overflow in the x86 shadow pagetable code. A\n HVM guest using shadow pagetables can cause the host to crash. A PV\n guest using shadow pagetables (i.e. being migrated) with PV\n superpages enabled (which is not the default) can crash the host, or\n corrupt hypervisor memory, potentially leading to privilege\n escalation.
For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u5.
\nWe recommend that you upgrade your xen packages.
\nSeveral cross-site scripting and information disclosure issues have\nbeen fixed in Moodle, a course management system for online learning:
\n\nCross-site request forgery vulnerability in RSS block\n
\nCross-site scripting vulnerability in tag autocomplete\n
\nIMS enterprise enrolment file may disclose sensitive information\n
\nMultiple cross-site scripting problems in media filter\n
\nCross Site Scripting through URL encoding\n
\nGroup/Quiz permissions issue\n
For the stable distribution (squeeze), this problem has been fixed in\nversion 1.9.9.dfsg2-2.1+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.9.9.dfsg2-3.
\nWe recommend that you upgrade your moodle packages.
\nRecently multiple servers of the Debian project were compromised using a\nDebian developers account and an unknown root exploit. Forensics\nrevealed a burneye encrypted exploit. Robert van der Meulen managed to\ndecrypt the binary which revealed a kernel exploit. Study of the exploit\nby the Red Hat and SuSE kernel and security teams quickly revealed that\nthe exploit used an integer overflow in the brk system call. Using\nthis bug it is possible for a userland program to trick the kernel into\ngiving access to the full kernel address space. This problem was found\nin September by Andrew Morton, but unfortunately that was too late for\nthe 2.4.22 kernel release.
\nThis bug has been fixed in kernel version 2.4.23 for the 2.4 tree and\n2.6.0-test6 kernel tree. For Debian it has been fixed in version\n2.4.18-14 of the kernel source packages, version 2.4.18-12 of the i386\nkernel images and version 2.4.18-11 of the alpha kernel images.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nPavel Kankovsky discovered that several overflows found in the libXpm\nlibrary were also present in imlib and imlib2, imaging libraries for\nX11. An attacker could create a carefully crafted image file in such\na way that it could cause an application linked with imlib or imlib2\nto execute arbitrary code when the file was opened by a victim. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:
\nMultiple heap-based buffer overflows. No such code is present in\n imlib2.
\nMultiple integer overflows in the imlib library.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.0.5-2woody2.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your imlib2 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that malformed cache update replies against the Squid\nWWW proxy cache could lead to the exhaustion of system memory, resulting\nin potential denial of service.
\nFor the old stable distribution (sarge), the update cannot currently\nbe processed on the buildd security network due to a bug in the archive\nmanagement script. This will be resolved soon. An update for i386\nis temporarily available at https://people.debian.org/~jmm/squid/.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.5-6etch1.
\nWe recommend that you upgrade your squid packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been fixed in the GNU C Library, glibc.
\nThe first vulnerability listed below is considered to have critical\nimpact.
\nThe Google Security Team and Red Hat discovered that the glibc\n host name resolver function, getaddrinfo, when processing\n AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its\n internal buffers, leading to a stack-based buffer overflow and\n arbitrary code execution. This vulnerability affects most\n applications which perform host name resolution using getaddrinfo,\n including system services.
Adam Nielsen discovered that if an invalid separated time value\n is passed to strftime, the strftime function could crash or leak\n information. Applications normally pass only valid time\n information to strftime; no affected applications are known.
Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r\n functions did not check the size argument properly, leading to a\n crash (denial of service) for certain arguments. No impacted\n applications are known at this time.
The catopen function contains several unbound stack allocations\n (stack overflows), causing it the crash the process (denial of\n service). No applications where this issue has a security impact\n are currently known.
While it is only necessary to ensure that all processes are not using\nthe old glibc anymore, it is recommended to reboot the machines after\napplying the security upgrade.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.19-18+deb8u3.
\nFor the unstable distribution (sid), these problems will be fixed in\nversion 2.21-8.
\nWe recommend that you upgrade your glibc packages.
\nWhen sudo is configured to allow a user to edit files under a directory\nthat they can already write to without using sudo, they can actually\nedit (read and write) arbitrary files. Daniel Svartman reported that a\nconfiguration like this might be introduced unintentionally if the\neditable files are specified using wildcards, for example:
\noperator ALL=(root) sudoedit /home/*/*/test.txt\n
The default behaviour of sudo has been changed so that it does not allow\nediting of a file in a directory that the user can write to, or that is\nreached by following a symlink in a directory that the user can write\nto. These restrictions can be disabled, but this is strongly\ndiscouraged.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.8.5p2-1+nmu3+deb7u1.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.8.10p3-1+deb8u3.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 1.8.15-1.1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.15-1.1.
\nWe recommend that you upgrade your sudo packages.
\nDue to restrictive dependency definition for fetchmail-ssl the updated fetchmailconf\npackage couldn't be installed on the old stable distribution (woody)\ntogether with fetchmail-ssl. \u00a0Hence, this update loosens it, so that\nthe update can be pulled in. \u00a0For completeness we're including the\noriginal advisory text:
\n\n\nThomas Wolff discovered that the fetchmailconf program which is\nprovided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail\ngatherer/forwarder, creates the new configuration in an insecure\nfashion that can lead to leaking passwords for mail accounts to local\nusers.
\n
This update also fixes a regression in the package for stable caused\nby the last security update.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 5.9.11-6.4 of fetchmail and in version 5.9.11-6.3 of\nfetchmail-ssl.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 6.2.5-12sarge3.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 6.2.5.4-1.
\nWe recommend that you upgrade your fetchmail package.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nAn anonymous contributor working with VeriSign iDefense Labs\ndiscovered that libreoffice, a full-featured office productivity\nsuite, did not correctly handle Lotus WordPro files. This would enable\nan attacker to crash the program, or execute arbitrary code, by\nsupplying a specially crafted LWP file.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:3.5.4+dfsg2-0+deb7u6.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.3.3-2+deb8u3.
\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 1:5.0.5~rc1-1.
\nWe recommend that you upgrade your libreoffice packages.
\nTwo security issues (SQL injection and command line injection via SNMP\nsettings) were found in Cacti, a web interface for graphing of monitoring\nsystems.
\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.8.7g-1+squeeze2.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.8a+dfsg-5+deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8b+dfsg-2.
\nWe recommend that you upgrade your cacti packages.
\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nvladz reported a timing leak with the /dev/ptmx character device. A local\n user could use this to determine sensitive information such as password\n length.
Andrew Honig of Google reported an issue in the KVM subsystem. A user in\n a guest operating system could corrupt kernel memory, resulting in a\n denial of service.
Oded Horovitz and Brad Spengler reported an issue in the device driver for\n Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach\n untrusted devices can create an overflow condition, resulting in a denial\n of service or elevated privileges.
Andy Lutomirski reported an issue in the socket level control message\n processing subsystem. Local users may be able to gain eleveated privileges.
Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local\n users with the ability to mount a specially crafted filesystem can cause\n a denial of service (infinite loop).
Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds\n access vulnerability allows local users to gain elevated privileges.
Mathias Krause discovered an issue in the userspace interface for hash\n algorithms. Local users can gain access to sensitive kernel memory.
Mathias Krause discovered an issue in the Asynchronous Transfer Mode (ATM)\n protocol support. Local users can gain access to sensitive kernel memory.
Mathias Krause discovered an issue in the Amateur Radio AX.25 protocol\n support. Local users can gain access to sensitive kernel memory.
Mathias Krause discovered an issue in the Bluetooth subsystem. Local users\n can gain access to sensitive kernel memory.
Mathias Krause discovered an issue in the Bluetooth RFCOMM protocol\n support. Local users can gain access to sensitive kernel memory.
Mathias Krause discovered an issue in the Communication CPU to Application\n CPU Interface (CAIF). Local users can gain access to sensitive kernel\n memory.
Mathias Krause discovered an issue in the IrDA (infrared) subsystem\n support. Local users can gain access to sensitive kernel memory.
Mathias Krause discovered an issue in the IUCV support on s390 systems.\n Local users can gain access to sensitive kernel memory.
Mathias Krause discovered an issue in the ANSI/IEEE 802.2 LLC type 2\n protocol support. Local users can gain access to sensitive kernel memory.
Mathias Krause discovered an issue in the Amateur Radio X.25 PLP (Rose)\n protocol support. Local users can gain access to sensitive kernel memory.
Mathias Krause discovered an issue in the Transparent Inter Process\n Communication (TIPC) protocol support. Local users can gain access to\n sensitive kernel memory.
Namhyung Kim reported an issue in the tracing subsystem. A privileged\n local user could cause a denial of service (system crash). This\n vulnerabililty is not applicable to Debian systems by default.
For the stable distribution (wheezy), this problem has been fixed in version\n3.2.41-2+deb7u1.\n
Note: Updates are currently available for the amd64, i386, ia64, s390, s390x\nand sparc architectures. Updates for the remaining architectures will be\nreleased as they become available.
\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | \nDebian 7.0 (wheezy) | \n
---|---|
user-mode-linux | \n3.2-2um-1+deb7u1 | \n
We recommend that you upgrade your linux and user-mode-linux packages.\n
Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.
\nSeveral vulnerabilities were discovered in Request Tracker, an issue\ntracking system:
\nThe vulnerable-passwords scripts introduced for\n CVE-2011-0009\n failed to correct the password hashes of disabled users.
Several cross-site scripting issues have been discovered.
Password hashes could be disclosed by privileged users.
Several cross-site request forgery vulnerabilities have been\n found. If this update breaks your setup, you can restore the old\n behaviour by setting $RestrictReferrer to 0.
The code to support variable envelope return paths allowed the\n execution of arbitrary code.
Disabled groups were not fully accounted as disabled.
SQL injection vulnerability, only exploitable by privileged\n users.
Please note that if you run request-tracker3.8 under the Apache web server,\nyou must stop and start Apache manually. The restart
mechanism is not\nrecommended, especially when using mod_perl.
For the stable distribution (squeeze), these problems have been fixed in\nversion 3.8.8-7+squeeze5.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.5-3.
\nWe recommend that you upgrade your request-tracker3.8 packages.
\nLuigi Auriemma discovered a buffer overflow in the processing of ASF\nfiles in libextractor, a library to extract arbitrary meta-data from\nfiles, which can lead to the execution of arbitrary code.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.4.2-2sarge5.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.5.14-1.
\nWe recommend that you upgrade your libextractor packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nA local denial of service vulnerability in do_fork() has been found.
A local denial of service vulnerability in proc memory handling has\n been found.
A buffer overflow in the panic handling code has been found.
A local denial of service vulnerability through a null pointer\n dereference in the IA64 process handling code has been found.
A local denial of service vulnerability through an infinite loop in\n the signal handler code has been found.
An information leak in the context switch code has been found on\n the IA64 architecture.
Unsafe use of copy_to_user in USB drivers may disclose sensitive\n information.
A race condition in the i386 page fault handler may allow privilege\n escalation.
Multiple vulnerabilities in the SMB filesystem code may allow denial\n of service or information disclosure.
An information leak discovered in the SMB filesystem code.
A local denial of service vulnerability has been found in the SCM layer.
An integer overflow in the terminal code may allow a local denial of\n service vulnerability.
A local privilege escalation in the MIPS assembly code has been found.
A memory leak in the ip_options_get() function may lead to denial of\n service.
Multiple overflows exist in the io_edgeport driver which might be usable\n as a denial of service attack vector.
Bryan Fulton reported a bounds checking bug in the coda_pioctl function\n which may allow local users to execute arbitrary code or trigger a denial\n of service attack.
Inproper initialization of the RTC may disclose information.
Insufficient input sanitising in the load_elf_binary() function may\n lead to privilege escalation.
Incorrect error handling in the binfmt_elf loader may lead to privilege\n escalation.
A buffer overflow in the binfmt_elf loader may lead to privilege\n escalation or denial of service.
The open_exec function may disclose information.
The binfmt code is vulnerable to denial of service through malformed\n a.out binaries.
A denial of service vulnerability in the ELF loader has been found.
A programming error in the unix_dgram_recvmsg() function may lead to\n privilege escalation.
The ELF loader is vulnerable to denial of service through malformed\n binaries.
Crafted ELF binaries may lead to privilege escalation, due to\n insufficient checking of overlapping memory regions.
A race condition in the load_elf_library() and binfmt_aout() functions\n may allow privilege escalation.
An integer overflow in the Moxa driver may lead to privilege escalation.
A remote denial of service vulnerability has been found in the PPP\n driver.
An IA64 specific local denial of service vulnerability has been found\n in the unw_unwind_to_user() function.
The following matrix explains which kernel version for which architecture\nfixes the problems mentioned above:
\nDebian 3.0 (woody) | |
---|---|
Source | 2.4.16-1woody2 |
arm/lart | 20040419woody1 |
arm/netwinder | 20040419woody1 |
arm/riscpc | 20040419woody1 |
We recommend that you upgrade your kernel package immediately and reboot\nthe machine.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo vulnerabilities were fixed in radicale, a CardDAV/CalDAV server.
\nThe (not configured by default and not available on Wheezy)\n multifilesystem storage backend allows read and write access to\n arbitrary files (still subject to the DAC permissions of the user\n the radicale server is running as).
If an attacker is able to authenticate with a user name like `.*',\n he can bypass read/write limitations imposed by regex-based rules,\n including the built-in rules `owner_write' (read for everybody,\n write for the calendar owner) and `owner_only' (read and write for\n the the calendar owner).
For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.7-1.1+deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.9-1+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.1.1-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.1-1.
\nWe recommend that you upgrade your radicale packages.
\nSeveral vulnerabilities were discovered in the Asterisk PBX and telephony\ntoolkit:
\nRussell Bryant discovered a buffer overflow in the Milliwatt\n application.
David Woolley discovered a privilege escalation in the Asterisk\n manager interface.
Russell Bryant discovered a buffer overflow in the Skinny\n driver.
For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze5.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your asterisk packages.
\nA buffer overflow problem has been discovered in sail, a game contained\nin the bsdgames package, a collection of classic textual Unix games, which\ncould lead to games group privilege escalation.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.13-7woody0.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.17-1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.17-7.
\nWe recommend that you upgrade your bsdgames package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA vulnerability has been discovered in ruby1.8 that could allow arbitrary\ncommand execution on a server running the ruby xmlrpc server.
\nThe old stable distribution (woody) did not include ruby1.8.
\nThis problem is fixed for the current stable distribution (sarge) in\nversion 1.8.2-7sarge1.
\nThis problem is fixed for the unstable distribution in version 1.8.2-8.
\nWe recommend that you upgrade your ruby1.8 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Mantis bug\ntracking system, which may lead to the execution of arbitrary web script.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:
\nA cross-site scripting vulnerability was discovered in\n config_defaults_inc.php.
Cross-site scripting vulnerabilities were discovered in query_store.php\n and manage_proj_create.php.
Multiple cross-site scripting vulnerabilities were discovered in\n view_all_set.php, manage_user_page.php, view_filters_page.php and\n proj_doc_delete.php.
Multiple cross-site scripting vulnerabilities were discovered in\n view_all_set.php.
For the stable distribution (sarge) these problems have been fixed in\nversion 0.19.2-5sarge4.1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.19.4-3.1.
\nWe recommend that you upgrade your mantis package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA buffer overflow has been discovered in xtrlock, a minimal X display\nlock program which can be exploited by a malicious local attacker to\ncrash the lock program and take over the desktop session.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.0-6woody2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.0-9.
\nWe recommend that you upgrade your xtrlock package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in Ruby, an object-oriented\nscripting language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nIt was discovered that the Ruby HTTP(S) module performs insufficient\n validation of SSL certificates, which may lead to man-in-the-middle\n attacks.
It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP\n and SMTP perform insufficient validation of SSL certificates, which\n may lead to man-in-the-middle attacks.
For the old stable distribution (sarge) these problems have been fixed\nin version 0.1.4a-1sarge1. Packages for sparc will be provided later.
\nThe stable distribution (etch) no longer contains libopenssl-ruby.
\nWe recommend that you upgrade your libopenssl-ruby packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nEmanuele Rocca discovered that ppp, a daemon implementing the\nPoint-to-Point Protocol, was subject to a buffer overflow when\ncommunicating with a RADIUS server. This would allow unauthenticated\nusers to cause a denial-of-service by crashing the daemon.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.4.5-5.1+deb7u2.
\nFor the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 2.4.6-3.1.
\nWe recommend that you upgrade your ppp packages.
\nThe authors of tinyproxy, a lightweight HTTP proxy, discovered a bug\nin the handling of some invalid proxy requests. Under some\ncircumstances, an invalid request may result in allocated memory\nbeing freed twice. This can potentially result in the execution of\narbitrary code.
\nThis problem has been fixed in version 1.4.3-2woody2 for the current\nstable distribution (woody) and in version 1.4.3-3 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected by this problem.
\nWe recommend that you upgrade your tinyproxy package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been found in SPIP, a website engine for\npublishing, resulting in cross-site scripting, script code injection\nand bypass of restrictions.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.1-3squeeze3.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.1.13-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.13-1.
\nWe recommend that you upgrade your spip packages.
\nAnton Kortunov reported a heap corruption in ImageMagick, a program\ncollection and library for converting and manipulating image files.\nCrafted GIF files could cause ImageMagick to crash, potentially\nleading to arbitrary code execution.
\nThe oldstable distribution (squeeze) is not affected by this problem.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 8:6.7.7.10-5+deb7u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8:6.7.7.10-6.
\nWe recommend that you upgrade your imagemagick packages.
\nSeveral buffer overflow vulnerabilities were discovered in ethereal, a\nnetwork traffic analyzer. These vulnerabilities are described in the\nethereal advisory \"enpa-sa-00013\". Of these, only some parts of\nCAN-2004-0176 affect the version of ethereal in Debian woody.\nCAN-2004-0367 and CAN-2004-0365 are not applicable to this version.
\nFor the current stable distribution (woody), these problems have been\nfixed in version 0.9.4-1woody7.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.10.3-1.
\nWe recommend that you update your ethereal package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nWe have received reports that the \"SSH CRC-32 compensation attack\ndetector vulnerability\" is being actively exploited. This is the same\ninteger type error previously corrected for OpenSSH in DSA-027-1.\nOpenSSH (the Debian ssh package) was fixed at that time, but\nssh-nonfree and ssh-socks were not.
\nThough packages in the non-free section of the archive are not\nofficially supported by the Debian project, we are taking the unusual\nstep of releasing updated ssh-nonfree/ssh-socks packages for those\nusers who have not yet migrated to OpenSSH. However, we do recommend\nthat our users migrate to the regularly supported, DFSG-free \"ssh\"\npackage as soon as possible. ssh 1.2.3-9.3 is the OpenSSH package\navailable in Debian 2.2r4.
\nThe fixed ssh-nonfree/ssh-socks packages are available in version\n1.2.27-6.2 for use with Debian 2.2 (potato) and version 1.2.27-8 for\nuse with the Debian unstable/testing distribution. Note that the new\nssh-nonfree/ssh-socks packages remove the setuid bit from the ssh\nbinary, disabling rhosts-rsa authentication. If you need this\nfunctionality, run
\nchmod u+s /usr/bin/ssh1
after installing the new package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nAleksandar Nikolic discovered that an error in the x509 parser of the\nBotan crypto library could result in an out-of-bounds memory read,\nresulting in denial of service or an information leak if processing\na malformed certificate.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.10.8-2+deb8u2.
\nFor the stable distribution (stretch), this problem has been fixed\nprior to the initial release.
\nWe recommend that you upgrade your botan1.10 packages.
\nPatrice Fournier discovered a vulnerability in the authorisation\nsubsystem of hylafax, a flexible client/server fax system. A local or\nremote user guessing the contents of the hosts.hfaxd database could\ngain unauthorised access to the fax system.
\nSome installations of hylafax may actually utilise the weak hostname\nand username validation for authorized uses. For example, hosts.hfaxd\nentries that may be common are
\n\n 192.168.0\n username:uid:pass:adminpass\n user@host\n\n
After updating, these entries will need to be modified in order to\ncontinue to function. Respectively, the correct entries should be
\n\n 192.168.0.[0-9]+\n username@:uid:pass:adminpass\n user@host\n\n
Unless such matching of \"username\" with \"otherusername\" and \"host\" with\n\"hostname\" is desired, the proper form of these entries should include\nthe delimiter and markers like this
\n\n @192.168.0.[0-9]+$\n ^username@:uid:pass:adminpass\n ^user@host$\n\n
For the stable distribution (woody) this problem has been fixed in\nversion 4.1.1-3.1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 4.2.1-1.
\nWe recommend that you upgrade your hylafax packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in libvncserver, a library to\nimplement VNC server functionality. These vulnerabilities might result in the\nexecution of arbitrary code or denial of service in both the client and the\nserver side.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.9.9+dfsg-1+deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.9.9+dfsg-6.1.
\nWe recommend that you upgrade your libvncserver packages.
\nMichael Bhola discovered a bug in Squid, the popular WWW proxy cache.\nSquid does not trigger a fatal error when it identifies missing or\ninvalid ACLs in the http_access configuration, which could lead to\nless restrictive ACLs than intended by the administrator.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.4.6-2woody8.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.5.9-7.
\nWe recommend that you upgrade your squid packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities were discovered in the implementation of the\nPerl programming language. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nJohn Lightsey and Todd Rinaldo reported that the opportunistic\n loading of optional modules can make many programs unintentionally\n load code from the current working directory (which might be changed\n to another directory without the user realising) and potentially\n leading to privilege escalation, as demonstrated in Debian with\n certain combinations of installed packages.
\nThe problem relates to Perl loading modules from the includes\n directory array (\"@INC\") in which the last element is the current\n directory (\".\"). That means that, when perl
wants to load a module\n (during first compilation or during lazy loading of a module in run\n time), perl will look for the module in the current directory at the\n end, since '.' is the last include directory in its array of include\n directories to seek. The issue is with requiring libraries that are\n in \".\" but are not otherwise installed.
With this update several modules which are known to be vulnerable\n are updated to not load modules from current directory.
\nAdditionally the update allows configurable removal of \".\" from @INC\n in /etc/perl/sitecustomize.pl for a transitional period. It is\n recommended to enable this setting if the possible breakage for a\n specific site has been evaluated. Problems in packages provided in\n Debian resulting from the switch to the removal of '.' from @INC\n should be reported to the Perl maintainers at\n perl@packages.debian.org .
\nIt is planned to switch to the default removal of '.' in @INC in a\n subsequent update to perl via a point release if possible, and in\n any case for the upcoming stable release Debian 9 (stretch).
It was discovered that XSLoader, a core module from Perl to\n dynamically load C libraries into Perl code, could load shared\n library from incorrect location. XSLoader uses caller() information\n to locate the .so file to load. This can be incorrect if\n XSLoader::load() is called in a string eval. An attacker can take\n advantage of this flaw to execute arbitrary code.
For the stable distribution (jessie), these problems have been fixed in\nversion 5.20.2-3+deb8u6. Additionally this update includes the\nfollowing updated packages to address optional module loading\nvulnerabilities related to CVE-2016-1238,\nor to address build failures which occur when '.' is removed from @INC:
\nWe recommend that you upgrade your perl packages.
\nFederico L. Bossi Bonin discovered a buffer overflow in the HTTP\nPlugin in xine-lib, the xine video/media player library, that could\nallow a remote attacker to cause a denial of service.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody5.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge3.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.1.1-2.
\nWe recommend that you upgrade your libxine packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed TGA, Sun or PSD files are processed.
\nThis update also fixes visual artefacts when running -sharpen on CMYK\nimages (no security impact, but piggybacked on top of the security\nupdate with approval of the Debian stable release managers since it's\na regression in jessie compared to wheezy).
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u8.
\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 8:6.9.7.4+dfsg-2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-2.
\nWe recommend that you upgrade your imagemagick packages.
\nAn integer overflow bug has been discovered in the RPC library used by\nthe OpenAFS database server, which is derived from the SunRPC library.\nThis bug could be exploited to crash certain OpenAFS servers\n(volserver, vlserver, ptserver, buserver) or to obtain unauthorized\nroot access to a host running one of these processes. No exploits are\nknown to exist yet.
\nThis problem has been fixed in version 1.2.3final2-6 for the current\nstable distribution (woody) and in version 1.2.6-1 for the unstable\ndistribution (sid). Debian 2.2 (potato) is not affected since it\ndoesn't contain OpenAFS packages.
\nOpenAFS is only available for the architectures alpha, i386, powerpc,\ns390, sparc. Hence, we only provide fixed packages for these\narchitectures.
\nWe recommend that you upgrade your openafs packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\n\nIt was discovered that dovecot, a secure mail server that supports mbox\nand maildir mailboxes, when configured to use non-system-user spools\nand compressed folders, may allow directory traversal in mailbox names.
\nFor the old stable distribution (sarge), this problem was not present.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.0.rc15-2etch1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your dovecot package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in PostgreSQL, an SQL\ndatabase system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nAuthenticated users can shut down the backend server by re-LOAD-ing\nlibraries in $libdir/plugins, if any libraries are present there.\n(The old stable distribution (etch) is not affected by this issue.)
Authenticated non-superusers can gain database superuser privileges if\nthey can create functions and tables due to incorrect execution of\nfunctions in functional indexes.
If PostgreSQL is configured with LDAP authentication, and the LDAP\nconfiguration allows anonymous binds, it is possible for a user to\nauthenticate themselves with an empty password. (The old stable\ndistribution (etch) is not affected by this issue.)
In addition, this update contains reliability improvements which do\nnot target security issues.
\nFor the old stable distribution (etch), these problems have been fixed\nin version 7.4.26-0etch1 of the postgresql-7.4 source package, and\nversion 8.1.18-0etch1 of the postgresql-8.1 source package.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 8.3.8-0lenny1 of the postgresql-8.3 source package.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8.3.8-1 of the postgresql-8.3 source package, and version\n8.4.1-1 of the postgresql-8.4 source package.
\nWe recommend that you upgrade your PostgreSQL packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo vulnerabilities have been discovered in Undertow, a web server\nwritten in Java, which may lead to denial of service or HTTP request\nsmuggling.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.4.8-1+deb9u1.
\nFor the testing distribution (buster), these problems have been fixed\nin version 1.4.18-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.18-1.
\nWe recommend that you upgrade your undertow packages.
\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.54, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.54-0+deb8u1.
\nWe recommend that you upgrade your mysql-5.5 packages.
\nIt was discovered that the IPv6 support code in Squid does not\nproperly handle certain DNS responses, resulting in deallocation of an\ninvalid pointer and a daemon crash.
\nThe squid package and the version of Squid\u00a03 shipped in lenny lack IPv6\nsupport and are not affected by this issue.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze2.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 3.1.18-1.
\nWe recommend that you upgrade your squid3 packages.
\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, information leaks, or potentially, the execution of\narbitrary code with the privileges of the user running the application.
\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 2.9.1+dfsg1-5+deb8u5.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.9.4+dfsg1-2.2+deb9u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-3.1.
\nWe recommend that you upgrade your libxml2 packages.
\nMultiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:
\nThe SYSENTER instruction can be used by PV guests to accelerate\n system call processing. This instruction, however, leaves the EFLAGS\n register mostly unmodified. This can be used by malicious or buggy\n user space to cause the entire host to crash.
Various IRQ related access control operations may not have the\n intended effect, potentially permitting a stub domain to grant its\n client domain access to an IRQ it doesn't have access to itself.\n This can be used by malicious or buggy stub domains kernels to mount\n a denial of service attack possibly affecting the whole system.
For the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-5.9.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems will be fixed soon.
\nWe recommend that you upgrade your xen packages.
\nKjetil Kjernsmo discovered a bug in libimager-perl, a Perl extension\nfor generating 24 bit images, which can lead to a segmentation fault\nif it operates on 4-channel JPEG images.
\nThe old stable distribution (woody) does not contain this package.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.44-1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.50-1.
\nWe recommend that you upgrade your libimager-perl package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the ClamAV\nanti-virus toolkit, which may lead to denial of service and potentially\nto the execution of arbitrary code. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nDamian Put discovered an integer overflow in the PE header parser.\n This is only exploitable if the ArchiveMaxFileSize option is disabled.
Format string vulnerabilities in the logging code have been discovered,\n which might lead to the execution of arbitrary code.
David Luyer discovered, that ClamAV can be tricked into an invalid\n memory access in the cli_bitset_set() function, which may lead to\n a denial of service.
The old stable distribution (woody) doesn't contain clamav packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.8.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.88.1-1.
\nWe recommend that you upgrade your clamav package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nwebfs, a lightweight HTTP server for static content, contains a buffer\noverflow whereby a long Request-URI in an HTTP request could cause\narbitrary code to be executed.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.17.1.
\nThe old stable distribution (potato) does not contain a webfs package.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you update your webfs package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\ninfamous42md reported that proftpd suffers from two format string\nvulnerabilities. In the first, a user with the ability to create a\ndirectory could trigger the format string error if there is a\nproftpd shutdown message configured to use the \"%C\", \"%R\", or \"%U\"\nvariables. In the second, the error is triggered if mod_sql is used\nto retrieve messages from a database and if format strings have been\ninserted into the database by a user with permission to do so.
\nThe old stable distribution (woody) is not affected by these\nvulnerabilities.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.2.10-15sarge1. There was an error in the packages originally\nprepared for i386, which was corrected in 1.2.10-15sarge1.0.1 for i386.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.2.10-20.
\nWe recommend that you upgrade your proftpd package.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nMartin Thomson discovered that nss, the Mozilla Network Security Service\nlibrary, is prone to a use-after-free vulnerability in the TLS 1.2\nimplementation when handshake hashes are generated. A remote attacker\ncan take advantage of this flaw to cause an application using the nss\nlibrary to crash, resulting in a denial of service, or potentially to\nexecute arbitrary code.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2:3.26-1+debu8u3.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2:3.26.2-1.1+deb9u1.
\nFor the testing distribution (buster), this problem has been fixed\nin version 2:3.33-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.33-1.
\nWe recommend that you upgrade your nss packages.
\nSeveral vulnerabilities have been discovered in mapserver, a CGI-based\nweb framework to publish spatial data and interactive mapping applications.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:
\nSeveral instances of insufficient escaping of user input, leading to\n SQL injection attacks via OGC filter encoding (in WMS, WFS, and SOS\n filters).
Missing length checks in the processing of OGC filter encoding that can\n lead to stack-based buffer overflows and the execution of arbitrary code.
For the oldstable distribution (lenny), these problems have been fixed in\nversion 5.0.3-3+lenny7.
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 5.6.5-2+squeeze2.
\nFor the testing (squeeze) and unstable (sid) distributions, these problems\nwill be fixed soon.
\nWe recommend that you upgrade your mapserver packages.
\nGoogle, Inc. discovered that the TurkTrust certification authority\nincluded in the Network Security Service libraries (nss) mis-issued\ntwo intermediate CAs which could be used to generate rogue end-entity\ncertificates. This update explicitly distrusts those two intermediate\nCAs. The two existing TurkTrust root CAs remain active.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.12.8-1+squeeze6.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2:3.13.6-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.14.1.with.ckbi.1.93-1.
\nWe recommend that you upgrade your nss packages.
\nMultiple vulnerabilities have been discovered in GnuTLS, a library\nimplementing the TLS and SSL protocols. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nGnuTLS does not verify the RSA PKCS #1 signature algorithm to match\n the signature algorithm in the certificate, leading to a potential\n downgrade to a disallowed algorithm without detecting it.
It was reported that GnuTLS does not check whether the two signature\n algorithms match on certificate import.
For the stable distribution (wheezy), these problems have been fixed in\nversion 2.12.20-8+deb7u3.
\nWe recommend that you upgrade your gnutls26 packages.
\nA bug was discovered in vbox3, a voice response system for isdn4linux,\nwhereby root privileges were not properly relinquished before\nexecuting a user-supplied tcl script. By exploiting this\nvulnerability, a local user could gain root privileges.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 0.1.7.1.
\nFor the unstable distribution, this problem has been fixed in version 0.1.8.
\nWe recommend that you update your vbox3 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nPeter De Wachter discovered that CUPS, the Common UNIX Printing\nSystem, did not correctly parse compressed raster files. By submitting\na specially crafted raster file, a remote attacker could use this\nvulnerability to trigger a buffer overflow.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.5.3-5+deb7u5.
\nFor the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 1.7.5-11.
\nWe recommend that you upgrade your cups packages.
\njaguar@felinemenace.org discovered a vulnerability in jftpgw, an FTP\nproxy program, whereby a remote user could potentially cause arbitrary\ncode to be executed with the privileges of the jftpgw server process.\nBy default, the server runs as user \"nobody\".
\nCAN-2004-0448: format string vulnerability via syslog(3) in log()\nfunction
\nFor the current stable distribution (woody) this problem has been\nfixed in version 0.13.1-1woody1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.13.4-1.
\nWe recommend that you update your jftpgw package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJonathan Rockway discovered a buffer overflow in nasm, the\ngeneral-purpose x86 assembler, which could lead to the execution of\narbitrary code when compiling a maliciously crafted assembler source\nfile.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.98.28cvs-1woody2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.98.38-1.1.
\nWe recommend that you upgrade your nasm package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.
\nPuppet runs execs with an unintended group privileges,\n\tpotentially leading to privilege escalation.
The k5login type writes to untrusted locations,\n\tenabling local users to escalate their privileges\n\tif the k5login type is used.
For the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.7.11-1.
\nWe recommend that you upgrade your puppet packages.
\nSeveral vulnerabilities have been discovered in phpgroupware:
\nFor the stable distribution (woody), these problems have been fixed in\nversion 0.9.14-0.RC3.2.woody2.
\nFor the unstable distribution (sid), these problems will be fixed\nsoon. Refer to Debian bug #201980.
\nWe recommend that you update your phpgroupware package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nA cross-site scripting vulnerability has been detected in phpBB2, a\nfully featured and skinnable flat webforum software, that allows\nremote attackers to inject arbitrary web script or HTML via nested\ntags.
\nThe old stable distribution (woody) does not contain phpbb2.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.0.13-6sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.0.13-6sarge1.
\nWe recommend that you upgrade your phpbb2 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA symlink traversal vulnerability was discovered in MySQL, a\nrelational database server. The weakness could permit an attacker\nhaving both CREATE TABLE access to a database and the ability to\nexecute shell commands on the database server to bypass MySQL access\ncontrols, enabling them to write to tables in databases to which they\nwould not ordinarily have access.
\nThe Common Vulnerabilities and Exposures project identifies this\nvulnerability as CVE-2008-4098. Note that a closely aligned issue,\nidentified as CVE-2008-4097, was prevented by the update announced in\nDSA-1608-1. This new update supersedes that fix and mitigates both\npotential attack vectors.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch8.
\nWe recommend that you upgrade your mysql packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that an integer overflow in freexl, a library to parse\nMicrosoft Excel spreadsheets may result in denial of service if a\nmalformed Excel file is opened.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.0.0b-1+deb7u2.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.0.0g-1+deb8u2.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 1.0.2-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.2-1.
\nWe recommend that you upgrade your freexl packages.
\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nNeil Horman discovered a missing fix from the e1000 network\n driver. A remote user may cause a denial of service by way of a\n kernel panic triggered by specially crafted frame sizes.
Michael Tokarev discovered an issue in the r8169 network driver.\n Remote users on the same LAN may cause a denial of service by way\n of a kernel panic triggered by receiving a large size frame.
Frank Filz discovered that local users may be able to execute\n files without execute permission when accessed via an nfs4 mount.
Jeff Layton and Suresh Jayaraman fixed several buffer overflows in\n the CIFS filesystem which allow remote servers to cause memory\n corruption.
Tavis Ormandy and Julien Tinnes discovered an issue with how the\n sendpage function is initialized in the proto_ops structure.\n Local users can exploit this vulnerability to gain elevated\n privileges.
For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-24etch3.
\nThe following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | Debian 4.0 (etch) |
---|---|
fai-kernels | 1.17+etch.24etch3 |
user-mode-linux | 2.6.18-1um-2etch.24etch3 |
We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.
\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nEckehard Berns discovered a buffer overflow in the munpack program\nwhich is used for decoding (respectively) binary files in MIME\n(Multipurpose Internet Mail Extensions) format mail messages. If\nmunpack is run on an appropriately malformed email (or news article)\nthen it will crash, and perhaps can be made to run arbitrary code.
\nHerbert Xu reported a second vulnerability which affected malformed\nfilenames that refer to files in upper directories like \"../a\". The\nsecurity impact is limited, though, because only a single leading\n\"../\" was accepted and only new files can be created (i.e. no files\nwill be overwritten).
\nBoth problems have been fixed in version 1.5-5potato2 for the old\nstable distribution (potato), in version 1.5-7woody2 for the current\nstable distribution (woody) and in version 1.5-9 for the unstable\ndistribution (sid).
\nWe recommend that you upgrade your mpack package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that imlib2, a library to load and process several image\nformats, did not properly process various image file types.
\nSeveral heap and stack based buffer overflows - partly due to integer\noverflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can\nlead to the execution of arbitrary code via crafted image files.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.4.0-1.2+lenny1.
\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.4.2-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.2-1.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA vulnerability has been discovered in the Linux kernel that may lead\nto privilege escalation. The Common Vulnerabilities and Exposures\nproject identifies the following problem:
\nTavis Ormandy and Julien Tinnes discovered an issue with how the\n sendpage function is initialized in the proto_ops structure.\n Local users can exploit this vulnerability to gain elevated\n privileges.
For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.24-6~etchnhalf.8etch3.
\nWe recommend that you upgrade your linux-2.6.24 packages.
\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSteve Kemp from the Debian Security Audit project discovered that\ngfax, a GNOME frontend for fax programs, uses temporary files in an\nunsafe manner which may be exploited to execute arbitrary commands\nwith the privileges of the root user.
\nFor the old stable distribution (sarge) this problem has been fixed\nin version 0.4.2-11sarge1.
\nThe stable distribution (etch) is not affected by this problem.
\nThe unstable distribution (sid) is not affected by this problem.
\nWe recommend that you upgrade your gfax package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJohn Heasman from Next Generation Security Software discovered a heap\noverflow in the handling of Windows Metafiles in OpenOffice.org, the\nfree office suite, which could lead to a denial of service and\npotentially execution of arbitrary code.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.1.3-9sarge4.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.0.4-1.
\nWe recommend that you upgrade your openoffice.org package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA vulnerability has been discovered in the Open Ticket Request System,\nwhich can be exploited by malicious users to disclose potentially\nsensitive information.
\nAn attacker with a valid agent login could manipulate URLs in the ticket\nsplit mechanism to see contents of tickets they are not permitted to\nsee.
\nThe oldstable distribution (squeeze) is not affected by this issue.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.7+dfsg1-8+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 3.2.7-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.7-1.
\nWe recommend that you upgrade your otrs2 packages.
\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service or privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nKees Cook discovered an issue in the /proc filesystem that allows local\n users to gain access to sensitive process information after execution of a\n setuid binary.
Ryan Sweat discovered an issue in the VLAN implementation. Local users may\n be able to cause a kernel memory leak, resulting in a denial of service.
Vasiliy Kulikov of Openwall discovered that the number of exit handlers that\n a process can register is not capped, resulting in local denial of service\n through resource exhaustion (CPU time and memory).
Vasily Averin discovered an issue with the NFS locking implementation. A\n malicious NFS server can cause a client to hang indefinitely in an unlock\n call.
Marek Kroemeke and Filip Palian discovered that uninitialized struct\n elements in the Bluetooth subsystem could lead to a leak of sensitive kernel\n memory through leaked stack memory.
Vasiliy Kulikov of Openwall discovered that the io file of a process' proc\n directory was world-readable, resulting in local information disclosure of\n information such as password lengths.
Robert Swiecki discovered that mremap() could be abused for local denial of\n service by triggering a BUG_ON assert.
Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,\n which could lead to denial of service or privilege escalation.
It was discovered that the netlink-based wireless configuration interface\n performed insufficient length validation when parsing SSIDs, resulting in\n buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a\n denial of service.
Ben Pfaff reported an issue in the network scheduling code. A local user\n could cause a denial of service (NULL pointer dereference) by sending a\n specially crafted netlink message.
Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the\n driver for the Si4713 FM Radio Transmitter driver used by N900 devices.\n Local users could exploit this issue to cause a denial of service or\n potentially gain elevated privileges.
Brent Meshier reported an issue in the GRO (generic receive offload)\n implementation. This can be exploited by remote users to create a denial of\n service (system crash) in certain network device configurations.
Christian Ohm discovered that the perf
analysis tool searches for its\n config files in the current working directory. This could lead to denial of\n service or potential privilege escalation if a user with elevated privileges\n is tricked into running perf
in a directory under the control of the\n attacker.
Vasiliy Kulikov of Openwall discovered that a programming error in\n the Comedi driver could lead to the information disclosure through\n leaked stack memory.
Vince Weaver discovered that incorrect handling of software event overflows\n in the perf
analysis tool could lead to local denial of service.
Timo Warns discovered that insufficient validation of Be filesystem images\n could lead to local denial of service if a malformed filesystem image is\n mounted.
Dan Kaminsky reported a weakness of the sequence number generation in the\n TCP protocol implementation. This can be used by remote attackers to inject\n packets into an active session.
Darren Lavender reported an issue in the Common Internet File System (CIFS).\n A malicious file server could cause memory corruption leading to a denial of\n service.
This update also includes a fix for a regression introduced with the previous\nsecurity fix for CVE-2011-1768\n(Debian bug #633738).\n
\nFor the stable distribution (squeeze), this problem has been fixed in version\n2.6.32-35squeeze2. Updates for issues impacting the oldstable distribution\n(lenny) will be available soon.
\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | Debian 6.0 (squeeze) |
---|---|
user-mode-linux | 2.6.32-1um-4+35squeeze2 |
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
\nIt was discovered that crashes in the Javascript engine of Iceweasel,\nan unbranded version of the Firefox browser, could potentially lead to\nthe execution of arbitrary code.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.0.0.14-0etch1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0.14-1.
\nWe recommend that you upgrade your iceweasel package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,\nPICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u9.
\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 8:6.9.7.4+dfsg-8.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-8.
\nWe recommend that you upgrade your imagemagick packages.
\nIt was discovered that an integer overflow in the \"Probe Request\" packet\nparser of the Ralinktech wireless drivers might lead to remote denial of\nservice or the execution of arbitrary code.
\nPlease note that you need to rebuild your driver from the source\npackage in order to set this update into effect. Detailed\ninstructions can be found in /usr/share/doc/rt2400-source/README.Debian
\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.2.2+cvs20060620-4+etch1.
\nFor the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version\n1.2.2+cvs20080623-3.
\nWe recommend that you upgrade your rt2400 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nRobert Luberda found a security problem in smb2www, a Windows Network\nclient that is accessible through a web browser. This could lead a\nremote attacker to execute arbitrary programs under the user id\nwww-data on the host where smb2www is running.
\nThis problem has been fixed in version 980804-16.1 for the current\nstable distribution (woody), in version 980804-8.1 of the old stable\ndistribution (potato) and in version 980804-17 for the unstable\ndistribution (sid).
\nWe recommend that you upgrade your smb2www package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nLaurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the\nexecution of arbitrary code (CVE-2012-0068).\n
\nThis update also addresses several bugs, which can lead to crashes of\nWireshark. These are not treated as security issues, but are fixed\nnonetheless if security updates are scheduled: CVE-2011-3483,\nCVE-2012-0041,\nCVE-2012-0042,\nCVE-2012-0066 and\nCVE-2012-0067.\n
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.5-1.
\nWe recommend that you upgrade your wireshark packages.
\nSebastian Krahmer and Marius Tomaschewski discovered that dhclient of\ndhcp3, a DHCP client, is not properly filtering shell meta-characters\nin certain options in DHCP server responses. These options are reused in\nan insecure fashion by dhclient scripts. This allows an attacker to execute\narbitrary commands with the privileges of such a process by sending crafted\nDHCP options to a client using a rogue server.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.1.1-6+lenny5.
\nFor the stable (squeeze), testing (wheezy) and unstable (sid) distributions,\nthis problem has been fixed in an additional update for isc-dhcp.
\nWe recommend that you upgrade your dhcp3 packages.
\nA stack overflow vulnerability was discovered within the\ngdImageFillToBorder function in libgd2, a library for programmatic\ngraphics creation and manipulation, triggered when invalid colors are\nused with truecolor images. A remote attacker can take advantage of this\nflaw to cause a denial-of-service against an application using the\nlibgd2 library.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-5+deb8u8.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 2.2.2-29-g3c2b605-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.2.2-29-g3c2b605-1.
\nWe recommend that you upgrade your libgd2 packages.
\nZen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in gnome-gv. This problem\nis triggered by scanning the PostScript file and can be exploited by\nan attacker sending a malformed PostScript or PDF file. The attacker\nis able to cause arbitrary code to be run with the privileges of the\nvictim.
\nThis problem has been fixed in version 1.1.96-3.1 for the current\nstable distribution (woody), in version 0.82-2.1 for the old stable\ndistribution (potato) and version 1.99.7-9 for the unstable\ndistribution (sid).
\nWe recommend that you upgrade your gnome-gv package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that a buffer overflow in the ENTTEC dissector may\nlead to the execution of arbitrary code.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny12.
\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.11-6.
\nWe recommend that you upgrade your wireshark packages.
\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/
\nSeveral problems have been discovered in Mozilla, the web browser of\nthe Mozilla suite. Since the usual praxis of backporting apparently\ndoes not work for this package, this update is basically version\n1.7.10 with the version number rolled back, and hence still named\n1.7.8. The Common Vulnerabilities and Exposures project identifies\nthe following problems:
\nA vulnerability has been discovered in Mozilla that allows remote\n attackers to inject arbitrary Javascript from one page into the\n frameset of another site.
The browser user interface does not properly distinguish between\n user-generated events and untrusted synthetic events, which makes\n it easier for remote attackers to perform dangerous actions that\n normally could only be performed manually by the user.
XML scripts ran even when Javascript disabled.
It is possible for a remote attacker to execute a callback\n function in the context of another domain (i.e. frame).
Missing input sanitising of InstallVersion.compareTo() can cause\n the application to crash.
Remote attackers could steal sensitive information such as cookies\n and passwords from web sites by accessing data in alien frames.
It is possible for a Javascript dialog box to spoof a dialog box\n from a trusted site and facilitates phishing attacks.
Remote attackers could modify certain tag properties of DOM nodes\n that could lead to the execution of arbitrary script or code.
The Mozilla browser family does not properly clone base objects,\n which allows remote attackers to execute arbitrary code.
For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.7.10-1.
\nWe recommend that you upgrade your Mozilla packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nUlf H\u00e4rnhammar from the Debian Security Audit Project\ndiscovered a format string\nvulnerability in hsftp. This vulnerability could be exploited by an\nattacker able to create files on a remote server with carefully\ncrafted names, to which a user would connect using hsftp. When the\nuser requests a directory listing, particular bytes in memory could be\noverwritten, potentially allowing arbitrary code to be executed with\nthe privileges of the user invoking hsftp.
\nNote that while hsftp is installed setuid root, it only uses these\nprivileges to acquire locked memory, and then relinquishes them.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 1.11-1woody1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you update your hsftp package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.
\nWe recommend that you upgrade your icedove packages.
\nA number of vulnerabilities have been discovered in the Linux kernel.
\nCVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a binary compatibility interface\n (lcall).
\nCAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets.
\nCAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel.
\nCAN-2003-0244: The route cache implementation in Linux 2.4, and the\n Netfilter IP conntrack module, allows remote attackers to cause a\n denial of service (CPU consumption) via packets with forged source\n addresses that cause a large number of hash table collisions related\n to the PREROUTING chain.
\nCAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\n earlier does not properly restrict privileges, which allows local\n users to gain read or write access to certain I/O ports.
\nCAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel\n 2.4 allows attackers to cause a denial of service (\"kernel oops\").
\nCAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\n to modify CPU state registers via a malformed address.
\nCAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions.
\nThis advisory covers only the i386 (Intel IA32) architectures. Other\narchitectures will be covered by separate advisories.
\nFor the stable distribution (woody) on the i386 architecture, these\nproblems have been fixed in kernel-source-2.4.18 version 2.4.18-9,\nkernel-image-2.4.18-1-i386 version 2.4.18-8, and\nkernel-image-2.4.18-i386bf version 2.4.18-5woody1.
\nFor the unstable distribution (sid) these problems are fixed in the\n2.4.20 series kernels based on Debian sources.
\nWe recommend that you update your kernel packages.
\nIf you are using the kernel installed by the installation system when\nthe \"bf24\" option is selected (for a 2.4.x kernel), you should install\nthe kernel-image-2.4.18-bf2.4 package. If you installed a different\nkernel-image package after installation, you should install the\ncorresponding 2.4.18-1 kernel. You may use the table below as a\nguide.
\n\n| If \"uname -r\" shows: | Install this package:\n| 2.4.18-bf2.4 | kernel-image-2.4.18-bf2.4\n| 2.4.18-386 | kernel-image-2.4.18-1-386\n| 2.4.18-586tsc | kernel-image-2.4.18-1-586tsc\n| 2.4.18-686 | kernel-image-2.4.18-1-686\n| 2.4.18-686-smp | kernel-image-2.4.18-1-686-smp\n| 2.4.18-k6 | kernel-image-2.4.18-1-k6\n| 2.4.18-k7 | kernel-image-2.4.18-1-k7\n\n
NOTE: that this kernel is not binary compatible with the previous\nversion. For this reason, the kernel has a different version number\nand will not be installed automatically as part of the normal upgrade\nprocess. Any custom modules will need to be rebuilt in order to work\nwith the new kernel. New PCMCIA modules are provided for all of the\nabove kernels.
\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that gaim, an multi-protocol instant messaging client,\nwas vulnerable to several integer overflows in its MSN protocol handlers.\nThese could allow a remote attacker to execute arbitrary code.
\nFor the stable distribution (etch), this problem has been fixed in version\n1:2.0.0+beta5-10etch1.
\nFor the unstable distribution (sid), this package is not present.
\nWe recommend that you upgrade your gaim package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral security related problems have been discovered in Mozilla.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities:
\nEric Foley discovered that a user can be tricked to expose a local\n file to a remote attacker by displaying a local file as image in\n connection with other vulnerabilities. [MFSA-2006-39]
XUL attributes are associated with the wrong URL under certain\n circumstances, which might allow remote attackers to bypass\n restrictions. [MFSA-2006-35]
Paul Nickerson discovered that content-defined setters on an\n object prototype were getting called by privileged user interface\n code, and \"moz_bug_r_a4\" demonstrated that the higher privilege\n level could be passed along to the content-defined attack code.\n [MFSA-2006-37]
A vulnerability allows remote attackers to execute arbitrary code\n and create notifications that are executed in a privileged\n context. [MFSA-2006-43]
Mikolaj Habryn discovered a buffer overflow in the crypto.signText function\n that allows remote attackers to execute arbitrary code via certain\n optional Certificate Authority name arguments. [MFSA-2006-38]
Mozilla team members discovered several crashes during testing of\n the browser engine showing evidence of memory corruption which may\n also lead to the execution of arbitrary code. This problem has\n only partially been corrected. [MFSA-2006-32]
An integer overflow allows remote attackers to cause a denial of\n service and may permit the execution of arbitrary code.\n [MFSA-2006-32]
Chuck McAuley discovered that a text input box can be pre-filled\n with a filename and then turned into a file-upload control,\n allowing a malicious website to steal any local file whose name\n they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]
Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)\n is stripped from UTF-8 pages during the conversion to Unicode\n before the parser sees the web page, which allows remote attackers\n to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42]
Paul Nickerson discovered that the fix for CVE-2005-0752 can be\n bypassed using nested javascript: URLs, allowing the attacker to\n execute privileged code. [MFSA-2005-34, MFSA-2006-36]
Paul Nickerson demonstrated that if an attacker could convince a\n user to right-click on a broken image and choose \"View Image\" from\n the context menu then he could get JavaScript to\n run. [MFSA-2006-34]
Kazuho Oku discovered that Mozilla's lenient handling of HTTP\n header syntax may allow remote attackers to trick the browser to\n interpret certain responses as if they were responses from two\n different sites. [MFSA-2006-33]
The Mozilla researcher \"moz_bug_r_a4\" discovered that JavaScript\n run via EvalInSandbox can escape the sandbox and gain elevated\n privilege. [MFSA-2006-31]
For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge9.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.5.dfsg+1.5.0.4-1.
\nWe recommend that you upgrade your Mozilla Firefox packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAn array index error in zaptel, a set of drivers for telephony hardware,\ncould allow users to crash the system or escalate their privileges by\noverwriting kernel memory (CVE-2008-5396).
\nFor the stable distribution (etch), this problem has been fixed in version\n1.2.11.dfsg-1+etch1.
\nFor the unstable distribution (sid) and the testing distribution\n(lenny), this problem has been fixed in version 1.4.11~dfsg-3.
\nWe recommend that you upgrade your zaptel package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral denial-of-service issues have been discovered in Tor, a\nconnection-based low-latency anonymous communication system.
\nJowr discovered that very high DNS query load on a relay could\n trigger an assertion error.
A relay could crash with an assertion error if a buffer of exactly\n the wrong layout was passed to buf_pullup() at exactly the wrong\n time.
For the stable distribution (wheezy), these problems have been fixed\nin version 0.2.4.26-1.
\nFor the testing distribution (jessie) and unstable distribution (sid),\nthese problems have been fixed in version 0.2.5.11-1.
\nFurthermore, this update disables support for SSLv3 in Tor. All\nversions of OpenSSL in use with Tor today support TLS 1.0 or later.
\nAdditionally, this release updates the geoIP database used by Tor as\nwell as the list of directory authority servers, which Tor clients use\nto bootstrap and who sign the Tor directory consensus document.
\nWe recommend that you upgrade your tor packages.
\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit project\ndiscovered that two scripts in the dhis-tools-dns package, DNS\nconfiguration utilities for a dynamic host information System, which\nare usually executed by root, create temporary files in an insecure\nfashion.
\nThe old stable distribution (woody) does not contain a dhis-tools-dns\npackage.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 5.0-3sarge1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 5.0-5.
\nWe recommend that you upgrade your dhis-tools-dns package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAccording to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several remotely exploitable vulnerabilities have been found\nin the Apache package, a commonly used webserver. These\nvulnerabilities could allow an attacker to enact a denial of service\nagainst a server or execute a cross scripting attack. The Common\nVulnerabilities and Exposures (CVE) project identified the following\nvulnerabilities:
\nThis is the same vulnerability as CAN-2002-1233, which was fixed in\n potato already but got lost later and was never applied upstream.
These problems have been fixed in version 1.3.26-0woody3 for the\ncurrent stable distribution (woody) and in 1.3.9-14.3 for the old\nstable distribution (potato). Corrected packages for the unstable\ndistribution (sid) are expected soon.
\nWe recommend that you upgrade your Apache package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nUlf H\u00e4rnhammar from the Debian Security Audit Project\ndiscovered a vulnerability in\nsynaesthesia, a program which represents sounds visually.\nsynaesthesia created its configuration file while holding root\nprivileges, allowing a local user to create files owned by root and\nwritable by the user's primary group. This type of vulnerability can\nusually be easily exploited to execute arbitrary code with root\nprivileges by various means.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 2.1-2.1woody1.
\nThe unstable distribution (sid) is not affected by this problem, because\nsynaesthesia is no longer setuid.
\nWe recommend that you update your synaesthesia package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities were discovered in Django, a high-level Python\nweb development framework:
\nEric Peterson and Lin Hua Cheng discovered that a new empty record\n used to be created in the session storage every time a session was\n accessed and an unknown session key was provided in the request\n cookie. This could allow remote attackers to saturate the session\n store or cause other users' session records to be evicted.
Sjoerd Job Postmus discovered that some built-in validators did not\n properly reject newlines in input values. This could allow remote\n attackers to inject headers in emails and HTTP responses.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.4.5-1+deb7u12.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.7.7-1+deb8u1.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your python-django packages.
\nChristian Boxd\u00f6rfer discovered a vulnerability in the handling of\nFreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME\ndesktop environment. An attacker can craft a .desktop file intended to run\nmalicious commands but displayed as a innocuous document file in Nautilus. An\nuser would then trust it and open the file, and Nautilus would in turn execute\nthe malicious content. Nautilus protection of only trusting .desktop files with\nexecutable permission can be bypassed by shipping the .desktop file inside a\ntarball.
\nFor the oldstable distribution (jessie), this problem has not been fixed yet.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 3.22.3-1+deb9u1.
\nFor the testing distribution (buster), this problem has been fixed\nin version 3.26.0-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.26.0-1.
\nWe recommend that you upgrade your nautilus packages.
\nIt was discovered that the Apache web server did not properly handle\nthe \"Options=\" parameter to the AllowOverride directive:
\nIn the stable distribution (lenny), local users could (via .htaccess)\nenable script execution in Server Side Includes even in configurations\nwhere the AllowOverride directive contained only\nOptions=IncludesNoEXEC.
In the oldstable distribution (etch), local users could (via\n.htaccess) enable script execution in Server Side Includes and CGI\nscript execution in configurations where the AllowOverride directive\ncontained any \"Options=\" value.
The oldstable distribution (etch), this problem has been fixed in\nversion 2.2.3-4+etch8.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.2.9-10+lenny3.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed in version 2.2.11-6.
\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages (except for the\ns390 architecture where updated packages will follow shortly).
\nWe recommend that you upgrade your apache2 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAn interpretation conflict can cause the Active Record component of\nRails, a web framework for the Ruby programming language, to truncate\nqueries in unexpected ways. This may allow attackers to elevate their\nprivileges.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze5.
\nWe recommend that you upgrade your rails packages.
\nMarcus Meissner discovered that the PulseAudio sound server performed\ninsufficient checks when dropping privileges, which could lead to local\nprivilege escalation.
\nThe old stable distribution (sarge) doesn't contain pulseaudio.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.9.5-5etch1.
\nWe recommend that you upgrade your pulseaudio packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in Xulrunner, the\ncomponent that provides the core functionality of Iceweasel, Debian's\nvariant of Mozilla's browser technology.
\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nXulrunner allows remote attackers to execute arbitrary code\n\tvia vectors related to nsCSSFrameConstructor::ContentAppended,\n\tthe appendChild method, incorrect index tracking, and the\n\tcreation of multiple frames, which triggers memory corruption.
Multiple unspecified vulnerabilities in the browser engine in\n\tXulrunner allow remote attackers to cause a denial of service\n\t(memory corruption and application crash) or possibly execute\n\tarbitrary code via unknown vectors.
Multiple cross-site scripting (XSS) vulnerabilities in the\n\tGopher parser in Xulrunner allow remote attackers to inject\n\tarbitrary web script or HTML via a crafted name of a (1) file\n\tor (2) directory on a Gopher server.
Xulrunner does not properly handle certain modal calls made by\n\tjavascript: URLs in circumstances related to opening a new\n\twindow and performing cross-domain navigation, which allows\n\tremote attackers to bypass the Same Origin Policy via a\n\tcrafted HTML document.
Stack-based buffer overflow in the text-rendering\n\tfunctionality in Xulrunner allows remote attackers to execute\n\tarbitrary code or cause a denial of service (memory corruption\n\tand application crash) via a long argument to the\n\tdocument.write method.
Use-after-free vulnerability in the nsBarProp function in\n\tXulrunner allows remote attackers to execute arbitrary code by\n\taccessing the locationbar property of a closed window.
The LookupGetterOrSetter function in Xulrunner does not\n\tproperly support window.__lookupGetter__ function calls that\n\tlack arguments, which allows remote attackers to execute\n\tarbitrary code or cause a denial of service (incorrect pointer\n\tdereference and application crash) via a crafted HTML\n\tdocument.
In addition, this security update includes corrections for regressions\ncaused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1\nand DSA-2106-1.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-6.
\nFor the unstable distribution (sid) and the upcoming stable\ndistribution (squeeze), these problems have been fixed in version\n3.5.15-1 of the iceweasel package.
\nWe recommend that you upgrade your Xulrunner packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nR\u00e9mi Perrot fixed several security related bugs in the bonsai, the\nMozilla CVS query tool by web interface. Vulnerabilities include\narbitrary code execution, cross-site scripting and access to\nconfiguration parameters. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.3+cvs20020224-1woody1.
\nThe old stable distribution (potato) is not affected since it doesn't\ncontain bonsai.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.3+cvs20030317-1.
\nWe recommend that you upgrade your bonsai package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nThe rsync developers have discovered a security related problem in\nrsync, a fast remote file copy program, which offers an attacker to\naccess files outside of the defined directory. To exploit this\npath-sanitizing bug, rsync has to run in daemon mode with the chroot\noption being disabled. It does not affect the normal send/receive\nfilenames that specify what files should be transferred. It does\naffect certain option paths that cause auxiliary files to be read or\nwritten.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.5.5-0.6.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.6.2-3.
\nWe recommend that you upgrade your rsync package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSebastian Krahmer discovered that rsync, a fast remote file copy program,\ncontains an off-by-one error which might allow remote attackers to execute\narbitrary code via long directory names.
\nFor the old stable distribution (sarge), this problem is not present.
\nFor the stable distribution (etch), this problem has been fixed in version\n2.6.9-2etch1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your rsync package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering\nservices for several other applications included in Debian.
\nRoberto Suggi Liverani discovered that the sanitising performed by\n ParanoidFragmentSink was incomplete.
Zach Hoffmann discovered that incorrect parsing of recursive eval()\n calls could lead to attackers forcing acceptance of a confirmation\n dialogue.
Crashes in the layout engine may lead to the execution of arbitrary\n code.
Christian Holler discovered buffer overflows in the Javascript engine,\n which could allow the execution of arbitrary code.
regenrecht
and Igor Bukanov discovered a use-after-free error in the\n JSON-Implementation, which could lead to the execution of arbitrary code.
Daniel Kozlowski discovered that incorrect memory handling the web workers\n implementation could lead to the execution of arbitrary code.
Peleus Uhley discovered a cross-site request forgery risk in the plugin\n code.
For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-8 of the xulrunner source package.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-5.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.17-1.
\nWe recommend that you upgrade your iceweasel packages.
\nSeveral remote vulnerabilities have been discovered in Gimp, the GNU Image\nManipulation Program, which might lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:
\nSean Larsson discovered several integer overflows in the processing\n code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead\n to the execution of arbitrary code if a user is tricked into opening\n such a malformed media file.
Stefan Cornelius discovered an integer overflow in the processing\n code for PSD images, which might lead to the execution of arbitrary\n code if a user is tricked into opening such a malformed media file.
For the oldstable distribution (sarge) these problems have been fixed in\nversion 2.2.6-1sarge4. Packages for mips and mipsel are not yet\navailable.
\nFor the stable distribution (etch) these problems have been fixed\nin version 2.2.13-1etch4. Packages for mips are not yet available.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.2.17-1.
\nWe recommend that you upgrade your gimp packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nfetchmail
while doing a security audit. In both the IMAP code\nand the POP3 code, the input isn't verified even though it's used to store\na number in an array. Since\nno bounds checking is done this can be used by an attacker to write\narbitrary data in memory. An attacker can use this if they can get a user\nto transfer mail from a custom IMAP or POP3 server they control.\nThis has been fixed in version 5.3.3-3, we recommend that you\nupdate your fetchmail
packages immediately.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nDylan Simon discovered that gitolite, a SSH-based gatekeeper for Git\nrepositories, is prone to directory traversal attacks when restricting\nadmin defined commands (ADC). This allows an attacker to execute arbitrary\ncommands with privileges of the gitolite server via crafted command names.
\nPlease note that this only affects installations that have ADC enabled\n(not the Debian default).
\nThe oldstable distribution (lenny) is not affected by this problem,\nit does not include gitolite.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.5.4-2+squeeze1.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.5.7-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.7-2.
\nWe recommend that you upgrade your gitolite packages.
\nTavis Ormandy discovered several integer overflows in FreeType, a library\nto process and access font files, resulting in heap- or stack-based\nbuffer overflows leading to application crashes or the execution\nof arbitrary code via a crafted font file.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.2.1-5+etch4.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny1.
\nFor the testing distribution (squeeze), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.9-4.1.
\nWe recommend that you upgrade your freetype packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\ninfamous41md reported multiple integer overflows in the Sbus PROM\n driver that would allow for a DoS (Denial of Service) attack by a\n local user, and possibly the execution of arbitrary code.
Doug Chapman discovered a potential local DoS (deadlock) in the mincore\n function caused by improper lock handling.
Eric Sandeen provided a fix for a local memory corruption vulnerability\n resulting from a misinterpretation of return values when operating on\n inodes which have been marked bad.
LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted cramfs filesystem.
LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted ext3 filesystem.
LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted ext2 filesystem.
Marcel Holtman discovered multiple buffer overflows in the Bluetooth\n subsystem which can be used to trigger a remote DoS (crash) and potentially\n execute arbitrary code.
Ilja van Sprundel discovered that kernel memory could be leaked via the\n Bluetooth setsockopt call due to an uninitialized stack buffer. This\n could be used by local attackers to read the contents of sensitive kernel\n memory.
Masayuki Nakagawa discovered that flow labels were inadvertently\n being shared between listening sockets and child sockets. This defect\n can be exploited by local users to cause a DoS (Oops).
Thomas Graf reported a typo in the DECnet protocol handler that could\n be used by a local attacker to overrun an array via crafted packets,\n potentially resulting in a Denial of Service (system crash).\n A similar issue exists in the IPV4 protocol handler and will be fixed\n in a subsequent update.
Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused\n by releasing a socket before PPPIOCGCHAN is called upon it. This could\n be used by a local user to DoS a system by consuming all available memory.
Wojciech Purczynski discovered that pdeath_signal was not being reset\n properly under certain conditions which may allow local users to gain\n privileges by sending arbitrary signals to suid binaries.
Alan Cox reported an issue in the aacraid driver that allows unprivileged\n local users to make ioctl calls which should be restricted to admin\n privileges.
PaX team discovered an issue in the random driver where a defect in the\n reseeding code leads to a reduction in entropy.
Alex Smith discovered an issue with the pwc driver for certain webcam\n devices. If the device is removed while a userspace application has it\n open, the driver will wait for userspace to close the device, resulting\n in a blocked USB subsystem. This issue is of low security impact as\n it requires the attacker to either have physical access to the system\n or to convince a user with local access to remove the device on their\n behalf.
Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl\n handling, exploitable by a local user.
ADLAB discovered a possible memory overrun in the ISDN subsystem that\n may permit a local user to overwrite kernel memory by issuing\n ioctls with unterminated data.
Blake Frantz discovered that when a core file owned by a non-root user\n exists, and a root-owned process dumps core over it, the core file\n retains its original ownership. This could be used by a local user to\n gain access to sensitive information.
Cyrill Gorcunov reported a NULL pointer dereference in code specific\n to the CHRP PowerPC platforms. Local users could exploit this issue\n to achieve a Denial of Service (DoS).
Nick Piggin of SuSE discovered a number of issues in subsystems which\n register a fault handler for memory mapped areas. This issue can be\n exploited by local users to achieve a Denial of Service (DoS) and possibly\n execute arbitrary code.
The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | Debian 3.1 (sarge) |
---|---|
alsa-modules-i386 | 1.0.8+2sarge2 |
kernel-image-2.4.27-arm | 2.4.27-2sarge6 |
kernel-image-2.4.27-m68k | 2.4.27-3sarge6 |
kernel-image-speakup-i386 | 2.4.27-1.1sarge5 |
kernel-image-2.4.27-alpha | 2.4.27-10sarge6 |
kernel-image-2.4.27-s390 | 2.4.27-2sarge6 |
kernel-image-2.4.27-sparc | 2.4.27-9sarge6 |
kernel-image-2.4.27-i386 | 2.4.27-10sarge6 |
kernel-image-2.4.27-ia64 | 2.4.27-10sarge6 |
kernel-patch-2.4.27-mips | 2.4.27-10.sarge4.040815-3 |
kernel-patch-powerpc-2.4.27 | 2.4.27-10sarge6 |
kernel-latest-2.4-alpha | 101sarge3 |
kernel-latest-2.4-i386 | 101sarge2 |
kernel-latest-2.4-s390 | 2.4.27-1sarge2 |
kernel-latest-2.4-sparc | 42sarge3 |
i2c | 1:2.9.1-1sarge2 |
lm-sensors | 1:2.9.1-1sarge4 |
mindi-kernel | 2.4.27-2sarge5 |
pcmcia-modules-2.4.27-i386 | 3.2.5+2sarge2 |
hostap-modules-i386 | 1:0.3.7-1sarge3 |
systemimager | 3.2.3-6sarge5 |
We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAndrew Carpenter of Critical Juncture discovered a cross-site scripting\nvulnerability affecting Action View in rails, a web application\nframework written in Ruby. Text declared as HTML safe
will not have\nquotes escaped when used as attribute values in tag helpers.
For the stable distribution (jessie), this problem has been fixed in\nversion 2:4.1.8-1+deb8u4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:4.2.7.1-1.
\nWe recommend that you upgrade your rails packages.
\nIt was discovered that incorrect error handling in the NIO HTTP\nconnector of the Tomcat servlet and JSP engine could result in\ninformation disclosure.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u6.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 8.5.9-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.5.9-1.
\nWe recommend that you upgrade your tomcat8 packages.
\nIt was discovered that WebCalendar, a PHP-based calendar application,\ninsufficiently protects an internal variable, which allows remote file\ninclusion.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge6.
\nThe upcoming stable distribution (etch) no longer contains webcalendar\npackages.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your webcalendar package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to the execution of arbitrary\ncode or denial of service. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nA NULL pointer dereference was found in the SMB/SMB2 dissectors.
Several buffer overflows were found in the LWRES dissector.
For the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny8.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.2.6-1.
\nWe recommend that you upgrade your Wireshark packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nacm, a multi-player aerial combat simulation, uses a network protocol\nbased on the same RPC implementation used in many C libraries. This\nimplementation was found to contain an integer overflow vulnerability\nwhich could be exploited to execute arbitrary code.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 5.0-3.woody.1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 5.0-10.
\nWe recommend that you update your acm package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that Lasso, a library for Liberty Alliance and SAML\nprotocols performs incorrect validation of the return value of OpenSSL's\nDSA_verify() function.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.6.5-3+etch1.
\nFor the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version 2.2.1-2.
\nWe recommend that you upgrade your lasso package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMichal Zalewski discovered that lynx, the popular text-mode WWW\nBrowser, is not able to grok invalid HTML including a TEXTAREA tag\nwith a large COLS value and a large tag name in an element that is not\nterminated, and loops forever trying to render the broken HTML.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.4.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.8.5-2sarge2.
\nWe recommend that you upgrade your lynx package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that there was a CSRF vulnerability in mailman, a\nweb-based mailing list manager, which could allow an attacker to obtain\na user's password.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:2.1.18-2+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.1.23-1.
\nWe recommend that you upgrade your mailman packages.
\nMultiple vulnerabilities were discovered in the poppler PDF rendering\nlibrary.
\nMultiple invalid memory access issues, which could potentially lead\n to arbitrary code execution if the user were tricked into opening a\n malformed PDF document.
An uninitialized memory issue, which could potentially lead to\n arbitrary code execution if the user were tricked into opening a\n malformed PDF document.
For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.12.4-1.2+squeeze3.
\nFor the stable (wheezy), testing (jessie), and unstable (sid)\ndistributions, these problems have been fixed in version 0.18.4-6.
\nWe recommend that you upgrade your poppler packages.
\nEvgeny Kotkov discovered a NULL pointer dereference while processing\nREPORT requests in mod_dav_svn, the Subversion component which is used\nto serve repositories with the Apache web server. A remote attacker\ncould abuse this vulnerability for a denial of service.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.6.17dfsg-4+deb7u7.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.10-5.
\nWe recommend that you upgrade your subversion packages.
\nSeveral remote vulnerabilities have been discovered in Iceape an\nunbranded version of the Seamonkey internet suite. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nJustin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the\n execution of arbitrary code. (MFSA 2008-37)
It was discovered that a buffer overflow in MIME decoding can lead\n to the execution of arbitrary code. (MFSA 2008-26)
It was discovered that missing boundary checks on a reference\n counter for CSS objects can lead to the execution of arbitrary code.\n (MFSA 2008-34)
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code. (MFSA 2008-21)
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in\n the Javascript engine, which might allow the execution of arbitrary\n code. (MFSA 2008-21)
\"moz_bug_r_a4\" discovered several cross-site scripting vulnerabilities.\n (MFSA 2008-22)
Collin Jackson and Adam Barth discovered that Javascript code\n could be executed in the context or signed JAR archives. (MFSA 2008-23)
\"moz_bug_r_a4\" discovered that XUL documements can escalate\n privileges by accessing the pre-compiled \"fastload\" file.\n (MFSA 2008-24)
\"moz_bug_r_a4\" discovered that missing input sanitising in the\n mozIJSSubScriptLoader.loadSubScript() function could lead to the\n execution of arbitrary code. Iceape itself is not affected, but\n some addons are. (MFSA 2008-25)
Claudio Santambrogio discovered that missing access validation in\n DOM parsing allows malicious web sites to force the browser to\n upload local files to the server, which could lead to information\n disclosure. (MFSA 2008-27)
Daniel Glazman discovered that a programming error in the code for\n parsing .properties files could lead to memory content being\n exposed to addons, which could lead to information disclosure.\n (MFSA 2008-29)
Masahiro Yamada discovered that file URLs in directory listings\n were insufficiently escaped. (MFSA 2008-30)
John G. Myers, Frank Benkstein and Nils Toedtmann discovered that\n alternate names on self-signed certificates were handled\n insufficiently, which could lead to spoofings of secure connections.\n (MFSA 2008-31)
It was discovered that URL shortcut files could be used to bypass the\n same-origin restrictions. This issue does not affect current Iceape,\n but might occur with additional extensions installed. (MFSA 2008-32)
Greg McManus discovered a crash in the block reflow code, which might\n allow the execution of arbitrary code. (MFSA 2008-33)
Billy Rios discovered that passing an URL containing a pipe symbol\n to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35)
\"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38)
\"moz_bug_r_a4\" discovered that several vulnerabilities in\n feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39)
Paul Nickerson discovered that an attacker could move windows\n during a mouse click, resulting in unwanted action triggered by\n drag-and-drop. (MFSA 2008-40)
\"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)
\"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)
Olli Pettay and \"moz_bug_r_a4\" discovered a Chrome privilege\n escalation vulnerability in XSLT handling. (MFSA 2008-41)
Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code. (MFSA 2008-42)
Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code. (MFSA 2008-42)
Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.\n (MFSA 2008-43)
Boris Zbarsky discovered that resource: URLs allow directory\n traversal when using URL-encoded slashes. (MFSA 2008-44)
Georgi Guninski discovered that resource: URLs could bypass local\n access restrictions. (MFSA 2008-44)
Billy Hoffman discovered that the XBM decoder could reveal\n uninitialised memory. (MFSA 2008-45)
It was discovered that a buffer overflow could be triggered via a\n long header in a news article, which could lead to arbitrary code\n execution. (MFSA 2008-46)
Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions. (MFSA 2008-48)
It was discovered that insufficient checks in the Flash plugin glue\n code could lead to arbitrary code execution. (MFSA 2008-49)
Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution. (MFSA 2008-50)
It was discovered that crashes in the layout engine could lead to\n arbitrary code execution. (MFSA 2008-52)
Justin Schuh discovered that a buffer overflow in http-index-format\n parser could lead to arbitrary code execution. (MFSA 2008-54)
It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code. (MFSA 2008-55)
\"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.\n (MFSA 2008-56)
Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents. (MFSA 2008-58)
Liu Die Yu discovered an information leak through local shortcut\n files. (MFSA 2008-59)
Jesse Ruderman discovered that the layout engine is vulnerable to\n DoS attacks that might trigger memory corruption and an integer\n overflow. (MFSA 2008-60)
Boris Zbarsky discovered that an information disclosure attack could\n be performed via XBL bindings. (MFSA 2008-61)
Marius Schilder discovered that it is possible to obtain sensible\n data via a XMLHttpRequest. (MFSA 2008-64)
Chris Evans discovered that it is possible to obtain sensible data\n via a JavaScript URL. (MFSA 2008-65)
Chip Salzenberg discovered possible phishing attacks via URLs with\n leading whitespaces or control characters. (MFSA 2008-66)
It was discovered that it is possible to perform cross-site scripting\n attacks via an XBL binding to an \"unloaded document.\" (MFSA 2008-68)
It was discovered that it is possible to run arbitrary JavaScript\n with chrome privileges via unknown vectors. (MFSA 2008-68)
For the stable distribution (etch) these problems have been fixed in\nversion 1.0.13~pre080614i-0etch1.
\nFor the upcoming stable distribution (lenny) these problems\nwill be fixed soon.
\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.1.14-1.
\nWe recommend that you upgrade your iceape packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that a buffer overflow in the GIF image parsing code\nof Tk, a cross-platform graphical toolkit, could lead to a denial of\nservice and potentially the execution of arbitrary code.
\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 8.3.5-4sarge1.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 8.3.5-6etch2.
\nWe recommend that you upgrade your tk8.3 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in libpng, a library for\nreading and writing PNG files. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nThe png_handle_tRNS function allows attackers to cause a denial of service\n (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
Certain chunk handlers allow attackers to cause a denial of service (crash)\n via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which\n trigger out-of-bounds read operations.
libpng allows context-dependent attackers to cause a denial of service\n (crash) and possibly execute arbitrary code via a PNG file with zero\n length \"unknown\" chunks, which trigger an access of uninitialized\n memory.
The png_check_keyword might allow context-dependent attackers to set the\n value of an arbitrary memory location to zero via vectors involving\n creation of crafted PNG files with keywords.
A memory leak in the png_handle_tEXt function allows context-dependent\n attackers to cause a denial of service (memory exhaustion) via a crafted\n PNG file.
libpng allows context-dependent attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via a crafted PNG\n file that triggers a free of an uninitialized pointer in (1) the\n png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit\n gamma tables.
For the old stable distribution (etch), these problems have been fixed\nin version 1.2.15~beta5-1+etch2.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.2.27-2+lenny2. (Only CVE-2008-5907, CVE-2008-5907 and\nCVE-2009-0040 affect the stable distribution.)
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.35-1.
\nWe recommend that you upgrade your libpng packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\njaguar@felinemenace.org discovered a format string vulnerability in\nrlpr, a utility for lpd printing without using /etc/printcap. While\ninvestigating this vulnerability, a buffer overflow was also\ndiscovered in related code. By exploiting one of these\nvulnerabilities, a local or remote user could potentially cause\narbitrary code to be executed with the privileges of 1) the rlprd\nprocess (remote), or 2) root (local).
\nCAN-2004-0393: format string vulnerability via syslog(3) in msg()\nfunction in rlpr
\nCAN-2004-0454: buffer overflow in msg() function in rlpr
\nFor the current stable distribution (woody), this problem has been\nfixed in version 2.02-7woody1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you update your rlpr package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral denial-of-service vulnerabilities have been discovered in Xen,\nthe popular virtualization software. The Common Vulnerabilities and\nExposures project identifies the following issues:
\nGuest mode unprivileged code, which has been granted the privilege to\n access MMIO regions, may leverage that access to crash the whole guest.\n Since this can be used to crash a client from within, this vulnerability is\n considered to have low impact.
A guest kernel can cause the host to become unresponsive for a period\n of time, potentially leading to a DoS. Since an attacker with full\n control in the guest can impact the host, this vulnerability is\n considered to have high impact.
For the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-5.3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.1.3-1.
\nWe recommend that you upgrade your xen packages.
\nDmitry E. Oboukhov discovered that the qemu-make-debian-root script in qemu,\nfast processor emulator, creates temporary files insecurely, which may lead\nto a local denial of service through symlink attacks.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.8.2-4etch2.
\nFor the testing (lenny) and unstable distribution (sid), this problem has\nbeen fixed in version 0.9.1-6.
\nWe recommend that you upgrade your qemu package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral denial-of-service vulnerabilities were discovered in the dcraw\ncode base, a program for procesing raw format images from digital\ncameras. This update corrects them in the copy that is embedded in\nthe exactimage package.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.8.1-3+deb6u2.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.5-5+deb7u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.9-1.
\nWe recommend that you upgrade your exactimage packages.
\nSeveral vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. These issues could lead to Denial-of-Service\nand, in some situation, the execution of arbitrary code.
\nYihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when\n parsing a crafted MOV file.
Thierry Foucu discovered that it was possible to leak information from\n files and symlinks ending in common multimedia extensions, using the\n HTTP Live Streaming.
Liu Bingchang of IIE discovered an integer overflow in the APE decoder\n that can be triggered by a crafted APE file.
JunDong Xie of Ant-financial Light-Year Security Lab discovered that\n an attacker able to craft a RTMP stream can crash FFmpeg.
Liu Bingchang of IIE discovered an out-of-bound access that can be\n triggered by a crafted DNxHD file.
For the stable distribution (stretch), these problems have been fixed in\nversion 7:3.2.7-1~deb9u1.
\nWe recommend that you upgrade your ffmpeg packages.
\nIt was discovered that OpenSSL does not properly verify DSA signatures\non X.509 certificates due to an API misuse, potentially leading to the\nacceptance of incorrect X.509 certificates as genuine (CVE-2008-5077).
\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch4 of the openssl package, and version\n0.9.7k-3.1etch2 of the openssl097 package.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.9.8g-15.
\nThe testing distribution (lenny) will be fixed soon.
\nWe recommend that you upgrade your OpenSSL packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIlja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:0.9.6-1+squeeze1.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:0.9.7-1+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:0.9.7-1+deb7u1.
\nWe recommend that you upgrade your libxrender packages.
\nEarl Hood, author of mhonarc, a mail to HTML converter, discovered a\ncross site scripting vulnerability in this package. A specially\ncrafted HTML mail message can introduce foreign scripting content in\narchives, by-passing MHonArc's HTML script filtering.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 2.5.2-1.3.
\nFor the old stable distribution (potato) this problem has been fixed\nin version 2.4.4-1.3.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.5.14-1.
\nWe recommend that you upgrade your mhonarc package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that an integer overflow in the SFTP file transfer\nmodule of the ProFTPD daemon could lead to denial of service.
\nThe oldstable distribution (lenny) is not affected.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.3.3a-6squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.3d-4.
\nWe recommend that you upgrade your proftpd-dfsg packages.
\nDmitry E. Oboukhov discovered that flamethrower creates predictable temporary\nfilenames, which may lead to a local denial of service through a symlink\nattack.
\nFor the stable distribution (etch), this problem has been fixed in version\n0.1.8-1+etch1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1.8-2.
\nWe recommend that you upgrade your flamethrower package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIlia Alshanetsky discovered several buffer overflows in libmcrypt, a\ndecryption and encryption library, that originates from improper or\nlacking input validation. By passing input which is longer than\nexpected to a number of functions (multiple functions are affected)\nthe user can successfully make libmcrypt crash and may be able to insert\narbitrary, malicious code which will be executed under the user\nlibmcrypt runs as, e.g. inside a web server.
\nAnother vulnerability exists in the way libmcrypt loads algorithms via\nlibtool. When different algorithms are loaded dynamically, each time\nan algorithm is loaded a small part of memory is leaked. In a\npersistent environment (web server) this could lead to a memory\nexhaustion attack that will exhaust all available memory by launching\nrepeated requests at an application utilizing the mcrypt library.
\nFor the current stable distribution (woody) these problems have been\nfixed in version 2.5.0-1woody1.
\nThe old stable distribution (potato) does not contain libmcrypt packages.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.5.5-1.
\nWe recommend that you upgrade your libmcrypt packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral local and remote vulnerabilities have been discovered in the\nLinux kernel that may lead to a denial of service or the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nA race condition in the sysfs filesystem allows local users to\n read kernel memory and cause a denial of service (crash).
\nAlexander Nyberg discovered that the ptrace() system call does not\n properly verify addresses on the amd64 architecture which can be\n exploited by a local attacker to crash the kernel.
A problem in the offset handling in the xattr file system code for\n ext3 has been discovered that may allow users on 64-bit systems\n that have access to an ext3 filesystem with extended attributes to\n cause the kernel to crash.
Chris Wright discovered that the mmap() function could create\n illegal memory maps that could be exploited by a local user to\n crash the kernel or potentially execute arbitrary code.
A vulnerability on the IA-64 architecture can lead local attackers\n to overwrite kernel memory and crash the kernel.
A vulnerability has been discovered in the ptrace() system call on\n the amd64 architecture that allows a local attacker to cause the\n kernel to crash.
A buffer overflow in the ptrace system call for 64-bit\n architectures allows local users to write bytes into arbitrary\n kernel memory.
Zou Nan Hai has discovered that a local user could cause the\n kernel to hang on the amd64 architecture after invoking syscall()\n with specially crafted arguments.
A vulnerability has been discovered in the stack segment fault\n handler that could allow a local attacker to cause a stack exception\n that will lead the kernel to crash under certain circumstances.
Balazs Scheidler discovered that a local attacker could call\n setsockopt() with an invalid xfrm_user policy message which would\n cause the kernel to write beyond the boundaries of an array and\n crash.
Vladimir Volovich discovered a bug in the zlib routines which are\n also present in the Linux kernel and allows remote attackers to\n crash the kernel.
Another vulnerability has been discovered in the zlib routines\n which are also present in the Linux kernel and allows remote\n attackers to crash the kernel.
Peter Sandstrom noticed that snmpwalk from a remote host could\n cause a denial of service (kernel oops from null dereference) via\n certain UDP packets that lead to a function call with the wrong\n argument.
Andreas Gruenbacher discovered a bug in the ext2 and ext3 file\n systems. When data areas are to be shared among two inodes not\n all information were compared for equality, which could expose\n wrong ACLs for files.
Chad Walstrom discovered that the ipt_recent kernel module on\n 64-bit processors such as AMD64 allows remote attackers to cause a\n denial of service (kernel panic) via certain attacks such as SSH\n brute force.
The mprotect code on Itanium IA-64 Montecito processors does not\n properly maintain cache coherency as required by the architecture,\n which allows local users to cause a denial of service and possibly\n corrupt data by modifying PTE protections.
A race condition in the thread management may allow local users to\n cause a denial of service (deadlock) when threads are sharing\n memory and waiting for a thread that has just performed an exec.
When one thread is tracing another thread that shares the same\n memory map a local user could cause a denial of service (deadlock)\n by forcing a core dump when the traced thread is in the\n TASK_TRACED state.
A bug in the ioremap() system call has been discovered on the\n amd64 architecture that could allow local users to cause a\n denial of service or an information leak when performing a lookup\n of a non-existent memory page.
The HFS and HFS+ (hfsplus) modules allow local attackers to cause\n a denial of service (oops) by using hfsplus to mount a filesystem\n that is not hfsplus.
A race condition in the ebtables netfilter module on an SMP system\n running under high load may allow remote attackers to cause a\n denial of service (crash).
Roland McGrath discovered that exec() does not properly clear\n posix-timers in multi-threaded environments, which results in a\n resource leak and could allow a large number of multiple local\n users to cause a denial of service by using more posix-timers than\n specified by the quota for a single user.
The kernel allows remote attackers to poison the bridge forwarding\n table using frames that have already been dropped by filtering,\n which can cause the bridge to forward spoofed packets.
The ioctl for the packet radio ROSE protocol does not properly\n verify the arguments when setting a new router, which allows\n attackers to trigger out-of-bounds errors.
A race condition on SMP systems allows local users to cause a\n denial of service (null dereference) by causing a connection timer\n to expire while the connection table is being flushed before the\n appropriate lock is acquired.
An error in the NAT code allows remote attackers to cause a denial\n of service (memory corruption) by causing two packets for the same\n protocol to be NATed at the same time, which leads to memory\n corruption.
A missing memory cleanup in the thread handling routines before\n copying data into userspace allows a user process to obtain\n sensitive information.
This update also contains a number of corrections for issues that\nturned out to have no security implication afterwards.
\nThe following matrix explains which kernel version for which architecture\nfix the problems mentioned above:
\n\u00a0 | \nDebian 3.1 (sarge) | \n
---|---|
Source | \n2.6.8-16sarge1 | \n
Alpha architecture | \n2.6.8-16sarge1 | \n
AMD64 architecture | \n2.6.8-16sarge1 | \n
HP Precision architecture | \n2.6.8-6sarge1 | \n
Intel IA-32 architecture | \n2.6.8-16sarge1 | \n
Intel IA-64 architecture | \n2.6.8-14sarge1 | \n
Motorola 680x0 architecture | \n2.6.8-4sarge1 | \n
PowerPC architecture | \n2.6.8-12sarge1 | \n
IBM S/390 architecture | \n2.6.8-5sarge1 | \n
Sun Sparc architecture | \n2.6.8-15sarge1 | \n
We recommend that you upgrade your kernel package immediately and\nreboot the machine.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 6:0.8.17-2.
\nFor the stable distribution (jessie), libav has been updated to\n6:11.6-1~deb8u1 which brings several further bugfixes as detailed in\nthe upstream changelog:\n\nhttps://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.6
\nWe recommend that you upgrade your libav packages.
\nNikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered\nseveral vulnerabilities in ImageMagick, a program suite for image\nmanipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code\n(CVE-2016-3714), make HTTP\nGET or FTP requests (CVE-2016-3718),\nor delete (CVE-2016-3715), move\n(CVE-2016-3716), or read\n(CVE-2016-3717) local files.
\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.
\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization for\ninput filenames in http/https delegates, the full remotion of PLT/Gnuplot\ndecoder, and the need of explicit reference in the filename for the\ninsecure coders.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u2.
\nWe recommend that you upgrade your imagemagick packages.
\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, and other implementation errors may lead to the execution of\narbitrary code.
\nThe Icedove version in the oldstable distribution (squeeze) is no longer\nsupported with full security updates. However, it should be noted that\nalmost all security issues in Icedove stem from the included browser engine.\nThese security problems only affect Icedove if scripting and HTML mails\nare enabled. If there are security issues specific to Icedove (e.g. a\nhypothetical buffer overflow in the IMAP implementation) we'll make an\neffort to backport such fixes to oldstable.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.10-1~deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 17.0.10-1.
\nWe recommend that you upgrade your icedove packages.
\nSeveral vulnerabilities were discovered in Subversion, a version control\nsystem. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nSubversion mod_dav_svn and svnserve were vulnerable to a remotely\n triggerable assertion DoS vulnerability for certain requests with\n dynamically evaluated revision numbers.
Subversion HTTP servers allow spoofing svn:author property values\n for new revisions via specially crafted v1 HTTP protocol request\n sequences.
For the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.17dfsg-4+deb7u9.
\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.8.10-6.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.10-6.
\nWe recommend that you upgrade your subversion packages.
\nChris Schmidt and Daniel Morissette discovered two vulnerabilities\nin mapserver, a development environment for spatial and mapping\napplications. The Common Vulnerabilities and Exposures project\nidentifies the following two problems:
\nLack of input sanitizing and output escaping in the CGI\n mapserver's template handling and error reporting routines leads\n to cross-site scripting vulnerabilities.
Missing bounds checking in mapserver's template handling leads to\n a stack-based buffer overrun vulnerability, allowing a remote\n attacker to execute arbitrary code with the privileges of the CGI\n or httpd user.
For the stable distribution (etch), these problems have been fixed in\nversion 4.10.0-5.1+etch2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.10.3-1.
\nWe recommend that you upgrade your mapserver (4.10.0-5.1+etch2) package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nNicolas Gregoire discovered that the XML Security Library xmlsec allowed\nremote attackers to create or overwrite arbitrary files through\nspecially crafted XML files using the libxslt output extension and a\nds:Transform element during signature verification.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.9-5+lenny1.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.14-1+squeeze1.
\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 1.2.14-1.1.
\nWe recommend that you upgrade your xmlsec1 packages.
\nCory Duplantis discovered a buffer overflow in the R programming\nlanguage. A malformed encoding file may lead to the execution of\narbitrary code during PDF generation.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.1.1-1+deb8u1.
\nFor the upcoming stable distribution (stretch), this problem has been\nfixed in version 3.3.3-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.3.3-1.
\nWe recommend that you upgrade your r-base packages.
\nTeemu Salmela discovered that the links2 character mode web browser\nperforms insufficient sanitising of smb:// URIs, which might lead to the\nexecution of arbitrary shell commands.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.1pre16-1sarge1.
\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 2.1pre26-1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.1pre26-1.
\nWe recommend that you upgrade your links2 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nHarry Sintonen discovered that GNU tar does not properly handle member\nnames containing '..', thus allowing an attacker to bypass the path\nnames specified on the command line and replace files and directories in\nthe target directory.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.27.1-2+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.29b-1.1.
\nWe recommend that you upgrade your tar packages.
\nIt was discovered that ltdl, a system-independent dlopen wrapper for\nGNU libtool, can be tricked to load and run modules from an arbitrary\ndirectory, which might be used to execute arbitrary code with the\nprivileges of the user running an application that uses libltdl.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.5.22-4+etch1.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.26-4+lenny1.
\nFor the testing distribution (squeeze) and unstable distribution (sid),\nthis problem has been fixed in 2.2.6b-1.
\nWe recommend that you upgrade your libtool packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that belpic, the belgian eID PKCS11 library, does not\nproperly check the result of an OpenSSL function for verifying\ncryptographic signatures, which could be used to bypass the certificate\nvalidation.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.5.9-7.etch.1.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.0-6, which was already included in the lenny release.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 2.6.0-6.
\nWe recommend that you upgrade your belpic packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.
\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u11.
\nWe recommend that you upgrade your imagemagick packages.
\nDaniel Bleichenbacher discovered a flaw in the OpenSSL cryptographic package\nthat could allow an attacker to generate a forged signature that OpenSSL\nwill accept as valid.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.9.6m-1sarge2.
\nThis package exists only for compatibility with older software, and is\nnot present in the unstable or testing branches of Debian.
\nWe recommend that you upgrade your openssl packages. Note that services\nlinking against the openssl shared libraries will need to be restarted.\nCommon examples of such services include most Mail Transport Agents, SSH\nservers, and web servers.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security vulnerabilities have been discovered in MediaWiki, a\nwebsite engine for collaborative work:
\nCross-site-scripting with non-standard URL escaping and\n $wgShowExceptionDetails disabled.
Reflected file download in API.
On private wikis the login form didn't distinguish between\n login failure due to bad username and bad password.
It was possible to mangle HTML via raw message parameter\n expansion.
id attributes in headlines allowed raw '>'.
Language converter could be tricked into replacing text inside tags.
Unsafe attribute injection via glossary rules in language converter.
For the stable distribution (stretch), these problems have been fixed in\nversion 1:1.27.4-1~deb9u1.
\nWe recommend that you upgrade your mediawiki packages.
\nPeter Bieringer discovered that postgrey, a greylisting\nimplementation for Postfix, is vulnerable to a format string attack\nthat allows remote attackers to cause a denial of service to the daemon.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.21-1sarge1.
\nFor the stable distribution (sarge) this problem has also been fixed\nin version 1.21-1volatile4 in the volatile archive.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.22-1.
\nWe recommend that you upgrade your postgrey package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAdam Sampson discovered a buffer overflow in the handling of the\nXAUTHORITY environment variable in das-watchdog, a watchdog daemon to\nensure a realtime process won't hang the machine. A local user can\nexploit this flaw to escalate his privileges and execute arbitrary\ncode as root.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.9.0-2+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.9.0-3.1.
\nWe recommend that you upgrade your das-watchdog packages.
\nSteve Kemp from the Debian Security Audit project discovered that gsambad,\na GTK+ configuration tool for samba, uses temporary files in an unsafe\nmanner which may be exploited to truncate arbitrary files from the local system.
\nFor the stable distribution (etch) this problem has been fixed in\nversion 0.1.4-2etch1.
\nFor the unstable distribution (sid) this problem will be fixed shortly.
\nWe recommend that you upgrade your gsambad package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that phpGedView, an application to provide online access\nto genealogical data, performed insufficient input sanitising on some\nparameters, making it vulnerable to cross site scripting.
\nFor the stable distribution (etch), this problem has been fixed in version\n4.0.2.dfsg-3.
\nFor the unstable distribution (sid), this problem has been fixed in version\n4.1.e+4.1.1-2.
\nWe recommend that you upgrade your phpgedview package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been found in Thunderbird, which may may\nlead to the execution of arbitrary code or information leaks.
\nWith this update, the Icedove packages are de-branded back to the official\nMozilla branding. With the removing of the Debian branding the packages\nare also renamed back to the official names used by Mozilla.
\nThe Thunderbird package is using a different default profile folder,\nthe default profile folder is now '$(HOME)/.thunderbird'
.\nThe users profile folder, that was used in Icedove, will get migrated\nto the new profile folder on the first start, that can take a little bit\nmore time.
Please read README.Debian for getting more information about the\nchanges.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.8.0-3~deb8u1.
\nWe recommend that you upgrade your icedove packages.
\nA number of potential remote denial of service vulnerabilities have been identified in\nClamAV. In addition to the four issues identified by CVE ID above, there\nare fixes for issues in libclamav/cvd.c and libclamav/message.c.\nTogether, these issues could allow a carefully crafted message to crash\na ClamAV scanner or exhaust various resources on the machine running the\nscanner.
\nFor the stable distribution (sarge), these problems have been fixed in\nversion 0.84-2.sarge.1.
\nWe recommend that you upgrade your clamav package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAn integer overflow vulnerability was discovered in decode_digit() in\nlibidn2-0, the GNU library for Internationalized Domain Names (IDNs),\nallowing a remote attacker to cause a denial of service against an\napplication using the library (application crash).
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 0.10-2+deb8u1.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 0.16-1+deb9u1.
\nFor the testing distribution (buster), this problem has been fixed\nin version 2.0.2-4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.2-4.
\nWe recommend that you upgrade your libidn2-0 packages.
\nIt was discovered that Raptor, a RDF parser and serializer library,\nallows file inclusion through XML entities, resulting in information\ndisclosure.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.21-2+squeeze1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your raptor packages.
\nIt was discovered that CUPS, the Common UNIX Printing System, is\nvulnerable to a remotely triggerable privilege escalation via cross-site\nscripting and bad print job submission used to replace cupsd.conf on the\nCUPS server.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.5.3-5+deb7u6.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.7.5-11+deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.7.5-12.
\nWe recommend that you upgrade your cups packages.
\nTim Starling discovered that the Debian-native CGI wrapper for man2html,\na program to convert UNIX man pages to HTML, is not properly escaping\nuser-supplied input when displaying various error messages. A remote\nattacker can exploit this flaw to conduct cross-site scripting (XSS)\nattacks.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.6f-3+lenny1.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6f+repack-1+squeeze1.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.6g-6.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6g-6.
\nWe recommend that you upgrade your man2html packages.
\nMultiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.
\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8.0.14-1+deb8u5.
\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 8.5.8-2.
\nWe recommend that you upgrade your tomcat8 packages.
\nDan Kaminsky discovered that properties inherent to the DNS protocol\nlead to practical DNS cache poisoning attacks. Among other things,\nsuccessful attacks can lead to misdirected web traffic and email\nrerouting.
\nThis update changes Debian's dnsmasq packages to implement the\nrecommended countermeasure: UDP query source port randomization. This\nchange increases the size of the space from which an attacker has to\nguess values in a backwards-compatible fashion and makes successful\nattacks significantly more difficult.
\nThis update also switches the random number generator to Dan\nBernstein's SURF.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.35-1+etch4. Packages for alpha will be provided later.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.43-1.
\nWe recommend that you upgrade your dnsmasq package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTavis Ormandy discovered that the embedded GD library copy in libwmf,\na library to parse windows metafiles (WMF), makes use of a pointer\nafter it was already freed. An attacker using a crafted WMF file can\ncause a denial of service or possibly the execute arbitrary code via\napplications using this library.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.2.8.4-2+etch1.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.2.8.4-6+lenny1.
\nFor the testing distribution (squeeze), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.2.8.4-6.1.
\nWe recommend that you upgrade your libwmf packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:
\nJeremie Boutoille of Quarkslab and Shangcong Luan of Alibaba\n discovered a flaw in the handling of L3 pagetable entries, allowing\n a malicious 32-bit PV guest administrator can escalate their\n privilege to that of the host.
x86 HVM guests running with shadow paging use a subset of the x86\n emulator to handle the guest writing to its own pagetables. Andrew\n Cooper of Citrix discovered that there are situations a guest can\n provoke which result in exceeding the space allocated for internal\n state. A malicious HVM guest administrator can cause Xen to fail a\n bug check, causing a denial of service to the host.
Mikhail Gorobets of Advanced Threat Research, Intel Security\n discovered a use after free flaw in the FIFO event channel code. A\n malicious guest administrator can crash the host, leading to a\n denial of service. Arbitrary code execution (and therefore privilege\n escalation), and information leaks, cannot be excluded.
For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u7.
\nWe recommend that you upgrade your xen packages.
\nRudolf Polzer discovered a vulnerability in a2ps, a converter and\npretty-printer for many formats to PostScript. The program did not\nescape shell meta characters properly which could lead to the\nexecution of arbitrary commands as a privileged user if a2ps is\ninstalled as a printer filter.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 4.13b-16woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1:4.13b-4.2.
\nWe recommend that you upgrade your a2ps package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nBryan Quigley discovered an integer underflow in Pixman which could lead\nto denial of service or the execution of arbitrary code.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.16.4-1+deb6u1.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.26.0-4+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.30.2-2.
\nWe recommend that you upgrade your pixman packages.
\nDon A. Bailey from Lab Mouse Security discovered an integer overflow\nflaw in the way the lzo library decompressed certain archives compressed\nwith the LZO algorithm. An attacker could create a specially crafted\nLZO-compressed input that, when decompressed by an application using the\nlzo library, would cause that application to crash or, potentially,\nexecute arbitrary code.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.06-1+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 2.08-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.08-1.
\nWe recommend that you upgrade your lzo2 packages.
\nSeveral vulnerabilities were discovered in qemu, a fast processor\nemulator.
\nWei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds\n read and write flaw in the QEMU VGA module. A privileged guest user\n could use this flaw to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.
Zuozhi Fzz of Alibaba Inc discovered potential integer overflow\n or out-of-bounds read access issues in the QEMU VGA module. A\n privileged guest user could use this flaw to mount a denial of\n service (QEMU process crash).
For the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u6.
\nWe recommend that you upgrade your qemu packages.
\nSince ALLOW_LINE_PARSING is enabled in the default /etc/cfingerd.conf\nlocal users could use this to gain root access.\n
This has been fixed in version 1.4.1-1.2, and we recommend that you upgrade\nyour cfingerd package immediately.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral remote vulnerabilities have been discovered in BIND, an\nimplementation of the DNS protocol suite. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nWhen DNSSEC validation is enabled, BIND does not properly\n\thandle certain bad signatures if multiple trust anchors exist\n\tfor a single zone, which allows remote attackers to cause a\n\tdenial of service (server crash) via a DNS query.
BIND does not properly determine the security status of an NS\n\tRRset during a DNSKEY algorithm rollover, which may lead to\n\tzone unavailability during rollovers.
BIND does not properly handle the combination of signed\n\tnegative responses and corresponding RRSIG records in the\n\tcache, which allows remote attackers to cause a denial of\n\tservice (server crash) via a query for cached data.
In addition, this security update improves compatibility with\npreviously installed versions of the bind9 package. As a result, it\nis necessary to initiate the update with \"apt-get dist-upgrade\"\ninstead of \"apt-get update\".
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:9.6.ESV.R3+dfsg-0+lenny1.
\nFor the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version\n1:9.7.2.dfsg.P3-1.
\nWe recommend that you upgrade your bind9 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nJesse Ruderman discovered that the layout engine is vulnerable to\n DoS attacks that might trigger memory corruption and an integer\n overflow. (MFSA 2008-60)
Boris Zbarsky discovered that an information disclosure attack could\n be performed via XBL bindings. (MFSA 2008-61)
It was discovered that attackers could run arbitrary JavaScript with\n chrome privileges via vectors related to the feed preview.\n (MFSA 2008-62)
Marius Schilder discovered that it is possible to obtain sensible\n data via a XMLHttpRequest. (MFSA 2008-64)
Chris Evans discovered that it is possible to obtain sensible data\n via a JavaScript URL. (MFSA 2008-65)
Chip Salzenberg discovered possible phishing attacks via URLs with\n leading whitespaces or control characters. (MFSA 2008-66)
Kojima Hajime and Jun Muto discovered that escaped null characters\n were ignored by the CSS parser and could lead to the bypass of\n protection mechanisms (MFSA 2008-67)
It was discovered that it is possible to perform cross-site scripting\n attacks via an XBL binding to an \"unloaded document.\" (MFSA 2008-68)
It was discovered that it is possible to run arbitrary JavaScript\n with chrome privileges via unknown vectors. (MFSA 2008-68)
moz_bug_r_a4 discovered that the session-restore feature does not\n properly sanitise input leading to arbitrary injections. This issue\n could be used to perform an XSS attack or run arbitrary JavaScript\n with chrome privileges. (MFSA 2008-69)
For the stable distribution (etch) these problems have been fixed in\nversion 2.0.0.19-0etch1.
\nFor the testing distribution (lenny) and the unstable distribution (sid)\nthese problems have been fixed in version 3.0.5-1. Please note iceweasel\nin Lenny links dynamically against xulrunner.
\nWe recommend that you upgrade your iceweasel package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7u55-2.4.7-1~deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u55-2.4.7-1.
\nWe recommend that you upgrade your openjdk-7 packages.
\nDavid Airlie and Peter Hutterer of Red Hat discovered that xorg-server,\nthe X.Org X server was vulnerable to an information disclosure flaw\nrelated to input handling and devices hotplug.
\nWhen an X server is running but not on front (for example because of a VT\nswitch), a newly plugged input device would still be recognized and\nhandled by the X server, which would actually transmit input events to\nits clients on the background.
\nThis could allow an attacker to recover some input events not intended\nfor the X clients, including sensitive information.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2:1.7.7-16.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2:1.12.4-6.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:1.12.4-6.
\nWe recommend that you upgrade your xorg-server packages.
\nMorgan Todd discovered a cross-site scripting vulnerability in awstats,\na log file analyzer, involving the \"config\" request parameter (and\npossibly others; CVE-2008-3714).
\nFor the stable distribution (etch), this problem has been fixed in version\n6.5+dfsg-1+etch1.
\nThe unstable (sid) and testing (lenny) distribution will be fixed soon.
\nWe recommend that you upgrade your awstats package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nLuc Lynx discovered that SVG Salamander, a SVG engine for Java was\nsusceptible to server side request forgery.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0~svn95-1+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.1+dfsg-2.
\nWe recommend that you upgrade your svgsalamander packages.
\nTeemu Salmela discovered that the elinks character mode web browser\nperforms insufficient sanitising of smb:// URIs, which might lead to the\nexecution of arbitrary shell commands.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.10.4-7.1.
\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 0.11.1-1.2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.11.1-1.2.
\nWe recommend that you upgrade your elinks package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo vulnerabilities have been found in lcms, a library and set of\ncommandline utilities for image color management. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nInadequate enforcement of fixed-length buffer limits allows an\n attacker to overflow a buffer on the stack, potentially enabling\n the execution of arbitrary code when a maliciously-crafted\n image is opened.
An integer sign error in reading image gamma data could allow an\n attacker to cause an under-sized buffer to be allocated for\n subsequent image data, with unknown consequences potentially\n including the execution of arbitrary code if a maliciously-crafted\n image is opened.
For the stable distribution (etch), these problems have been fixed in\nversion 1.15-1.1+etch1.
\nFor the upcoming stable distribution (lenny), and the unstable\ndistribution (sid), these problems are fixed in version 1.17.dfsg-1.
\nWe recommend that you upgrade your lcms packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAn off-by-one error leading to a heap-based buffer overflow has been\nidentified in libapache-mod-auth-kerb, an Apache module for Kerberos\nauthentication. The error could allow an attacker to trigger an\napplication crash or potentially execute arbitrary code by sending a\nspecially crafted kerberos message.
\nFor the stable distribution (sarge), this problem has been fixed in\nversion 4.996-5.0-rc6-1sarge1.
\nFor the unstable distribution (sid) and the forthcoming stable distribution\n(etch), this problem has been fixed in version 5.3-1.
\nWe recommend that you upgrade your libapache-mod-auth-kerb package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral problems have been discovered in telnet clients that could be\nexploited by malicious daemons the client connects to. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nGa\u00ebl Delalleau discovered a buffer overflow in the env_opt_add()\n function that allow a remote attacker to execute arbitrary code.
\nGa\u00ebl Delalleau discovered a buffer overflow in the handling of the\n LINEMODE suboptions in telnet clients. This can lead to the\n execution of arbitrary code when connected to a malicious server.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.1-8-2.4.
\nFor the testing distribution (sarge) these problems have been fixed in\nversion 1.2.2-11.2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.2.2-11.2.
\nWe recommend that you upgrade your krb4 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in PHP, a server-side,\nHTML-embedded scripting language. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nBuffer overflow in the imageloadfont function allows a denial\n of service or code execution through a crafted font file.
Buffer overflow in the memnstr function allows a denial of\n service or code execution via a crafted delimiter parameter\n to the explode function.
Denial of service is possible in the FastCGI module by a\n remote attacker by making a request with multiple dots\n before the extension.
For the stable distribution (etch), these problems have been fixed in\nversion 5.2.0-8+etch13.
\nFor the testing (lenny) and unstable distribution (sid), these problems\nhave been fixed in version 5.2.6-4.
\nWe recommend that you upgrade your php5 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nPeter Palfrader discovered that in the Git revision control system,\non some architectures files under /usr/share/git-core/templates/ were\nowned by a non-root user. This allows a user with that uid on the local\nsystem to write to these files and possibly escalate their privileges.
\nThis issue only affects the DEC Alpha and MIPS (big and little endian)\narchitectures.
\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.4.4.4-4+etch2.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.6.5-3+lenny1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.2.1-1.
\nWe recommend that you upgrade your git-core package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nWilliam Robinet and Michal Zalewski discovered multiple vulnerabilities\nin the TIFF library and its tools, which may result in denial of\nservice or the execution of arbitrary code if a malformed TIFF file\nis processed.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 4.0.2-6+deb7u4.
\nFor the stable distribution (jessie), these problems have been fixed\nbefore the initial release.
\nWe recommend that you upgrade your tiff packages.
\nCarlos Barros has discovered a buffer overflow in the HTTP\nauthentication routine of mpg123, a popular (but non-free) MPEG layer\n1/2/3 audio player. If a user opened a malicious playlist or URL, an\nattacker might execute arbitrary code with the rights of the calling\nuser.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.59r-13woody4.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.59r-17.
\nWe recommend that you upgrade your mpg123 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIlja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2:1.0.2-1+squeeze1.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.0.4-1+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:1.0.4-1+deb7u1.
\nWe recommend that you upgrade your libfs packages.
\nIt was discovered that sendmail, a Mail Transport Agent, does not properly handle\na '\\0' character in a Common Name (CN) field of an X.509 certificate.
\nThis allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server\ncertificate issued by a legitimate Certification Authority, and to bypass intended\naccess restrictions via a crafted client certificate issued by a legitimate\nCertification Authority.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 8.13.8-3+etch1
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 8.14.3-5+lenny1
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.14.3-9.1, and will migrate to the testing distribution (squeeze)\nshortly.
\nWe recommend that you upgrade your sendmail package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework:
\nFailing to properly HTML-encode user input in several places,\n\tthe TYPO3 backend is susceptible to Cross-Site Scripting. A\n\tvalid backend user is required to exploit these\n\tvulnerabilities.
Accessing a CLI Script directly with a browser may disclose\n\tthe database name used for the TYPO3 installation.
By not removing non printable characters, the API method\n\tt3lib_div::RemoveXSS() fails to filter specially crafted HTML\n\tinjections, thus is susceptible to Cross-Site Scripting.
For the stable distribution (squeeze), these problems have been fixed in\nversion 4.3.9+dfsg1-1+squeeze3.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 4.5.14+dfsg1-1.
\nWe recommend that you upgrade your typo3-src packages.
\nThe developers of Gaim, an instant messenger client that combines\nseveral different networks, found a vulnerability in the hyperlink\nhandling code. The 'Manual' browser command passes an untrusted\nstring to the shell without escaping or reliable quoting, permitting\nan attacker to execute arbitrary commands on the users machine.\nUnfortunately, Gaim doesn't display the hyperlink before the user\nclicks on it. Users who use other inbuilt browser commands aren't\nvulnerable.
\nThis problem has been fixed in version 0.58-2.2 for the current\nstable distribution (woody) and in version 0.59.1-2 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since it doesn't ship the Gaim program.
\nThe fixed version of Gaim no longer passes the user's manual browser\ncommand to the shell. Commands which contain the %s in quotes will\nneed to be amended, so they don't contain any quotes. The 'Manual'\nbrowser command can be edited in the 'General' pane of the\n'Preferences' dialog, which can be accessed by clicking 'Options' from\nthe login window, or 'Tools' and then 'Preferences' from the menu bar\nin the buddy list window.
\nWe recommend that you upgrade your gaim package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in the X.Org X server. An\nattacker who's able to connect to an X server could cause a denial of\nservice or potentially the execution of arbitrary code.
\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 2:1.16.4-1+deb8u2.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:1.19.2-1+deb9u2.
\nWe recommend that you upgrade your xorg-server packages.
\nSteve Kemp discovered a buffer overflow in freesweep, when processing\nseveral environment variables. This vulnerability could be exploited\nby a local user to gain gid 'games'.
\nFor the current stable distribution (woody) this problem has been fixed\nin version 0.88-4woody1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you update your freesweep package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nNico Golde discovered that PeerCast, a P2P audio and video streaming\nserver, is vulnerable to a buffer overflow in the HTTP Basic\nAuthentication code, allowing a remote attacker to crash PeerCast or\nexecute arbitrary code.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.1217.toots.20060314-1etch1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1218+svn20080104-1.1.
\nWe recommend that you upgrade your peercast package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nFlorian Heinz heinz@cronon-ag.de posted to the Bugtraq mailing list an\nexploit for qpopper based on a bug in the included vsnprintf implementation.\nThe sample exploit requires a valid user account and password, and overflows a\nstring in the pop_msg() function to give the user \"mail\" group privileges and a\nshell on the system. Since the Qvsnprintf function is used elsewhere in\nqpopper, additional exploits may be possible.
\nThe qpopper package in Debian 2.2 (potato) does not include the vulnerable\nsnprintf implementation. For Debian 3.0 (woody) an updated package is available\nin version 4.0.4-2.woody.3. Users running an unreleased version of Debian\nshould upgrade to 4.0.4-9 or newer. We recommend you upgrade your qpopper\npackage immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nYuji Takahashi discovered a bug in analog which allows a cross-site\nscripting type attack. It is easy for an attacker to insert arbitrary\nstrings into any web server logfile. If these strings are then\nanalysed by analog, they can appear in the report. By this means an\nattacker can introduce arbitrary Javascript code, for example, into an\nanalog report produced by someone else and read by a third person.\nAnalog already attempted to encode unsafe characters to avoid this\ntype of attack, but the conversion was incomplete.
\nThis problem has been fixed in the upstream version 5.22 of analog.\nUnfortunately patching the old version of analog in the stable\ndistribution of Debian instead is a very large job that defeats us.
\nWe recommend that you upgrade your analog package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nA buffer overflow was discovered in the Firebird database server, which\ncould result in the execution of arbitrary code.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.3.18185-0.ds1-11+squeeze1.
\nFor the testing distribution (wheezy), firebird2.1 will be removed in\nfavour of firebird2.5.
\nFor the unstable distribution (sid), firebird2.1 will be removed in\nfavour of firebird2.5.
\nWe recommend that you upgrade your firebird2.1 packages.
\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, privilege escalation or a sensitive\nmemory leak. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nChris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.
Roland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.
Roland McGrath discovered an issue on amd64 kernels with\n CONFIG_SECCOMP enabled. By making a specially crafted syscall,\n local users can bypass access restrictions.
Jiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM_INFO shmctl call on kernels\n compiled with CONFIG_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.
Mikulas Patocka reported an issue in the console subsystem that\n allows a local user to cause memory corruption by selecting a\n small number of 3-byte UTF-8 characters.
Igor Zhbanov reported that nfsd was not properly dropping\n CAP_MKNOD, allowing users to create device nodes on file systems\n exported with root_squash.
Dan Carpenter reported a coding issue in the selinux subsystem\n that allows local users to bypass certain networking checks when\n running with compat_net=1.
Shaohua Li reported an issue in the AGP subsystem they may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.
Benjamin Gilbert reported a local denial of service vulnerability\n in the KVM VMX implementation that allows local users to trigger\n an oops.
Thomas Pollet reported an overflow in the af_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.
Oleg Nesterov discovered an issue in the exit_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit_signal field and then\n uses an exec system call to launch a setuid application.
Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to\n reach processes outside of the current process namespace.
Pavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.
For the oldstable distribution (etch), these problems, where applicable,\nwill be fixed in future updates to linux-2.6 and linux-2.6.24.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-15lenny2.
\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.
\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTuomas R\u00e4s\u00e4nen discovered two vulnerabilities in unADF, a tool to extract\nfiles from an Amiga Disk File dump (.adf):
\nA stack buffer overflow in the function extractTree() might allow an\n attacker, with control on the content of a ADF file, to execute\n arbitrary code with the privileges of the program execution.
The unADF extractor creates the path in the destination via a mkdir\n in a system() call. Since there was no sanitization on the input of\n the filenames, an attacker can directly inject code in the pathnames\n of archived directories in an ADF file.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.7.11a-3+deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.7.11a-3+deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.7.11a-4.
\nWe recommend that you upgrade your unadf packages.
\nSeveral vulnerabilities were discovered in Libvirt, a virtualisation\nabstraction library. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nRichard Jones and Daniel P. Berrange found that libvirt passes the\n XML_PARSE_NOENT flag when parsing XML documents using the libxml2\n library, in which case all XML entities in the parsed documents are\n expanded. A user able to force libvirtd to parse an XML document\n with an entity pointing to a special file that blocks on read access\n could use this flaw to cause libvirtd to hang indefinitely,\n resulting in a denial of service on the system.
Luyao Huang of Red Hat found that the qemu implementation of\n virDomainGetBlockIoTune computed an index into the array of disks\n for the live definition, then used it as the index into the array of\n disks for the persistent definition, which could result into an\n out-of-bounds read access in qemuDomainGetBlockIoTune().
\nA remote attacker able to establish a read-only connection to\n libvirtd could use this flaw to crash libvirtd or, potentially, leak\n memory from the libvirtd process.
For the stable distribution (wheezy), these problems have been fixed in\nversion 0.9.12.3-1+deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.8-2.
\nWe recommend that you upgrade your libvirt packages.
\nFabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia\nplayer and streamer:
\nThe MP4 demuxer, when parsing string boxes, did not properly check\n the length of the box, leading to a possible integer underflow when\n using this length value in a call to memcpy(). This could allow\n remote attackers to cause a denial of service (crash) or arbitrary\n code execution via crafted MP4 files.
The MP4 demuxer, when parsing string boxes, did not properly check\n that the conversion of the box length from 64bit integer to 32bit\n integer on 32bit platforms did not cause a truncation, leading to\n a possible buffer overflow. This could allow remote attackers to\n cause a denial of service (crash) or arbitrary code execution via\n crafted MP4 files.
The MP4 demuxer, when parsing string boxes, did not properly check\n the length of the box, leading to a possible buffer overflow. This\n could allow remote attackers to cause a denial of service (crash)\n or arbitrary code execution via crafted MP4 files.
The Dirac and Schroedinger encoders did not properly check for an\n integer overflow on 32bit platforms, leading to a possible buffer\n overflow. This could allow remote attackers to cause a denial of\n service (crash) or arbitrary code execution.
For the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.3-5+deb7u2.
\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.2.0~rc2-2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.0~rc2-2.
\nWe recommend that you upgrade your vlc packages.
\niDEFENSE discovered an integer overflow in the pdftops filter from the\nxpdf package that can be exploited to gain the privileges of the\ntarget user. This can lead to gaining unauthorized access to the 'lp'\nuser if the pdftops program is part of the print filter.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 1.00-3.1.
\nFor the old stable distribution (potato) this problem has been\nfixed in version 0.90-8.1.
\nFor the unstable distribution (sid) this problem has been\nfixed in version 2.01-2.
\nWe recommend that you upgrade your xpdf package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nilxu1a reported a flaw in Mozilla's implementation of typed array\n bounds checking in JavaScript just-in-time compilation (JIT) and its\n management of bounds checking for heap access. This flaw can be\n leveraged into the reading and writing of memory allowing for\n arbitary code execution on the local system.
Mariusz Mlynski discovered a method to run arbitrary scripts in a\n privileged context. This bypassed the same-origin policy protections\n by using a flaw in the processing of SVG format content navigation.
For the stable distribution (wheezy), these problems have been fixed in\nversion 31.5.3esr-1~deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.5.3esr-1.
\nWe recommend that you upgrade your iceweasel packages.
\nIt was discovered that Exim, a mail transport agent, is not properly\nhandling the decoding of DNS records for DKIM. Specifically, crafted\nrecords can yield to a heap-based buffer overflow. An attacker can\nexploit this flaw to execute arbitrary code.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze3.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 4.80-5.1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.80-5.1.
\nWe recommend that you upgrade your exim4 packages.
\nBrian Mastenbrook discovered that rails, the MVC ruby based framework\ngeared for web application development, is prone to cross-site scripting\nattacks via malformed strings in the form helper.
\nFor the oldstable distribution (etch) security support has been\ndiscontinued. It has been reported that rails in oldstable is unusable\nand several features that are affected by security issues are broken due\nto programming issues. It is highly recommended to upgrade to the\nversion in stable (lenny).
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 2.2.3-1.
\nWe recommend that you upgrade your rails packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nEmese Revfy provided a fix for an information leak in the tkill and\n tgkill system calls. A local user on a 64-bit system may be able to\n gain access to sensitive memory contents.
Jonathan Salwan reported an information leak in the CD-ROM driver. A\n local user on a system with a malfunctioning CD-ROM drive could gain\n access to sensitive memory.
Karl Heiss reported an issue in the Linux SCTP implementation. A remote\n user could cause a denial of service (system crash).
Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6\n subsystem. Local users could cause a denial of service by using an\n AF_INET6 socket to connect to an IPv4 destination.
Mathias Krause reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.
Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.
Jonathan Salwan discovered multiple memory leaks in the openvz kernel\n flavor. Local users could gain access to sensitive kernel memory.
Kees Cook reported an issue in the block subsystem. Local users with\n uid 0 could gain elevated ring 0 privileges. This is only a security\n issue for certain specially configured systems.
Kees Cook reported an issue in the b43 network driver for certain Broadcom\n wireless devices. Local users with uid 0 could gain elevated ring 0\n privileges. This is only a security issue for certain specially configured\n systems.
Kees Cook reported an issue in the HID driver subsystem. A local user,\n with the ability to attach a device, could cause a denial of service\n (system crash).
Kees Cook reported an issue in the pantherlord HID device driver. Local\n users with the ability to attach a device could cause a denial of service\n or possibly gain elevated privileges.
For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze4.
\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | \nDebian 6.0 (squeeze) | \n
---|---|
user-mode-linux | \n2.6.32-1um-4+48squeeze4 | \n
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n
Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.
\nSeveral vulnerabilities were found in libexif, a library used to parse EXIF\nmeta-data on camera files.
\nA heap-based out-of-bounds array read in the exif_entry_get_value\n function allows remote attackers to cause a denial of service or possibly\n obtain potentially sensitive information from process memory via an image\n with crafted EXIF tags.
A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8\n function allows remote attackers to cause a denial of service or possibly\n obtain potentially sensitive information from process memory via an image\n with crafted EXIF tags.
A buffer overflow in the exif_entry_format_value function allows remote\n attackers to cause a denial of service or possibly execute arbitrary code\n via an image with crafted EXIF tags.
A heap-based out-of-bounds array read in the exif_data_load_data function\n allows remote attackers to cause a denial of service or possibly obtain\n potentially sensitive information from process memory via an image with\n crafted EXIF tags.
A divide-by-zero error in the mnote_olympus_entry_get_value function\n while formatting EXIF maker note tags allows remote attackers to cause a\n denial of service via an image with crafted EXIF tags.
An off-by-one error in the exif_convert_utf16_to_utf8 function allows\n remote attackers to cause a denial of service or possibly execute\n arbitrary code via an image with crafted EXIF tags.
An integer underflow in the exif_entry_get_value function can cause a\n heap overflow and potentially arbitrary code execution while formatting an\n EXIF tag, if the function is called with a buffer size parameter equal to\n zero or one.
For the stable distribution (squeeze), these problems have been fixed in\nversion 0.6.19-1+squeeze1.
\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 0.6.20-3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.6.20-3.
\nWe recommend that you upgrade your libexif packages.
\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.
\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 6b27-1.12.6-1~deb6u1.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b27-1.12.6-1~deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6b27-1.12.6-1.
\nWe recommend that you upgrade your openjdk-6 packages.
\nIvan Zhakov discovered an integer overflow in mod_dav_svn, which allows\nan attacker with write access to the server to execute arbitrary code or\ncause a denial of service.
\nThe oldstable distribution (wheezy) is not affected.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.8.10-6+deb8u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3-1.
\nWe recommend that you upgrade your subversion packages.
\nThomas Springer found a vulnerability in GNUJSP, a Java servlet that\nallows you to insert Java source code into HTML files. The problem\ncan be used to bypass access restrictions in the web server. An\nattacker can view the contents of directories and download files\ndirectly rather then receiving their HTML output. This means that the\nsource code of scripts could also be revealed.
\nThe problem was fixed by Stefan Gybas, who maintains the Debian\npackage of GNUJSP. It is fixed in version 1.0.0-5 for the stable\nrelease of Debian GNU/Linux.
\nThe versions in testing and unstable are the same as the one in stable\nso they are vulnerable, too. You can install the fixed version this\nadvisory refers to on these systems to solve the problem as this\npackage is architecture independent.
\nWe recommend that you upgrade your gnujsp package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nThomas Graf reported a typo in the IPv4 protocol handler that could\n be used by a local attacker to overrun an array via crafted packets,\n potentially resulting in a Denial of Service (system crash).\n The DECnet counterpart of this issue was already fixed in DSA-1356.
iDefense reported a potential integer underflow in the cpuset filesystem\n which may permit local attackers to gain access to sensitive kernel\n memory. This vulnerability is only exploitable if the cpuset filesystem\n is mounted.
The PaX Team discovered a potential buffer overflow in the random number\n generator which may permit local users to cause a denial of service or\n gain additional privileges. This issue is not believed to effect default\n Debian installations where only root has sufficient privileges to exploit\n it.
A coding error in the CIFS subsystem permits the use of unsigned messages\n even if the client has configured the system to enforce\n signing by passing the sec=ntlmv2i mount option. This may allow remote\n attackers to spoof CIFS network traffic.
Alan Cox reported an issue in the aacraid driver that allows unprivileged\n local users to make ioctl calls which should be restricted to admin\n privileges.
These problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-13etch2.
\nThe following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | Debian 4.0 (etch) |
---|---|
fai-kernels | 1.17+etch5 |
user-mode-linux | 2.6.18-1um-2etch4 |
We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities were discovered in the dissectors/parsers for\nRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial\nof service.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy12.
\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.
\nWe recommend that you upgrade your wireshark packages.
\nThis update only covers binary packages for the big endian MIPS\narchitecture that was mysteriously forgotten in the earlier update.\nFor completeness below is the original advisory text:
\n\n\nA stack-based buffer overflow in the init_syms function of MySQL, a\npopular database, has been discovered that allows remote authenticated\nusers who can create user-defined functions to execute arbitrary code\nvia a long function_name field. The ability to create user-defined\nfunctions is not typically granted to untrusted users.
\n
The following vulnerability matrix explains which version of MySQL in\nwhich distribution has this problem fixed:
\n\u00a0 | \nwoody | \nsarge | \nsid | \n
---|---|---|---|
mysql | \n3.23.49-8.14 | \nn/a | \nn/a | \n
mysql-dfsg | \nn/a | \n4.0.24-10sarge1 | \n4.0.24-10sarge1 | \n
mysql-dfsg-4.1 | \nn/a | \n4.1.11a-4sarge2 | \n4.1.14-2 | \n
mysql-dfsg-5.0 | \nn/a | \nn/a | \n5.0.11beta-3 | \n
We recommend that you upgrade your mysql-dfsg-4.1 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.43-0+deb7u1.
\nFor the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already available\nthrough jessie-security.
\nWe recommend that you upgrade your mysql-5.5 packages.
\nA buffer overflow has been discovered in the Radius extension for PHP.\nThe function handling Vendor Specific Attributes assumed that the\nattributes given would always be of valid length. An attacker could\nuse this assumption to trigger a buffer overflow.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.5-2+squeeze1.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.5-2.3+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.5-2.4.
\nWe recommend that you upgrade your php-radius packages.
\nSeveral remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nIt was discovered that the RTF and RFC2397 parsers can be tricked\n into dereferencing a NULL pointer, resulting in denial of service.
It was discovered that clamav-milter performs insufficient input\n sanitising, resulting in the execution of arbitrary shell commands.
The oldstable distribution (sarge) is only affected by a subset of\nthe problems. An update will be provided later.
\nFor the stable distribution (etch) these problems have been fixed\nin version 0.90.1-3etch7.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.91.2-1.
\nWe recommend that you upgrade your clamav packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in strongswan, an\nimplementation of the IPSEC and IKE protocols. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nThe charon daemon can crash when processing certain crafted IKEv2\npackets. (The old stable distribution (etch) was not affected by\nthese two problems because it lacks IKEv2 support.)
The pluto daemon could crash when processing a crafted X.509\ncertificate.
For the old stable distribution (etch), these problems have been fixed\nin version 2.8.0+dfsg-1+etch2.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 4.2.4-5+lenny3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.3.2-1.1.
\nWe recommend that you upgrade your strongswan packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIlja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.
\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 2:1.1.1-2+squeeze1.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2:1.1.3-2+deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:1.1.3-2+deb7u1.
\nWe recommend that you upgrade your libxxf86dga packages.
\nYamada Yasuharu discovered that cURL, an URL transfer library, is\nvulnerable to expose potentially sensitive information when doing\nrequests across domains with matching tails. Due to a bug in the\ntailmatch function when matching domain names, it was possible that\ncookies set for a domain ample.com
could accidentally also be sent\nby libcurl when communicating with example.com
.
Both curl the command line tool and applications using the libcurl\nlibrary are vulnerable.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze3.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.29.0-2.1.
\nWe recommend that you upgrade your curl packages.
\nSeveral issues have been discovered in libcgroup, a library to control\nand monitor control groups:
\nHeap-based buffer overflow by converting list of controllers for\n given task into an array of strings could lead to privilege\n escalation by a local attacker.
libcgroup did not properly check the origin of Netlink messages,\n allowing a local attacker to send crafted Netlink messages which\n could lead to privilege escalation.
The oldstable distribution (lenny) does not contain libcgroup packages.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.36.2-3+squeeze1.
\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem will be fixed soon.
\nWe recommend that you upgrade your libcgroup packages.
\nMultiple vulnerabilities were discovered in the dissectors/parsers for\nPcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP,\n802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL\nand Sniffer which could result in denial of service.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.8.2-5wheezy17.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u4.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.0.2+ga16e22e-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.2+ga16e22e-1.
\nWe recommend that you upgrade your wireshark packages.
\nIt was discovered that OpenIPMI, the Intelligent Platform Management\nInterface library and tools, used too wide permissions PID file,\nwhich allows local users to kill arbitrary processes by writing to\nthis file.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.8.9-2+squeeze1. (Although the version number contains the\nstring squeeze
, this is in fact an update for lenny.)
For the stable distribution (squeeze), this problem has been fixed in\nversion 1.8.11-2+squeeze2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.11-5.
\nWe recommend that you upgrade your ipmitool packages.
\nSpybreak discovered a problem in scrollkeeper, a free electronic\ncataloging system for documentation. The scrollkeeper-get-cl program\ncreates temporary files in an insecure manner in /tmp using guessable\nfilenames. Since scrollkeeper is called automatically when a user\nlogs into a Gnome session, an attacker with local access can easily\ncreate and overwrite files as another user.
\nThis problem has been fixed in version 0.3.6-3.1 for the current\nstable distribution (woody) and in version 0.3.11-2 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected, since it doesn't contain the scrollkeeper package.
\nWe recommend that you upgrade your scrollkeeper packages immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nAndrew Bartlett of Catalyst reported a defect affecting certain\napplications using the Libevent evbuffer API. This defect leaves\napplications which pass insanely large inputs to evbuffers open to a\npossible heap overflow or infinite loop. In order to exploit this flaw,\nan attacker needs to be able to find a way to provoke the program into\ntrying to make a buffer chunk larger than what will fit into a single\nsize_t or off_t.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.0.19-stable-3+deb7u1.
\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your libevent packages.
\nSteve Kemp discovered a buffer overflow in the environment variable\nhandling of conquest, a curses based, real-time, multi-player space\nwarfare game, which could lead a local attacker to gain unauthorised\naccess to the group conquest.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 7.1.1-6woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 7.2-5.
\nWe recommend that you upgrade your conquest package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nThomas de Grenier de Latour discovered that the checkrestart tool in the\ndebian-goodies suite of utilities, allowed local users to gain privileges\nvia shell metacharacters in the name of the executable file for a running\nprocess.
\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 0.24+sarge1.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.27+etch1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.34.
\nWe recommend that you upgrade your debian-goodies package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo cross-site scripting vulnerabilities have been found in Horizon,\na web application to control an OpenStack cloud.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2014.1.3-7+deb8u2.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 3:9.0.1-2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3:9.0.1-2.
\nWe recommend that you upgrade your horizon packages.
\nTwo local vulnerabilities have been discovered in samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nRonald Volgers discovered that a race condition in mount.cifs\n allows local users to mount remote filesystems over arbitrary\n mount points.
Jeff Layton discovered that missing input sanitising in mount.cifs\n allows denial of service by corrupting /etc/mtab.
For the stable distribution (lenny), these problems have been fixed in\nversion 2:3.2.5-4lenny9.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.4.5~dfsg-2.
\nWe recommend that you upgrade your samba packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.
\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.23, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:
\nhttps://php.net/ChangeLog-5.php#5.6.23
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.23+dfsg-0+deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.8-1 of the php7.0 source package.
\nWe recommend that you upgrade your php5 packages.
\nMultiple security issues have been found in file, a tool/library to\ndetermine a file type. Processing a malformed file could result in\ndenial of service. Most of the changes are related to parsing ELF\nfiles.
\nAs part of the fixes, several limits on aspects of the detection were\nadded or tightened, sometimes resulting in messages like recursion\nlimit exceeded
or too many program header sections
.
To mitigate such shortcomings, these limits are controllable by a new\n- -P, --parameter option in the file program.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.11-2+deb7u7.
\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:5.21+15-1.
\nWe recommend that you upgrade your file packages.
\nEric Sesterhenn, from X41 D-Sec GmbH, discovered several\nvulnerabilities in tnef, a tool used to unpack MIME attachments of\ntype application/ms-tnef
. Multiple heap overflows, type confusions\nand out of bound reads and writes could be exploited by tricking a\nuser into opening a malicious attachment. This would result in denial\nof service via application crash, or potential arbitrary code\nexecution.
For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.9-1+deb8u1.
\nWe recommend that you upgrade your tnef packages.
\nIt was discovered that libapache2-mod-authnz-external, an apache\nauthentication module, is prone to an SQL injection via the $user\nparameter.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.4-2+squeeze1.
\nThe oldstable distribution (lenny) does not contain\nlibapache2-mod-authnz-external.
\nFor the testing distribution (wheezy), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.4-2.1.
\nWe recommend that you upgrade your libapache2-mod-authnz-external packages.
\nNicolas Gregoire discovered that libxslt, an XSLT processing runtime\nlibrary, is prone to denial of service vulnerabilities via crafted XSL\nstylesheets.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.26-6+squeeze3.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.1.26-14.1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.26-14.1.
\nWe recommend that you upgrade your libxslt packages.
\nMordred Labs and others found several vulnerabilities in PostgreSQL,\nan object-relational SQL database. They are inherited from several\nbuffer overflows and integer overflows. Specially crafted long date\nand time input, currency, repeat data and long timezone names could\ncause the PostgreSQL server to crash as well as specially crafted\ninput data for lpad() and rpad(). More buffer/integer overflows were\nfound in circle_poly(), path_encode() and path_addr().
\nExcept for the last three, these problems are fixed in the upstream\nrelease 7.2.2 of PostgreSQL which is the recommended version to use.
\nMost of these problems do not exist in the version of PostgreSQL that\nDebian ships in the potato release since the corresponding\nfunctionality is not yet implemented. However, PostgreSQL 6.5.3 is\nquite old and may bear more risks than we are aware of, which may\ninclude further buffer overflows, and certainly include bugs that\nthreaten the integrity of your data.
\nYou are strongly advised not to use this release but to upgrade your\nsystem to Debian 3.0 (stable) including PostgreSQL release 7.2.1\ninstead, where many bugs have been fixed and new features introduced\nto increase compatibility with the SQL standards.
\nIf you consider an upgrade, please make sure to dump the entire\ndatabase system using the pg_dumpall utility. Please take into\nconsideration that the newer PostgreSQL is more strict in its input\nhandling. This means that tests like \"foo = NULL\" which are not valid\nwon't be accepted anymore. It also means that when using UNICODE\nencoding, ISO 8859-1 and ISO 8859-15 are no longer valid encodings to\nuse when inserting data into the relation. In such a case you are\nadvised to convert the dump in question using\nrecode latin1..utf-16.
\nThese problems have been fixed in version 7.2.1-2woody2 for the\ncurrent stable distribution (woody) and in version 7.2.2-2 for the\nunstable distribution (sid). The old stable distribution (potato) is\npartially affected and we ship a fixed version 6.5.3-27.2 for it.
\nWe recommend that you upgrade your PostgreSQL packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:
\nThilo Uttendorfer of Linux Information Systems AG discovered that a\n malicious request can cause the Samba LDAP server to hang, spinning\n using CPU. A remote attacker can take advantage of this flaw to\n mount a denial of service.
Jan Yenya
Kasprzak and the Computer Systems Unit team at Faculty\n of Informatics, Masaryk University discovered that insufficient\n symlink verification could allow data access outside an exported\n share path.
Stefan Metzmacher of SerNet discovered that Samba does not ensure\n that signing is negotiated when creating an encrypted client\n connection to a server. This allows a man-in-the-middle attacker to\n downgrade the connection and connect using the supplied credentials\n as an unsigned, unencrypted connection.
It was discovered that a missing access control check in the VFS\n shadow_copy2 module could allow unauthorized users to access\n snapshots.
Douglas Bagnall of Catalyst discovered that the Samba LDAP server\n is vulnerable to a remote memory read attack. A remote attacker can\n obtain sensitive information from daemon heap memory by sending\n crafted packets and then either read an error message, or a\n database value.
It was discovered that a malicious client can send packets that\n cause the LDAP server provided by the AD DC in the samba daemon\n process to consume unlimited memory and be terminated.
Andrew Bartlett of the Samba Team and Catalyst discovered that a\n Samba server deployed as an AD DC can expose Windows DCs in the same\n domain to a denial of service via the creation of multiple machine\n accounts. This issue is related to the MS15-096 / CVE-2015-2535\n security issue in Windows.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.6.6-6+deb7u6. The oldstable distribution (wheezy) is only\naffected by CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.17+dfsg-2+deb8u1. The fixes for CVE-2015-3223 and\nCVE-2015-5330 required an update to ldb 2:1.1.17-2+deb8u1 to correct the\ndefects.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.1.22+dfsg-1. The fixes for CVE-2015-3223 and CVE-2015-5330\nrequired an update to ldb 2:1.1.24-1 to correct the defects.
\nWe recommend that you upgrade your samba packages.
\nIlja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:4.0.5-1+squeeze1.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:5.0-4+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:5.0-4+deb7u1.
\nWe recommend that you upgrade your libxfixes packages.
\nTwo vulnerabilities were discovered in Drupal, a fully-featured content\nmanagement framework. The Common Vulnerabilities and Exposures project\nidentifies the following issues:
\nAaron Averill discovered that a specially crafted request can give a\n user access to another user's session, allowing an attacker to\n hijack a random session.
Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered\n that the password hashing API allows an attacker to send\n specially crafted requests resulting in CPU and memory\n exhaustion. This may lead to the site becoming unavailable or\n unresponsive (denial of service).
Custom configured session.inc and password.inc need to be audited as\nwell to verify if they are prone to these vulnerabilities. More\ninformation can be found in the upstream advisory at\nhttps://www.drupal.org/SA-CORE-2014-006
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.14-2+deb7u8.
\nWe recommend that you upgrade your drupal7 packages.
\nA problem has been discovered in the IAX2 channel driver of Asterisk,\nan Open Source Private Branch Exchange and telephony toolkit, which\nmay allow a remote attacker to cause a crash of the Asterisk server.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.0.7.dfsg.1-2sarge3.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your asterisk packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that the REXML parser, part of the interpreter for the\nRuby language, could be coerced into allocating large string objects that\ncould consume all available memory on the system. This could allow remote\nattackers to cause a denial of service (crash).
\nFor the stable distribution (wheezy), this problem has been fixed in version\n1.8.7.358-7.1+deb7u2.
\nFor the upcoming stable distribution (jessie), this problem has been fixed in\nversion 2.1.5-1 of the ruby2.1 source package.
\nFor the unstable distribution (sid), this problem has been fixed in version\n2.1.5-1 of the ruby2.1 source package.
\nWe recommend that you upgrade your ruby1.8 packages.
\n\"Vade 79\" discovered that the BGP dissector in tcpdump, a powerful\ntool for network monitoring and data acquisition, does not properly\nhandle RT_ROUTING_INFO. A specially crafted BGP packet can cause a\ndenial of service via an infinite loop.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.6.2-2.9.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.8.3-4.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.8.3-4.
\nWe recommend that you upgrade your tcpdump package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been fixed in Wordpress, the popular\nblogging engine.
\nSQL Injection allowed a remote attacker to compromise the site.
The robustness of the shortcodes HTML tags filter has been\n improved. The parsing is a bit more strict, which may affect\n your installation. This is the corrected version of the patch\n that needed to be reverted in DSA 3328-2.
A potential timing side-channel attack in widgets.
An attacker could lock a post that was being edited.
Cross site scripting in a widget title allows an attacker to\n steal sensitive information.
Fix some broken links in the legacy theme preview.
The issues were discovered by Marc-Alexandre Montpas of Sucuri,\nHelen Hou-Sand\u00ed of the WordPress security team, Netanel Rubin of Check Point,\nIvan Grigorov, Johannes Schmitt of Scrutinizer and Mohamed A. Baset.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u4.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.2.4+dfsg-1.
\nWe recommend that you upgrade your wordpress packages.
\nIt was discovered that BIND, an implementation of the DNS protocol\nsuite, does not properly check the result of an OpenSSL function which\nis used to verify DSA cryptographic signatures. As a result,\nincorrect DNS resource records in zones protected by DNSSEC could be\naccepted as genuine.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch4.
\nFor the unstable distribution (sid) and the testing distribution\n(lenny), this problem will be fixed soon.
\nWe recommend that you upgrade your BIND packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in Moodle, a\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nMoodle does not enable the Regenerate session id during\n\tlogin
setting by default, which makes it easier for remote\n\tattackers to conduct session fixation attacks.
Multiple cross-site scripting (XSS) vulnerabilities allow\n\tremote attackers to inject arbitrary web script or HTML via\n\tvectors related to (1) the Login-As feature or (2) when the\n\tglobal search feature is enabled, unspecified global search\n\tforms in the Global Search Engine.
Multiple SQL injection vulnerabilities allow remote attackers\n\tto execute arbitrary SQL commands via vectors related to (1)\n\tthe add_to_log function in mod/wiki/view.php in the wiki\n\tmodule, or (2) data validation in some forms elements
\n\trelated to lib/form/selectgroups.php.
Moodle can create new roles when restoring a course, which\n\tallows teachers to create new accounts even if they do not\n\thave the moodle/user:create capability.
user/view.php does not properly check a role, which allows\n\tremote authenticated users to obtain the full names of other\n\tusers via the course profile page.
A Cross-site scripting (XSS) vulnerability in the phpCAS\n\tclient library allows remote attackers to inject arbitrary web\n\tscript or HTML via a crafted URL, which is not properly\n\thandled in an error message.
A Cross-site scripting (XSS) vulnerability in the\n\tfix_non_standard_entities function in the KSES HTML text\n\tcleaning library (weblib.php) allows remote attackers to\n\tinject arbitrary web script or HTML via crafted HTML entities.
A Cross-site scripting (XSS) vulnerability in the MNET\n\taccess-control interface allows remote attackers to inject\n\tarbitrary web script or HTML via vectors involving extended\n\tcharacters in a username.
Multiple cross-site scripting (XSS) vulnerabilities in\n\tblog/index.php allow remote attackers to inject arbitrary web\n\tscript or HTML via unspecified parameters.
The KSES text cleaning filter in lib/weblib.php does\n\tnot properly handle vbscript URIs, which allows remote\n\tauthenticated users to conduct cross-site scripting (XSS)\n\tattacks via HTML input.
A Cross-site request forgery (CSRF) vulnerability in\n\treport/overview/report.php in the quiz module allows remote\n\tattackers to hijack the authentication of arbitrary users for\n\trequests that delete quiz attempts via the attemptid\n\tparameter.
This security update switches to a new upstream version and requires\ndatabase updates. After installing the fixed package, you must visit\n<http://localhost/moodle/admin/> and follow the update instructions.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.8.13-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.9.dfsg2-1.
\nWe recommend that you upgrade your moodle package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJason Geffner discovered a buffer overflow in the emulated floppy\ndisk drive, resulting in potential privilege escalation.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.18-dfsg-2+deb7u5.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.18-dfsg-3+deb8u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.3.28-dfsg-1.
\nWe recommend that you upgrade your virtualbox packages.
\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver with\nminimal memory footprint, which could allow the execution of arbitrary code via\nthe overflow of CGI variables when mod_fcgi was enabled. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nThe use of mod_auth could leave to a denial of service attack crashing\n the webserver.
The improper handling of repeated HTTP headers could cause a denial\n of service attack crashing the webserver.
A bug in mod_access potentially allows remote users to bypass\n access restrictions via trailing slash characters.
On 32-bit platforms users may be able to create denial of service\n attacks, crashing the webserver, via mod_webdav, mod_fastcgi, or\n mod_scgi.
For the stable distribution (etch), these problems have been fixed in version\n1.4.13-4etch4.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.16-1.
\nWe recommend that you upgrade your lighttpd package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nThis is an update to DSA 1428-1 which omitted a reference to CVE-2007-5904.
\nEric Sandeen provided a backport of Tejun Heo's fix for a local denial\n of service vulnerability in sysfs. Under memory pressure, a dentry\n structure maybe reclaimed resulting in a bad pointer dereference causing\n an oops during a readdir.
Chris Evans discovered an issue with certain drivers that make use of the\n Linux kernel's ieee80211 layer. A remote user could generate a malicious\n 802.11 frame that could result in a denial of service (crash). The ipw2100\n driver is known to be affected by this issue, while the ipw2200 is\n believed not to be.
Scott James Remnant diagnosed a coding error in the implementation of\n ptrace which could be used by a local user to cause the kernel to enter\n an infinite loop.
Przemyslaw Wegrzyn discovered an issue in the CIFS filesystem that could\n allow a malicious server to cause a denial of service (crash) by overflowing\n a buffer.
These problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-13etch5.
\nThe following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | Debian 4.0 (etch) |
---|---|
fai-kernels | 1.17+etch.13etch5 |
user-mode-linux | 2.6.18-1um-2etch.13etch5 |
We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nZorgon found several buffer overflows in cfsd, a daemon that pushes\nencryption services into the Unix(tm) file system. We are not yet\nsure if these overflows can successfully be exploited to gain root\naccess to the machine running the CFS daemon. However, since cfsd can\neasily be forced to die, a malicious user can easily perform a denial\nof service attack to it.
\nThis problem has been fixed in version 1.3.3-8.1 for the stable Debian\ndistribution and in version 1.4.1-5 for the testing and unstable\ndistribution of Debian.
\nWe recommend that you upgrade your cfs package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMultiple vulnerabilities have been found in the Graphite font rendering\nengine which might result in denial of service or the execution of\narbitrary code if a malformed font file is processed.
\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.3.10-1~deb8u1.
\nFor the stable distribution (stretch), these problems have been fixed\nprior to the initial release.
\nWe recommend that you upgrade your graphite2 packages.
\nA vulnerability was discovered in libnids, a library used to analyze\nIP network traffic, whereby a carefully crafted TCP datagram could\ncause memory corruption and potentially execute arbitrary code with\nthe privileges of the user executing a program which uses libnids\n(such as dsniff).
\nFor the current stable distribution (woody) this problem has been\nfixed in version 1.16-3woody1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you update your libnids package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities were discovered in TYPO3, a content management\nsystem.
\nAn insecure call to unserialize in the help system enables\n\tarbitrary code execution by authenticated users.
The TYPO3 backend contains several cross-site scripting\n\tvulnerabilities.
Authenticated users who can access the configuration module\n\tcan obtain the encryption key, allowing them to escalate their\n\tprivileges.
The RemoveXSS HTML sanitizer did not remove several HTML5\n\tJavaScript, thus failing to mitigate the impact of cross-site\n\tscripting vulnerabilities.
For the stable distribution (squeeze), these problems have been fixed\nin version 4.3.9+dfsg1-1+squeeze5.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 4.5.19+dfsg1-1.
\nWe recommend that you upgrade your typo3-src packages.
\nSeveral vulnerabilities have been found in PostgreSQL-9.4, a SQL\ndatabase system.
\nJosh Kupershmidt discovered a vulnerability in the crypt() function\n in the pgCrypto extension. Certain invalid salt arguments can cause\n the server to crash or to disclose a few bytes of server memory.
Oskari Saarenmaa discovered that json or jsonb input values\n constructed from arbitrary user input can crash the PostgreSQL\n server and cause a denial of service.
For the stable distribution (jessie), these problems have been fixed in\nversion 9.4.5-0+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 9.4.5-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.4.5-1.
\nWe recommend that you upgrade your postgresql-9.4 packages.
\nJaguar discovered a vulnerability in one component of xpcd, a PhotoCD\nviewer. xpcd-svga, part of xpcd which uses svgalib to display\ngraphics on the console, would copy user-supplied data of arbitrary\nlength into a fixed-size buffer in the pcd_open function.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 2.08-8woody2.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you update your xpcd package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that libzmq, a lightweight messaging kernel, is\nsusceptible to a protocol downgrade attack on sockets using the ZMTP v3\nprotocol. This could allow remote attackers to bypass ZMTP v3 security\nmechanisms by sending ZMTP v2 or earlier headers.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.0.5+dfsg-2+deb8u1.
\nFor the testing distribution (stretch), this problem has been fixed in\nversion 4.0.5+dfsg-3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.5+dfsg-3.
\nWe recommend that you upgrade your zeromq3 packages.
\nSebastian Krahmer discovered that Postfix, a mail transfer agent,\nincorrectly checks the ownership of a mailbox. In some configurations,\nthis allows for appending data to arbitrary files as root.
\nNote that only specific configurations are vulnerable; the default\nDebian installation is not affected. Only a configuration meeting\nthe following requirements is vulnerable:
\nFor a detailed treating of the issue, please refer to the upstream\nauthor's announcement.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.3.8-2+etch1.
\nFor the testing distribution (lenny), this problem has been fixed in\nversion 2.5.2-2lenny1.
\nFor the unstable distribution (sid), this problem has been fixed\nin version 2.5.4-1.
\nWe recommend that you upgrade your postfix package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nInsufficient input sanitization in Ganglia, a web based monitoring system,\ncould lead to remote PHP script execution with permissions of the user running\nthe web server.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.7-1+squeeze1.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.3.8-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.3.8-1.
\nWe recommend that you upgrade your ganglia packages.
\nJames Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier\ndiscovered that twig, a templating engine for PHP, did not correctly\nprocess its input. End users allowed to submit twig templates could\nuse specially crafted code to trigger remote code execution, even in\nsandboxed templates.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.16.2-1+deb8u1.
\nFor the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 1.20.0-1.
\nWe recommend that you upgrade your twig packages.
\nDan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from\nthe official KDE release, does not properly handle a '\\0' character in a domain\nname in the Subject Alternative Name field of an X.509 certificate, which allows\nman-in-the-middle attackers to spoof arbitrary SSL servers via a crafted\ncertificate issued by a legitimate Certification Authority.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 4:3.5.5a.dfsg.1-8etch3.
\nDue to a bug in the archive system, the fix for the stable distribution\n(lenny), will be released as version 4:3.5.10.dfsg.1-0lenny3 once it is\navailable.
\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 4:3.5.10.dfsg.1-2.1.
\nWe recommend that you upgrade your kdelibs packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that git-annex, a tool to manage files with git\nwithout checking their contents in, did not correctly handle\nmaliciously constructed ssh:// URLs. This allowed an attacker to run\nan arbitrary shell command.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 5.20141125+deb8u1.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 6.20170101-1+deb9u1.
\nWe recommend that you upgrade your git-annex packages.
\nIngo Saitz discovered a bug in mikmod whereby a long filename inside\nan archive file can overflow a buffer when the archive is being read\nby mikmod.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.1.6-4woody3.
\nFor old stable distribution (potato) this problem has been fixed in\nversion 3.1.6-2potato3.
\nFor the unstable distribution (sid) this problem is fixed in version\n3.1.6-6.
\nWe recommend that you update your mikmod package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nA problem has been discovered in the processing of chat messages.\nOverly long messages are truncated by the server to a fixed length,\nwithout paying attention to the multibyte characters. This leads to\ninvalid UTF-8 on clients and causes an uncaught exception. Note that\nboth wesnoth and the wesnoth server are affected.
\nFor the old stable distribution (sarge) this problem has been fixed in\nversion 0.9.0-6 and in version 1.2.7-1~bpo31+1 of sarge-backports.
\nFor the stable distribution (etch) this problem has been fixed in\nversion 1.2-2 and in version 1.2.7-1~bpo40+1 of etch-backports.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.2.7-1.
\nPackages for the oldstable mips architecture will be added to the\narchive later.
\nWe recommend that you upgrade your wesnoth packages.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nSuSE developers discovered that ntp confuses the given group id with\nthe group id of the given user when called with a group id on the\ncommandline that is specified as a string and not as a numeric gid,\nwhich causes ntpd to run with different privileges than intended.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 4.2.0a+stable-2sarge1.
\nThe unstable distribution (sid) is not affected by this problem.
\nWe recommend that you upgrade your ntp-server package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJoxean Koret discovered several cross-site scripting vulnerabilities in\nGforge, an online collaboration suite for software development, which\nallow injection of web script code.
\nThe old stable distribution (woody) does not contain gforge packages.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.1-31sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.1-31sarge1.
\nWe recommend that you upgrade your gforge package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nDan Rosenberg discovered that in dvipng, a utility that converts DVI\nfiles to PNG graphics, several array index errors allow context-dependent\nattackers, via a specially crafted DVI file, to cause a denial of\nservice (crash of the application), and possibly arbitrary code\nexecution.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion dvipng_1.11-1+lenny1.
\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.13-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.13-1.
\nWe recommend that you upgrade your dvipng package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nwebbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nJustin Schuh discovered that a buffer overflow in the http-index-format\n parser could lead to arbitrary code execution.
Liu Die Yu discovered an information leak through local shortcut\n files.
Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions.
It was discovered that insufficient checks in the Flash plugin glue\n code could lead to arbitrary code execution.
Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution.
It was discovered that crashes in the layout engine could lead to\n arbitrary code execution.
It was discovered that crashes in the Javascript engine could lead to\n arbitrary code execution.
It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code.
moz_bug_r_a4
discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.
Collin Jackson discovered that the -moz-binding property bypasses\n security checks on codebase principals.
Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents.
For the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.18-0etch1.
\nFor the upcoming stable distribution (lenny) and the unstable distribution\n(sid), these problems have been fixed in version 3.0.4-1 of iceweasel\nand version 1.9.0.4-1 of xulrunner. Packages for arm and mips will be\nprovided soon.
\nWe recommend that you upgrade your iceweasel package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that libmagic as used by PHP, would trigger an out\nof bounds memory access when trying to identify a crafted file.
\nAdditionally, this updates fixes a potential dependency loop in dpkg\ntrigger handling.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.36-0+deb7u3.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your php5 packages.
\nA vulnerability was discovered in the ettercap package which could allow\na remote attacker to execute arbitrary code on the system running\nettercap.
\nThe old stable distribution (woody) did not include ettercap.
\nFor the stable distribution (sarge), this problem has been fixed in\nversion 0.7.1-1sarge1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.7.3-1.
\nWe recommend that you upgrade your ettercap package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA vulnerability has been discovered in the Linux kernel that may lead\nto a denial of service. The Common Vulnerabilities and Exposures\nproject identifies the following problem:
\nAlexander Viro discovered a race condition in the fcntl code that\n may permit local users on multi-processor systems to execute parallel\n code paths that are otherwise prohibited and gain re-ordered access\n to the descriptor table.
For the stable distribution (etch), this problem has been fixed in version\n2.6.18.dfsg.1-18etch4.
\nFor the unstable distribution (sid), this problem has been fixed in version\n2.6.25-2.
\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that XStream, a Java library to serialise objects to\nXML and back again, was suspectible to denial of service during\nunmarshalling.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.4.7-2+deb8u2.
\nFor the upcoming stable distribution (stretch), this problem will be\nfixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.9-2.
\nWe recommend that you upgrade your libxstream-java packages.
\nMultiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.
\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.
\nWe recommend that you upgrade your icinga packages.
\nSeveral vulnerabilities have been discovered in the chromium web browser.
\ncloudfuzzer discovered a type confusion issue in Blink/Webkit.
Atte Kettunen discovered a use-after-free issue in Blink/Webkit.
An out-of-bounds write issue was discovered in the pdfium library.
For the stable distribution (jessie), these problems have been fixed in\nversion 49.0.2623.87-1~deb8u1.
\nFor the testing distribution (stretch), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 49.0.2623.87-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nGuido Vranken discovered that incorrect memory management in libtirpc,\na transport-independent RPC library used by rpcbind and other programs\nmay result in denial of service via memory exhaustion (depending on\nmemory management settings).
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.2.5-1+deb8u1 of libtirpc and version 0.2.1-6+deb8u2 of rpcbind.
\nFor the upcoming stable distribution (stretch), this problem has been\nfixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.
\nWe recommend that you upgrade your libtirpc packages.
\nPound, a HTTP reverse proxy and load balancer, had several issues\nrelated to vulnerabilities in the Secure Sockets Layer (SSL) protocol.
\nFor Debian 7 (wheezy) this update adds a missing part to make it actually\npossible to disable client-initiated renegotiation and disables it by default\n(CVE-2009-3555).\nTLS compression is disabled (CVE-2012-4929),\nalthough this is normally already disabled by the OpenSSL system library.\nFinally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566)\nentirely via the new DisableSSLv3
configuration directive, although it\nwill not disabled by default in this update. Additionally a non-security\nsensitive issue in redirect encoding is\naddressed.
For Debian 8 (jessie) these issues have been fixed prior to the release,\nwith the exception of client-initiated renegotiation (CVE-2009-3555).\nThis update addresses that issue for jessie.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.6-2+deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.6-6+deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6-6.1.
\nWe recommend that you upgrade your pound packages.
\nIt has been discovered that spoofed getstatus
UDP requests are being\nsent by attackers to servers for use with games derived from the\nQuake 3 engine (such as openarena). These servers respond with a\npacket flood to the victim whose IP address was impersonated by the\nattackers, causing a denial of service.
For the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.5-5+squeeze3.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 0.8.5-6.
\nWe recommend that you upgrade your openarena packages.
\nWitold Baryluk discovered that MaraDNS, a simple security-focused\nDomain Name System server, may overflow an internal buffer when\nhandling requests with a large number of labels, causing a server\ncrash and the consequent denial of service.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.07.09-2.1.
\nFor the stable distribution (squeeze) and greater this problem had\nalready been fixed in version 1.4.03-1.1.
\nWe recommend that you upgrade your maradns packages.
\nA bug has been discovered in the font handling code in xpdf, which is\nalso present in kpdf, the PDF viewer for KDE. A specially crafted PDF\nfile could cause infinite resource consumption, in terms of both CPU\nand disk space.
\nThe oldstable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.3.2-2sarge1.
\nFor the unstable distribution (sid) this problem will be fixed as soon\nas the necessary libraries have made their C++ ABI transition.
\nWe recommend that you upgrade your kpdf package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThis update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u7.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 8:6.9.7.4+dfsg-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-1.
\nWe recommend that you upgrade your imagemagick packages.
\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code, the bypass of security restrictions, denial\nof service or cross-site request forgery.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 31.6.0esr-1~deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.6.0esr-1.
\nWe recommend that you upgrade your iceweasel packages.
\nAlex Rousskov from The Measurement Factory discovered that Squid3, a\nfully featured web proxy cache, does not properly handle errors for\ncertain malformed HTTP responses. A remote HTTP server can exploit this\nflaw to cause a denial of service (assertion failure and daemon exit).
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 3.1.20-2.2+deb7u4.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.4.8-6+deb8u2.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 3.5.15-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.5.15-1.
\nWe recommend that you upgrade your squid3 packages.
\nThe Qualys Research Labs discovered a memory leak in the Exim mail\ntransport agent. This is not a security vulnerability in Exim by itself,\nbut can be used to exploit a vulnerability in stack handling. For the\nfull details, please refer to their advisory published at:\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 4.84.2-2+deb8u4.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 4.89-2+deb9u1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your exim4 packages.
\nSeveral vulnerabilities have been discovered in phpsysinfo, a PHP\nbased host information application. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nMaksymilian Arciemowicz discovered several cross site scripting\n problems, of which not all were fixed in DSA 724.
Christopher Kunz discovered that local variables get overwritten\n unconditionally and are trusted later, which could lead to the\n inclusion of arbitrary files.
Christopher Kunz discovered that user-supplied input is used\n unsanitised, causing a HTTP Response splitting problem.
For the old stable distribution (woody) these problems have been fixed in\nversion 2.0-3woody3.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.3-4sarge1.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your phpsysinfo package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA vulnerability was discovered in KDE where the path restrictions on\ncookies could be bypassed using encoded relative path components\n(e.g., \"/../\"). This means that a cookie which should only be sent by\nthe browser to an application running at /app1, the browser could\ninadvertently include it with a request sent to /app2 on the same\nserver.
\nFor the current stable distribution (woody) this problem has been\nfixed in kdelibs version 4:2.2.2-6woody3 and kdelibs-crypto version\n4:2.2.2-13.woody.9.
\nFor the unstable distribution (sid) this problem was fixed in kdelibs\nversion 4:3.1.3-1.
\nWe recommend that you update your kdelibs and kdelibs-crypto packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities has been found in the Drupal content management\nframework. For additional information, please refer to the upstream advisory\nat https://www.drupal.org/SA-CORE-2016-005
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 7.32-1+deb8u8.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.52-1.
\nWe recommend that you upgrade your drupal7 packages.
\nStefan Roas discovered a way to cause a buffer overflow in DBD-FireBird,\na Perl DBI driver for the Firebird RDBMS, in certain error conditions, due\nto the use of the sprintf() function to write to a fixed-size memory buffer.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.91-2+deb7u1.
\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 1.18-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.18-2.
\nWe recommend that you upgrade your libdbd-firebird-perl packages.
\nJoonas Kuorilehto discovered that GNU TLS performed insufficient\nvalidation of session IDs during TLS/SSL handshakes. A malicious server\ncould use this to execute arbitrary code or perform denial of service.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.12.20-8+deb7u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.23-16.
\nWe recommend that you upgrade your gnutls26 packages.
\nIt has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM\nand Zephyr client, is prone to a buffer overflow via its \"CC:\" handling,\nwhich could lead to the execution of arbitrary code.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.1-4+lenny1.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.5.1-1.
\nWe recommend that you upgrade your barnowl packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMichal Zalewski discovered an out of bounds write issue in cpio, a tool\nfor creating and extracting cpio archive files. In the process of\nfixing that issue, the cpio developers found and fixed additional\nrange checking and null pointer dereference issues.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.11+dfsg-0.1+deb7u1.
\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-4.
\nWe recommend that you upgrade your cpio packages.
\nVivian Zhang and Christoph Anton Mitterer discovered that setting an\nempty VNC password does not work as documented in Libvirt, a\nvirtualisation abstraction library. When the password on a VNC server is\nset to the empty string, authentication on the VNC server will be\ndisabled, allowing any user to connect, despite the documentation\ndeclaring that setting an empty password for the VNC server prevents all\nclient connections. With this update the behaviour is enforced by\nsetting the password expiration to now
.
For the stable distribution (jessie), this problem has been fixed in\nversion 1.2.9-9+deb8u3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0-1.
\nWe recommend that you upgrade your libvirt packages.
\nPierrick Caillon discovered that the authentication could be bypassed in\nthe Typo 3 content management system. Please refer to the upstream\nadvisory for additional information:\nhttps://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 4.5.19+dfsg1-5+wheezy4.
\nThe upcoming stable distribution (jessie) no longer includes Typo 3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.5.40+dfsg1-1.
\nWe recommend that you upgrade your typo3-src packages.
\nAnders Kaseorg discovered that ndiswrapper suffers from buffer overflows\nvia specially crafted wireless network traffic, due to incorrectly\nhandling long ESSIDs. This could lead to the execution of arbitrary\ncode.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.28-1+etch1.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.53-2, which was already included in the lenny release.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.53-2.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nBuffer overflow in the Linux emulation
support in FreeBSD kernel\nallows local users to cause a denial of service (panic) and possibly\nexecute arbitrary code by calling the bind system call with a long path\nfor a UNIX-domain socket, which is not properly handled when the\naddress is used by other unspecified system calls.
For the stable distribution (squeeze), this problem has been fixed in\nversion 8.1+dfsg-8+squeeze2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.2-9.
\nWe recommend that you upgrade your kfreebsd-8 packages.
\nSeveral remote vulnerabilities have been discovered in the VideoLan\nmultimedia player and streamer, which may lead to the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nDavid Thiel discovered that several format string vulnerabilities may\n lead to the execution of arbitrary code.
David Thiel discovered an integer overflow in the WAV processing code.
This update also fixes several crashes, which can be triggered through\nmalformed media files.
\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 0.8.1.svn20050314-1sarge3. Packages for the powerpc architecture\nare not yet available. They will be provided later.
\nFor the stable distribution (etch) these problems have been fixed\nin version 0.8.6-svn20061012.debian-5etch1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.8.6.c-1.
\nWe recommend that you upgrade your vlc packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nHaris Sehic discovered several vulnerabilities in viewcvs, a utility\nfor viewing CVS and Subversion repositories via HTTP. When exporting\na repository as a tar archive the hide_cvsroot and forbidden settings\nwere not honoured enough.
\nWhen upgrading the package for woody, please make a copy of your\n/etc/viewcvs/viewcvs.conf file if you have manually edited this file.\nUpon upgrade the debconf mechanism may alter it in a way so that\nviewcvs doesn't understand it anymore.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.9.2-4woody1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.9.2+cvs.1.0.dev.2004.07.28-1.2.
\nWe recommend that you upgrade your viewcvs package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that a NULL pointer dereference in the Nginx code\nresponsible for saving client request bodies to a temporary file might\nresult in denial of service: Malformed requests could crash worker\nprocesses.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1.
\nWe recommend that you upgrade your nginx packages.
\nYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.
\nThe following matrix explains which version in which distribution has\nthis problem corrected.
\n\u00a0 | \noldstable (woody) | \nstable (sarge) | \nunstable (sid) | \n
---|---|---|---|
openssl | \n0.9.6c-2.woody.8 | \n0.9.7e-3sarge1 | \n0.9.8-3 | \n
openssl094 | \n0.9.4-6.woody.4 | \nn/a | \nn/a | \n
openssl095 | \n0.9.5a-6.woody.6 | \nn/a | \nn/a | \n
openssl096 | \nn/a | \n0.9.6m-1sarge1 | \nn/a | \n
openssl097 | \nn/a | \nn/a | \n0.9.7g-5 | \n
We recommend that you upgrade your libssl packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nKalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW\nbrowser, sent HTTP POST data in cleartext when using an HTTPS proxy server\npotentially allowing private information to be disclosed.
\nFor the stable distribution (etch), this problem has been fixed in version\n0.11.1-1.2etch1.
\nFor the unstable distribution (sid), this problem has been fixed in version\n0.11.1-1.5.
\nWe recommend that you upgrade your elinks package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA denial of service vulnerability has been discovered in the CGI library\nincluded with Ruby, the interpreted scripting language for quick and easy\nobject-oriented programming.
\nFor the stable distribution (sarge), this problem has been fixed in version\n1.6.8-12sarge3.
\nWe recommend that you upgrade your ruby1.6 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities were discovered in zoneminder, a Linux video\ncamera security and surveillance solution. The Common Vulnerabilities\nand Exposures project identifies the following problems:
\nBrendan Coles discovered that zoneminder is prone to an arbitrary\n command execution vulnerability. Remote (authenticated) attackers\n could execute arbitrary commands as the web server user.
zoneminder is prone to a local file inclusion vulnerability. Remote\n attackers could examine files on the system running zoneminder.
For the stable distribution (squeeze), these problems have been fixed in\nversion 1.24.2-8+squeeze1.
\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 1.25.0-4.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.25.0-4.
\nWe recommend that you upgrade your zoneminder packages.
\nErik Sj\u00f6lund discovered several bugs in ncpfs that provides utilities\nto use resources from NetWare servers of which one also applies to the\nstable Debian distribution. Due to accessing a configuration file\nwithout further checks with root permissions it is possible to read\narbitrary files.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.2.0.18-10woody2.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your ncpfs package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.
\nkoffice includes a copy of the xpdf code and required an update as well.
\nThe oldstable distribution (sarge) will be fixed later.
\nFor the stable distribution (etch) this problem has been fixed in\nversion 1.6.1-2etch1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.6.3-2.
\nWe recommend that you upgrade your koffice packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAndreas Solberg discovered that libxml2, the GNOME XML library,\ncould be forced to recursively evaluate entities, until available\nCPU and memory resources were exhausted.
\nFor the stable distribution (etch), this problem has been fixed in version\n2.6.27.dfsg-4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.32.dfsg-3.
\nWe recommend that you upgrade your libxml2 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nCalum Hutton reported that the XML-RPC server in supervisor, a system\nfor controlling process state, does not perform validation on requested\nXML-RPC methods, allowing an authenticated client to send a malicious\nXML-RPC request to supervisord that will run arbitrary shell commands on\nthe server as the same user as supervisord.
\nThe vulnerability has been fixed by disabling nested namespace lookup\nentirely. supervisord will now only call methods on the object\nregistered to handle XML-RPC requests and not any child objects it may\ncontain, possibly breaking existing setups. No publicly available\nplugins are currently known that use nested namespaces. Plugins that use\na single namespace will continue to work as before. Details can be found\non the upstream issue at\nhttps://github.com/Supervisor/supervisor/issues/964 .
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 3.0r1-1+deb8u1.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 3.3.1-1+deb9u1.
\nWe recommend that you upgrade your supervisor packages.
\nA vulnerability has been identified in the xmlrpc library included in\nthe egroupware package. This vulnerability could lead to the execution\nof arbitrary commands on the server running egroupware.
\nThe old stable distribution (woody) did not include egroupware.
\nFor the current stable distribution (sarge), this problem is fixed in\nversion 1.0.0.007-2.dfsg-2sarge1.
\nFor the unstable distribution (sid), this problem is fixed in version\n1.0.0.007-3.dfsg-1.
\nWe recommend that you upgrade your egroupware package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\nSeveral local vulnerabilities have been discovered in the Common UNIX Printing\nSystem. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n
\n\n Wei Wang discovered that an buffer overflow in the SNMP backend may lead to\n the execution of arbitrary code.\n
\n Elias Pipping discovered that insecure handling of a temporary file in the\n pdftops.pl script may lead to local denial of service. This vulnerability\n is not exploitable in the default configuration.\n
\nThe old stable distribution (sarge) is not affected by CVE-2007-5849.\nThe other issue doesn't warrant an update on it's own and has been\npostponed.\n
\n\nFor the stable distribution (etch), these problems have been fixed in version\n1.2.7-4etch2.\n
\n\nFor the unstable distribution (sid), these problems have been fixed in version\n1.3.5-1.\n
\n\nWe recommend that you upgrade your cupsys packages.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nYury Dyachenko discovered that Zend Framework uses the PHP XML parser\nin an insecure way, allowing attackers to open files and trigger HTTP\nrequests, potentially accessing restricted information.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.10.6-1squeeze2.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.11.13-1.1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.11.13-1.1.
\nWe recommend that you upgrade your zendframework packages.
\nIt has been discovered that in cvsnt, a multi-platform version of the\noriginal source code versioning system CVS, an error in the\nauthentication code allows a malicious, unprivileged user, through the\nuse of a specially crafted branch name, to gain write access to any\nmodule or directory, including CVSROOT itself. The attacker can then\nexecute arbitrary code as root by modifying or adding administrative\nscripts in that directory.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.5.03.2382-3.3+lenny1.
\nWe recommend that you upgrade your cvsnt package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThe compression library zlib has a flaw in which it attempts to free\nmemory more than once under certain conditions. This can possibly be\nexploited to run arbitrary code in a program that includes zlib. If a\nnetwork application running as root is linked to zlib, this could\npotentially lead to a remote root compromise. No exploits are known at\nthis time. This vulnerability is assigned the CVE candidate name of\nCAN-2002-0059.
\nThe zlib vulnerability is fixed in the Debian zlib package version\n1.1.3-5.1. A number of programs either link statically to zlib or include\na private copy of zlib code. These programs must also be upgraded\nto eliminate the zlib vulnerability. The affected packages and fixed\nversions follow:
\nThose using the pre-release (testing) version of Debian should upgrade\nto zlib 1.1.3-19.1 or a later version. Note that since this version of\nDebian has not yet been released it may not be available immediately for\nall architectures. Debian 2.2 (potato) is the latest supported release.
\nWe recommend that you upgrade your packages immediately. Note that you\nshould restart all programs that use the shared zlib library in order\nfor the fix to take effect. This is most easily done by rebooting the\nsystem.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nStefan Kaltenbrunner discovered that ldns, a library and set of utilities\nto facilitate DNS programming, did not correctly implement a buffer\nboundary check in its RR DNS record parser. This weakness could enable\noverflow of a heap buffer if a maliciously-crafted record is parsed,\npotentially allowing the execution of arbitrary code. The scope of\ncompromise will vary with the context in which ldns is used, and could\npresent either a local or remote attack vector.
\nThe old stable distribution (etch) is not affected by this issue.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.4.0-1+lenny1.
\nFor the unstable distribution (sid), this problem was fixed in\nversion 1.5.1-1.
\nWe recommend that you upgrade your ldns packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and\nJSP engine, static error pages used the original request's HTTP method\nto serve content, instead of systematically using the GET method. This\ncould under certain conditions result in undesirable results,\nincluding the replacement or removal of the custom error page.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 8.0.14-1+deb8u10.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 8.5.14-1+deb9u1.
\nFor the testing distribution (buster), this problem has been fixed\nin version 8.5.14-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.5.14-2.
\nWe recommend that you upgrade your tomcat8 packages.
\nSeveral vulnerabilities have been discovered in debdiff, a script used\nto compare two Debian packages, which is part of the devscripts package.\nThe following Common Vulnerabilities and Exposures project ids have been\nassigned to identify them:
\nPaul Wise discovered that due to insufficient input sanitising when\n processing .dsc and .changes files, it is possible to execute\n arbitrary code and disclose system information.
Raphael Geissert discovered that it is possible to inject or modify\n arguments of external commands when processing source packages with\n specially-named tarballs in the top-level directory of the .orig\n tarball, allowing arbitrary code execution.
Raphael Geissert discovered that it is possible to inject or modify\n arguments of external commands when passing as argument to debdiff\n a specially-named file, allowing arbitrary code execution.
For the stable distribution (squeeze), these problems have been fixed in\nversion 2.10.69+squeeze2.
\nFor the testing distribution (wheezy), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems will be fixed in\nversion 2.11.4.
\nWe recommend that you upgrade your devscripts packages.
\nSeveral problems have been discovered in the FreeType 2 font engine.\nThe Common vulnerabilities and Exposures project identifies the\nfollowing problems:
\nSeveral integer underflows have been discovered which could allow\n remote attackers to cause a denial of service.
Chris Evans discovered several integer overflows that lead to a\n denial of service or could possibly even lead to the execution of\n arbitrary code.
Several more integer overflows have been discovered which could\n possibly lead to the execution of arbitrary code.
A null pointer dereference could cause a denial of service.
For the old stable distribution (woody) these problems have been fixed in\nversion 2.0.9-1woody1.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.1.7-2.5.
\nFor the unstable distribution (sid) these problems will be fixed soon
\nWe recommend that you upgrade your libfreetype packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nGabriel Campana and Adrien Guinet from Quarkslab discovered two remotely\nexploitable crash and heap corruption vulnerabilities in the format\nparsing code in Irssi, a terminal based IRC client.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.8.17-1+deb8u1.
\nWe recommend that you upgrade your irssi packages.
\nIt was discovered that a buffer overflow in the XMLRPC response encoding\ncode of the Atheme IRC services may result in denial of service.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 6.0.11-2+deb8u1.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 7.0.7-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.0.7-2.
\nWe recommend that you upgrade your atheme-services packages.
\nAlexandru Cornea discovered a vulnerability in libdbus caused by an\nimplementation bug in _dbus_printf_string_upper_bound(). This\nvulnerability can be exploited by a local user to crash system services\nthat use libdbus, causing denial of service. Depending on the dbus\nservices running, it could lead to complete system crash.
\nThe oldstable distribution (squeeze) is not affected by this problem.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.6.8-1+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.6.12-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.12-1.
\nWe recommend that you upgrade your dbus packages.
\nSeveral implementation errors in the dissector of the Wireshark network\ntraffic analyzer for the ASN.1 BER protocol and in the SigComp Universal\nDecompressor Virtual Machine may lead to the execution of arbitrary code.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny10.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.10-1.
\nWe recommend that you upgrade your wireshark packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSteve Langasek found an exploitable bug in the password handling\ncode in samba: when converting from DOS code-page to little endian\nUCS2 unicode a buffer length was not checked and a buffer could\nbe overflowed. There is no known exploit for this, but an upgrade\nis strongly recommended.
\nThis problem has been fixed in version 2.2.3a-12 of the Debian\nsamba packages and upstream version 2.2.7.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\neEye Digital Security discovered an integer overflow in the\nxdrmem_getbytes() function which is also present in GNU libc. This\nfunction is part of the XDR (external data representation)\nencoder/decoder derived from Sun's RPC implementation. Depending upon\nthe application, this vulnerability can cause buffer overflows and\ncould possibly be exploited to execute arbitrary code.
\nFor the stable distribution (woody) this problem has been\nfixed in version 2.2.5-11.5.
\nFor the old stable distribution (potato) this problem has been\nfixed in version 2.1.3-25.
\nFor the unstable distribution (sid) this problem has been\nfixed in version 2.3.1-16.
\nWe recommend that you upgrade your libc6 packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit team\ndiscovered that the syslogtocern script from thttpd, a tiny webserver,\nuses a temporary file insecurely, allowing a local attacker to craft a\nsymlink attack to overwrite arbitrary files.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.21b-11.3.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.23beta1-3sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.23beta1-4.
\nWe recommend that you upgrade your thttpd package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been found in cacti, a frontend to rrdtool\nfor monitoring systems and services. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nIt was discovered that cacti is prone to a denial of service via the\ngraph_height, graph_width, graph_start and graph_end parameters.\nThis issue only affects the oldstable (etch) version of cacti.
It was discovered that cacti is prone to several cross-site scripting\nattacks via different vectors.
It has been discovered that cacti allows authenticated administrator\nusers to gain access to the host system by executing arbitrary commands\nvia the \"Data Input Method\" for the \"Linux - Get Memory Usage\" setting.
\nThere is no fix for this issue at this stage. Upstream will implement a\nwhitelist policy to only allow certain \"safe\" commands. For the moment,\nwe recommend that such access is only given to trusted users and that\nthe options \"Data Input\" and \"User Administration\" are otherwise\ndeactivated.
For the oldstable distribution (etch), these problems have been fixed in\nversion 0.8.6i-3.6.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny1.
\nFor the testing distribution (squeeze), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7e-1.1.
\nWe recommend that you upgrade your cacti packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nStephen Dranger discovered a buffer overflow in linpopup, an X11 port\nof winpopup, running over Samba, that could lead to the execution of\narbitrary code when displaying a maliciously crafted message.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.2.0-2woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.2.0-7.
\nWe recommend that you upgrade your linpopup package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nThe configuration setup script does not properly sanitise its output\n file, which allows remote attackers to execute arbitrary PHP code via\n a crafted POST request. In Debian, the setup tool is protected through\n Apache HTTP basic authentication by default.
Various cross site scripting issues have been discovered that allow\n a remote attacker to inject arbitrary web script or HTML.
For the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny5.
\nFor the testing (squeeze) and unstable distribution (sid), these problems\nhave been fixed in version 3.3.5.1-1.
\nWe recommend that you upgrade your phpmyadmin package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThe Internet Software Consortium discovered several vulnerabilities\nduring an audit of the ISC DHCP Daemon. The vulnerabilities exist in\nerror handling routines within the minires library and may be\nexploitable as stack overflows. This could allow a remote attacker to\nexecute arbitrary code under the user id the dhcpd runs under, usually\nroot. Other DHCP servers than dhcp3 doesn't seem to be affected.
\nFor the stable distribution (woody) this problem has been\nfixed in version 3.0+3.0.1rc9-2.1.
\nThe old stable distribution (potato) does not contain dhcp3 packages.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.0+3.0.1rc11-1.
\nWe recommend that you upgrade your dhcp3-server package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nThe vmsplice system call did not properly verify address arguments\npassed by user space processes, which allowed local attackers to\noverwrite arbitrary kernel memory, gaining root privileges\n(CVE-2008-0010,\nCVE-2008-0600).
\nIn the vserver-enabled kernels, a missing access check on certain\nsymlinks in /proc enabled local attackers to access resources in other\nvservers (CVE-2008-0163).
\nThe old stable distribution (sarge) is not affected by this problem.
\nFor the stable distribution (etch), this problem has been fixed in version\n2.6.18.dfsg.1-18etch1.
\nIn addition to these fixes, this update also incorporates changes from the\nupcoming point release of the stable distribution.
\nSome architecture builds were not yet available at the time of DSA-1494-1.\nThis update to DSA-1494 provides linux-2.6 packages for these remaining\narchitectures, as well as additional binary packages that are built\nfrom source code provided by linux-2.6.
\nThe unstable (sid) and testing (lenny) distributions will be fixed soon.
\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nMultiple vulnerabilities were discovered in the FreeImage multimedia\nlibrary, which might result in denial of service or the execution of\narbitrary code if a malformed XMP or RAW image is processed.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.15.4-4.2+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 3.17.0+ds1-3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.17.0+ds1-3.
\nWe recommend that you upgrade your freeimage packages.
\nJohn Leitch has discovered a vulnerability in eXtplorer, a very feature\nrich web server file manager, which can be exploited by malicious people\nto conduct cross-site request forgery attacks.
\nThe vulnerability allows users to perform certain actions via HTTP requests\nwithout performing any validity checks to verify the request. This can be\nexploited for example, to create an administrative user account by tricking\nan logged administrator to visiting an attacker-defined web link.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.0b6+dfsg.2-1+squeeze1.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.1.0b6+dfsg.3-3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0b6+dfsg.3-3.
\nWe recommend that you upgrade your extplorer packages.
\nGenkin, Pipman and Tromer discovered a side-channel attack on Elgamal\nencryption subkeys\n(CVE-2014-5270).
\nIn addition, this update hardens GnuPG's behaviour when treating\nkeyserver responses; GnuPG now filters keyserver responses to only\naccepts those keyid's actually requested by the user.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.12-7+deb7u6.
\nFor the testing (jessie) and unstable distribution (sid), this\nproblem has been fixed in version 1.4.18-4.
\nWe recommend that you upgrade your gnupg packages.
\nipmasq is a package which simplifies configuration of Linux IP\nmasquerading, a form of network address translation which allows a\nnumber of hosts to share a single public IP address. Due to use of\ncertain improper filtering rules, traffic arriving on the external\ninterface addressed for an internal host would be forwarded,\nregardless of whether it was associated with an established\nconnection. This vulnerability could be exploited by an attacker\ncapable of forwarding IP traffic with an arbitrary destination address\nto the external interface of a system with ipmasq installed.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 3.5.10c.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.5.12.
\nWe recommend that you update your ipmasq package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in the chromium web browser.
\nAtte Kettunen discovered an out-of-bounds write issue.
Wadih Matar discovered a memory corruption issue.
Rob Wu discovered a use-after-free issue related to extensions.
A use-after-free issue was discovered in Blink's bindings to V8.
Wadih Matar discovered a way to spoof URLs.
gksgudtjr456 discovered an information leak in the v8 javascript\n library.
The chrome development team found and fixed various issues during\n internal auditing.
For the stable distribution (jessie), these problems have been fixed in\nversion 50.0.2661.94-1~deb8u1.
\nFor the testing distribution (stretch), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 50.0.2661.94-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nSeveral vulnerabilities were discovered in the qemu virtualisation\nsolution:
\nIt was discovered that the IDE controller emulation is susceptible\n to denial of service.
Daniel P. Berrange discovered a denial of service vulnerability in\n the VNC web socket decoder.
Jan Beulich discovered that unmediated PCI command register could\n result in denial of service.
Jason Geffner discovered a buffer overflow in the emulated floppy\n disk drive, resulting in the potential execution of arbitrary code.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u7 of the qemu source package and in version\n1.1.2+dfsg-6+deb7u7 of the qemu-kvm source package. Only CVE-2015-3456\naffects oldstable.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your qemu packages.
\nTwo security issues have been found in the Python WSGI adapter module\nfor Apache:
\nRobert Kisteleki discovered a potential privilege escalation in\n daemon mode. This is not exploitable with the kernel used in Debian\n 7.0/wheezy.
Buck Golemon discovered that incorrect memory handling could lead to\n information disclosure when processing Content-Type headers.
For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.3-2+deb6u1.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.3-4+deb7u1.
\nFor the testing distribution (jessie), these problems have been fixed in\nversion 3.5-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.5-1.
\nWe recommend that you upgrade your mod-wsgi packages.
\niDEFENSE discovered a buffer overflow in the wv library, used to\nconvert and preview Microsoft Word documents. An attacker could\ncreate a specially crafted document that could lead wvHtml to execute\narbitrary code on the victims machine.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.7.1+rvt-2woody3.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your wv package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMore potential integer overflows have been found in the GD graphics\nlibrary which weren't covered by our security advisory\nDSA 589. They\ncould be exploited by a specially crafted graphic and could lead to\nthe execution of arbitrary code on the victim's machine.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.8.4-17.woody4.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your libgd1 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAn integer underflow bug has been found in the file_printf function in\nfile, a tool to determine file types based analysis of file content.\nThe bug could allow an attacker to execute arbitrary code by inducing a\nlocal user to examine a specially crafted file that triggers a buffer\noverflow.
\nFor the stable distribution (sarge), this problem has been fixed in\nversion 4.12-1sarge1.
\nFor the upcoming stable distribution (etch), this problem has been fixed in\nversion 4.17-5etch1.
\nFor the unstable distribution (sid), this problem has been fixed in\n4.20-1.
\nWe recommend that you upgrade your file package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Icedove mail client,\nan unbranded version of the Thunderbird client. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nGatan Leurent discovered a cryptographical weakness in APOP\n authentication, which reduces the required efforts for an MITM attack\n to intercept a password. The update enforces stricter validation, which\n prevents this attack.
Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn\n Wargers and Olli Pettay discovered crashes in the layout engine, which\n might allow the execution of arbitrary code.
Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4
and Wladimir Palant\n discovered crashes in the Javascript engine, which might allow the execution of\n arbitrary code. Generally, enabling Javascript in Icedove is not recommended.
Fixes for the oldstable distribution (sarge) are not available. While there\nwill be another round of security updates for Mozilla products, Debian doesn't\nhave the resources to backport further security fixes to the old Mozilla\nproducts. You're strongly encouraged to upgrade to stable as soon as possible.
\nFor the stable distribution (etch) these problems have been fixed in version\n1.5.0.12.dfsg1-0etch1.
\nThe unstable distribution (sid) will be fixed soon.
\nWe recommend that you upgrade your icedove packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nPyry Hakulinen and Ashish Shakla at Automattic discovered that pdns,\nan authoritative DNS server, was incorrectly processing some DNS\npackets; this would enable a remote attacker to trigger a DoS by\nsending specially crafted packets causing the server to crash.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.4.1-4+deb8u3.
\nFor the testing distribution (stretch) and unstable distribution\n(sid), this problem has been fixed in version 3.4.6-1.
\nWe recommend that you upgrade your pdns packages.
\nSeveral vulnerabilities have been discovered in the Common UNIX Printing\nSystem:
\nA null pointer dereference in RSS job completion notifications\n could lead to denial of service.
It was discovered that incorrect file descriptor handling\n could lead to denial of service.
A cross-site request forgery vulnerability was discovered in\n the web interface.
Incorrect memory management in the filter subsystem could lead\n to denial of service.
Information disclosure in the web interface.
Emmanuel Bouillon discovered a symlink vulnerability in handling\n of cache files.
Denial of service in the authentication code.
Incorrect memory management in the IPP code could lead to denial\n of service or the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny9.
\nThe stable distribution (squeeze) and the unstable distribution (sid)\nhad already been fixed prior to the initial Squeeze release.
\nWe recommend that you upgrade your cups packages.
\nBastian Blank discovered that libvirtd, a daemon for management of virtual\nmachines, network and storage, would change ownership of devices files so they\nwould be owned by user libvirt-qemu
and group kvm
, which is a general\npurpose group not specific to libvirt, allowing unintended write access to\nthose devices and files for the kvm group members.
For the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.3-5+squeeze5.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.9.12-11.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.9.12-11.
\nWe recommend that you upgrade your libvirt packages.
\nSeveral vulnerabilities were discovered in the TLS/SSL protocol. This\nupdate addresses these protocol vulnerabilities in lighttpd.
\nMarsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS\n and SSLv3 protocols do not properly associate renegotiation\n handshakes with an existing connection, which allows man-in-the-middle\n attackers to insert data into HTTPS sessions. This issue is solved\n in lighttpd by disabling client initiated renegotiation by default.\n
\n\n Those users that do actually need such renegotiations, can reenable\n them via the new ssl.disable-client-renegotiation
parameter.
Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL\n protocol when using compression. This side channel attack, dubbed\n CRIME
, allows eavesdroppers to gather information to recover the\n original plaintext in the protocol. This update disables compression.
For the stable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.2.
\nFor the testing distribution (wheezy), and the unstable distribution (sid)\nthese problems have been fixed in version 1.4.30-1.
\nWe recommend that you upgrade your lighttpd packages.
\nKevin Chen discovered that incorrect processing of framebuffer requests\nin the Vino VNC server could lead to denial of service.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.28.2-2+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.28.2-3.
\nWe recommend that you upgrade your vino packages.
\nHenryk Pl\u00f6tz discovered a vulnerability in bluez-utils, tools and\ndaemons for Bluetooth. Due to missing input sanitising it is possible\nfor an attacker to execute arbitrary commands supplied as device name\nfrom the remote device.
\nThe old stable distribution (woody) is not affected by this problem\nsince it doesn't contain bluez-utils packages.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.15-1.1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.19-1.
\nWe recommend that you upgrade your bluez-utils package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nNick Wellnhofer discovered that the xsltFormatNumberConversion function\nin libxslt, an XSLT processing runtime library, does not properly check\nfor a zero byte terminating the pattern string. This flaw can be\nexploited to leak a couple of bytes after the buffer that holds the\npattern string.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.1.28-2+deb8u2.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 1.1.29-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.29-2.
\nWe recommend that you upgrade your libxslt packages.
\nPatrice Fournier found that hylafax passes unsanitized user data in the\nnotify script, allowing users with the ability to submit jobs to run\narbitrary commands with the privileges of the hylafax server.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 4.1.1-4woody1.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 4.2.1-5sarge3.
\nFor the unstable distribution the problem has been fixed in version\n4.2.4-2.
\nWe recommend that you upgrade your hylafax package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nR\u00fcdiger Kuhlmann, upstream developer of mICQ, a text based ICQ client,\ndiscovered a problem in mICQ. Receiving certain ICQ message types\nthat do not contain the required 0xFE separator causes all versions to\ncrash.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 0.4.9-0woody3.
\nFor the old stable distribution (potato) this problem has been fixed\nin version 0.4.3-4.1.
\nFor the unstable distribution (sid) this problem has been\nfixed in version 0.4.9.4-1.
\nWe recommend that you upgrade your micq package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in nss, the Mozilla Network\nSecurity Service library. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nKarthikeyan Bhargavan discovered that NSS incorrectly handles state\n transitions for the TLS state machine. A man-in-the-middle attacker\n could exploit this flaw to skip the ServerKeyExchange message and\n remove the forward-secrecy property.
Watson Ladd discovered that NSS does not properly perform Elliptical\n Curve Cryptography (ECC) multiplication, allowing a remote attacker\n to potentially spoof ECDSA signatures.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.14.5-1+deb7u5.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:3.17.2-1.1+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:3.19.1-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.19.1-1.
\nWe recommend that you upgrade your nss packages.
\nSteve Kemp discovered a problem in xsok, a single player strategy game\nfor X11, related to the Sokoban game, which leads a user to execute\narbitrary commands under the GID of games.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.02-9woody2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.02-11.
\nWe recommend that you upgrade your xsok package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAleksandar Nikolic of Cisco Talos discovered several integer overflow\nvulnerabilities in memcached, a high-performance memory object caching\nsystem. A remote attacker can take advantage of these flaws to cause a\ndenial of service (daemon crash), or potentially to execute arbitrary\ncode.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.4.21-1.1+deb8u1.
\nWe recommend that you upgrade your memcached packages.
\nA cross-site scripting vulnerability was discovered in mailman, a\nsoftware to manage electronic mailing lists. When a properly crafted\nURL is accessed with Internet Explorer (other browsers don't seem to\nbe affected), the resulting webpage is rendered similar to the real\none, but the javascript component is executed as well, which could be\nused by an attacker to get access to sensitive information. The new\nversion for Debian 2.2 also includes backports of security related\npatches from mailman 2.0.11.
\nThis problem has been fixed in version 2.0.11-1woody4 for the current\nstable distribution (woody), in version 1.1-10.1 for the old stable\ndistribution (potato) and in version 2.0.12-1 for the unstable\ndistribution (sid).
\nWe recommend that you upgrade your mailman package.
\nMD5 checksums of the listed files are available in the original advisory.\n
MD5 checksums of the listed files are available in the revised advisory.\n
\n\n\nSeveral buffer overflows have been discovered in PL/PgSQL as part of\nthe PostgreSQL engine which could lead to the execution of arbitrary\ncode.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 7.2.1-2woody8.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7.4.7-2.
\nWe recommend that you upgrade your postgresql packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in rdesktop, a\nRemote Desktop Protocol client. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nRemote exploitation of an integer underflow vulnerability allows\n attackers to execute arbitrary code with the privileges of the\n logged-in user.
Remote exploitation of a BSS overflow vulnerability allows\n attackers to execute arbitrary code with the privileges of the\n logged-in user.
Remote exploitation of an integer signedness vulnerability allows\n attackers to execute arbitrary code with the privileges of the\n logged-in user.
For the stable distribution (etch), these problems have been fixed in\nversion 1.5.0-1etch2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.5.0-4+cvs20071006.
\nWe recommend that you upgrade your rdesktop package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in mimetex, a lightweight\nalternative to MathML. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nChris Evans and Damien Miller, discovered multiple stack-based buffer overflow.\nAn attacker could execute arbitrary code via a TeX file with long picture,\ncircle, input tags.
Chris Evans discovered that mimeTeX contained certain directives that may be\nunsuitable for handling untrusted user input. A remote attacker can obtain\nsensitive information.
For the oldstable distribution (etch), these problems have been fixed in\nversion 1.50-1+etch1.
\nDue to a bug in the archive system, the fix for the stable distribution\n(lenny) will be released as version 1.50-1+lenny1 once it is available.
\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthese problems have been fixed in version 1.50-1.1.
\nWe recommend that you upgrade your mimetex packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.12
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.12-1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 6:10.1-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6:10.1-1.
\nWe recommend that you upgrade your libav packages.
\nSeveral vulnerabilities were discovered in krb5, the MIT implementation\nof Kerberos. The Common Vulnerabilities and Exposures project identifies\nthe following problems:
\nIt was discovered that an authenticated attacker can cause kadmind\n to read beyond the end of allocated memory by sending a string\n without a terminating zero byte. Information leakage may be possible\n for an attacker with permission to modify the database.
It was discovered that an authenticated attacker with permission to\n modify a principal entry can cause kadmind to dereference a null\n pointer by supplying a null policy value but including KADM5_POLICY\n in the mask.
It was discovered that an authenticated attacker can cause kadmind\n to leak memory by supplying a null principal name in a request which\n uses one. Repeating these requests will eventually cause kadmind to\n exhaust all available memory.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.10.1+dfsg-5+deb7u7. The oldstable distribution (wheezy) is\nnot affected by CVE-2015-8630.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+dfsg-19+deb8u2.
\nWe recommend that you upgrade your krb5 packages.
\nIlja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.
\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 2:1.3.3-4+squeeze1.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2:1.5.0-1+deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:1.5.0-1+deb7u1.
\nWe recommend that you upgrade your libx11 packages.
\nPaul Starzetz discovered a flaw in bounds checking in mremap() in the\nLinux kernel (present in version 2.4.x and 2.6.x) which may allow a\nlocal attacker to gain root privileges. Version 2.2 is not affected\nby this bug.
\nAndrew Morton discovered a missing boundary check for the brk system\ncall which can be used to craft a local root exploit.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.18-12 for the alpha architecture and in\nversion 2.4.18-1woody3 for the powerpc architecture.
\nFor the unstable distribution (sid) these problems will be fixed soon\nwith newly uploaded packages.
\nWe recommend that you upgrade your kernel packages. These problems have\nbeen fixed in the upstream version 2.4.24 as well.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nIt was discovered that zoph, a web based photo management system,\nperforms insufficient input sanitising, which allows SQL injection.
\nFor the oldstable distribution (sarge) this problem has been fixed in\nversion 0.3.3-12sarge3.
\nFor the stable distribution (etch) this problem has been fixed in\nversion 0.6-2.1etch1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.7.0.2-1.
\nWe recommend that you upgrade your zoph package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThe KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.
\nBy carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.
\nFor the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-14.6.
\nThe old stable distribution (potato) does not contain KDE packages.
\nFor the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.
\nWe recommend that you upgrade your KDE packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nYarom and Falkner discovered that RSA secret keys could be leaked via\na side channel attack, where a malicious local user could obtain private\nkey information from another user on the system.
\nThis update fixes this issue for the 1.4 series of GnuPG. GnuPG 2.x is\naffected through its use of the libgcrypt11 library, a fix for which\nwill be published in DSA 2731.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.4.10-4+squeeze2.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.12-7+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.14-1.
\nWe recommend that you upgrade your gnupg packages.
\nThis updates fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u5.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your imagemagick packages.
\nA heap-based buffer overflow vulnerability was found in icedtea-web, a\nweb browser plugin for running applets written in the Java programming\nlanguage. If a user were tricked into opening a malicious website, an\nattacker could cause the plugin to crash or possibly execute arbitrary\ncode as the user invoking the program.
\nThis problem was initially discovered by Arthur Gerkis and got assigned\nCVE-2012-4540. Fixes where applied in the 1.1, 1.2 and 1.3 branches but\nnot to the 1.4 branch.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.4-3~deb7u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4-3.1.
\nWe recommend that you upgrade your icedtea-web packages.
\nA vulnerability was discovered in aria2, a download client. The \"name\"\nattribute of the \"file\" element of metalink files is not properly\nsanitised before using it to download files. If a user is tricked into\ndownloading from a specially crafted metalink file, this can be\nexploited to download files to directories outside of the intended\ndownload directory.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.14.0-1+lenny2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3-1.
\nWe recommend that you upgrade your aria2 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nPaul Szabo and Matt Zimmerman discovered two similar problems in\nmetrics, a tools for software metrics. Two scripts in this package,\n\"halstead\" and \"gather_stats\", open temporary files without taking\nappropriate security precautions. \"halstead\" is installed as a user\nprogram, while \"gather_stats\" is only used in an auxiliary script\nincluded in the source code. These vulnerabilities could allow a\nlocal attacker to overwrite files owned by the user running the\nscripts, including root.
\nThe stable distribution (woody) is not affected since it doesn't\ncontain a metrics package anymore.
\nFor the old stable distribution (potato) this problem has been fixed\nin version 1.0-1.1.
\nThe unstable distribution (sid) is not affected since it doesn't\ncontain a metrics package anymore.
\nWe recommend that you upgrade your metrics package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that an integer overflow in xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.
\ngpdf includes a copy of the xpdf code and requires an update as well.
\nFor the oldstable distribution (sarge) this problem has been fixed in\nversion 2.8.2-1.2sarge6.
\nThe stable distribution (etch) no longer contains gpdf.
\nThe unstable distribution (sid) no longer contains gpdf.
\nWe recommend that you upgrade your gpdf packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 6:0.8.16-1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 6:11~alpha2-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6:11~alpha2-1.
\nWe recommend that you upgrade your libav packages.
\nAndrea Barisani discovered that zgv, an svgalib graphics viewer,\nattempts to decode JPEG images within the CMYK/YCCK colour space\nincorrectly, which could lead to the execution of arbitrary code.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 5.5-3woody3.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 5.7-1.4.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your zgv package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo vulnerabilities were discovered in the Open Ticket Request System\nwhich could result in disclosure of database credentials or the\nexecution of arbitrary shell commands by logged-in agents.
\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.3.18-1+deb8u2.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 5.0.16-1+deb9u3.
\nWe recommend that you upgrade your otrs2 packages.
\nFor the detailed security status of otrs2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/otrs2
\nIt was discovered that ruby-zip, a Ruby module for reading and writing\nzip files, is prone to a directory traversal vulnerability. An attacker\ncan take advantage of this flaw to overwrite arbitrary files during\narchive extraction via a .. (dot dot) in an extracted filename.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.1.6-1+deb8u1.
\nFor the upcoming stable distribution (stretch), this problem has been\nfixed in version 1.2.0-1.1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.0-1.1.
\nWe recommend that you upgrade your ruby-zip packages.
\nLeon Juranic discovered a buffer overflow related to the\ngetpass(3) library function in\ncalife, a program which provides super user privileges to specific\nusers. A local attacker could potentially\nexploit this vulnerability, given knowledge of a local user's password\nand the presence of at least one entry in /etc/calife.auth, to execute\narbitrary code with root privileges.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 2.8.4c-1woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.8.6-1.
\nWe recommend that you update your calife package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo vulnerabilities have been discovered in the Linux kernel that may\nlead to a denial of service or arbitrary code execution. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nWei Wang from McAfee reported a potential heap overflow in the\n ASN.1 decode code that is used by the SNMP NAT and CIFS\n subsystem. Exploitation of this issue may lead to arbitrary code\n execution. This issue is not believed to be exploitable with the\n pre-built kernel images provided by Debian, but it might be an\n issue for custom images built from the Debian-provided source\n package.
Brandon Edwards of McAfee Avert labs discovered an issue in the\n DCCP subsystem. Due to missing feature length checks it is possible\n to cause an overflow that may result in remote arbitrary code\n execution.
For the stable distribution (etch) these problems have been fixed in\nversion 2.6.18.dfsg.1-18etch6.
\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nEmmanuel Bouillon discovered a double free in tgt, the Linux SCSI target\nuser-space tools, which could lead to denial of service.
\nThe oldstable distribution (lenny) doesn't include tgt.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.0.4-2squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:1.0.4-3.
\nWe recommend that you upgrade your tgt packages.
\nChoongwoo Han discovered that a programming error in the wrestool tool\nof the icoutils suite allows denial of service or the execution of\narbitrary code if a malformed binary is parsed.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.31.0-2+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.31.0-4.
\nWe recommend that you upgrade your icoutils packages.
\nIt was discovered that a directory traversal vulnerability in CherryPy,\na pythonic, object-oriented web development framework, may lead to denial\nof service by deleting files through malicious session IDs in cookies.
\nThe old stable distribution (sarge) doesn't contain python-cherrypy.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.2.1-3etch1.
\nWe recommend that you upgrade your python-cherrypy packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nStefan Nordhausen has identified a local security hole in net-acct, a\nuser-mode IP accounting daemon. Old and redundant code from some time\nway back in the past created a temporary file in an insecure fashion.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.71-5woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.71-7.
\nWe recommend that you upgrade your net-acct package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSteve Kemp discovered a problem in trr19, a type trainer application\nfor GNU Emacs, which is written as a pair of setgid() binaries and\nwrapper programs which execute commands for GNU Emacs. However, the\nbinaries don't drop privileges before executing a command, allowing an\nattacker to gain access to the local group games.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0beta5-15woody1. The mipsel binary will be added later.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your trr19 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit Project\ndiscovered that the DBI library, the Perl5 database interface, creates\na temporary PID file in an insecure manner. This can be exploited by a\nmalicious user to overwrite arbitrary files owned by the person\nexecuting the parts of the library.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.21-2woody2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.46-6.
\nWe recommend that you upgrade your libdbi-perl package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:
\nFernando Ribeiro discovered that a vulnerability in the getRawDER\n function allows remote attackers to cause a denial of service\n (hang) and possibly execute arbitrary code.
Daniel Bleichenbacher recently described an implementation error\n in RSA signature verification that cause the application to\n incorrectly trust SSL certificates.
Priit Laes reported that a JavaScript regular expression can\n trigger a heap-based buffer overflow which allows remote attackers\n to cause a denial of service and possibly execute arbitrary code.
A vulnerability has been discovered that allows remote attackers\n to bypass the security model and inject content into the sub-frame\n of another site.
Georgi Guninski demonstrated that even with JavaScript disabled in\n mail (the default) an attacker can still execute JavaScript when a\n mail message is viewed, replied to, or forwarded.
Multiple unspecified vulnerabilities in Firefox, Thunderbird and\n SeaMonkey allow remote attackers to cause a denial of service,\n corrupt memory, and possibly execute arbitrary code.
For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8c.1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.5.0.7-1.
\nWe recommend that you upgrade your Mozilla Thunderbird packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in kvm, a full virtualization system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nIt was discovered an Integer overflow in the kvm_dev_ioctl_get_supported_cpuid\nfunction. This allows local users to have an unspecified impact via a\nKVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
It was discovered that the handle_dr function in the KVM subsystem does not\nproperly verify the Current Privilege Level (CPL) before accessing a debug\nregister, which allows guest OS users to cause a denial of service (trap) on the\nhost OS via a crafted application.
It was discovered that the do_insn_fetch function in the x86 emulator in the KVM\nsubsystem tries to interpret instructions that contain too many bytes to be\nvalid, which allows guest OS users to cause a denial of service (increased\nscheduling latency) on the host OS via unspecified manipulations related to SMP\nsupport.
For the stable distribution (lenny), these problems have been fixed in version\n72+dfsg-5~lenny4.
\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthese problems will be fixed soon.
\nWe recommend that you upgrade your kvm package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\nSeveral local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n
\n\n It was discovered that the DBLink module performed insufficient\n credential validation. This issue is also tracked as CVE-2007-6601,\n since the initial upstream fix was incomplete.\n
\n Tavis Ormandy and Will Drewry discovered that a bug in the handling\n of back-references inside the regular expressions engine could lead\n to an out of bounds read, resulting in a crash. This constitutes only\n a security problem if an application using PostgreSQL processes\n regular expressions from untrusted sources.\n
\n Tavis Ormandy and Will Drewry discovered that the optimizer for regular\n expression could be tricked into an infinite loop, resulting in denial\n of service. This constitutes only a security problem if an application\n using PostgreSQL processes regular expressions from untrusted sources.\n
\n Tavis Ormandy and Will Drewry discovered that the optimizer for regular\n expression could be tricked massive resource consumption. This\n constitutes only a security problem if an application using PostgreSQL\n processes regular expressions from untrusted sources.\n
\n Functions in index expressions could lead to privilege escalation. For\n a more in depth explanation please see the upstream announce available\n at http://www.postgresql.org/about/news.905.\n
\nThe old stable distribution (sarge), doesn't contain postgresql-8.1.\n
\n\nFor the stable distribution (etch), these problems have been fixed in version\npostgresql-8.1 8.1.11-0etch1.\n
\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8.2.6-1 of postgresql-8.2.\n
\n\nWe recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\nOriol Carreras discovered that syslog-ng, a next generation logging\ndaemon can be tricked into dereferencing a NULL pointer through\nmalformed timestamps, which can lead to denial of service and the\ndisguise of an subsequent attack, which would otherwise be logged.\n
\n\nThe old stable distribution (sarge) is not affected.\n
\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.0.0-1etch1.\n
\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.6-1.\n
\n\nWe recommend that you upgrade your syslog-ng package.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities were found in OpenLDAP, a free implementation\nof the Lightweight Directory Access Protocol.
\nMichael Vishchers from Seven Principles AG discovered a denial of\n service vulnerability in slapd, the directory server implementation.\n When the server is configured to used the RWM overlay, an attacker\n can make it crash by unbinding just after connecting, because of an\n issue with reference counting.
The default Debian configuration of the directory database allows\n every users to edit their own attributes. When LDAP directories are\n used for access control, and this is done using user attributes, an\n authenticated user can leverage this to gain access to unauthorized\n resources.\n\t
\nPlease note this is a Debian specific vulnerability.
\nThe new package won't use the unsafe access control rule for new\n databases, but existing configurations won't be automatically\n modified. Administrators are incited to look at the README.Debian\n file provided by the updated package if they need to fix the access\n control rule.
Ryan Tandy discovered a denial of service vulnerability in slapd.\n When using the deref overlay, providing an empty attribute list in\n a query makes the daemon crashes.
For the stable distribution (wheezy), these problems have been fixed in\nversion 2.4.31-2.
\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.4.40-4.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.40-4.
\nWe recommend that you upgrade your openldap packages.
\nSeveral vulnerabilities were discovered in the Apache2 HTTP server.
\nRedTeam Pentesting GmbH discovered that mod_session_crypto was\n vulnerable to padding oracle attacks, which could allow an attacker\n to guess the session cookie.
Maksim Malyutin discovered that malicious input to mod_auth_digest\n could cause the server to crash, causing a denial of service.
David Dennerline, of IBM Security's X-Force Researchers, and R\u00e9gis\n Leroy discovered problems in the way Apache handled a broad pattern\n of unusual whitespace patterns in HTTP requests. In some\n configurations, this could lead to response splitting or cache\n pollution vulnerabilities. To fix these issues, this update makes\n Apache httpd be more strict in what HTTP requests it accepts.
\nIf this causes problems with non-conforming clients, some checks can\n be relaxed by adding the new directive HttpProtocolOptions unsafe
\n to the configuration.
This update also fixes the issue where mod_reqtimeout was not enabled\nby default on new installations.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.4.10-10+deb8u8.
\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 2.4.25-1.
\nWe recommend that you upgrade your apache2 packages.
\nIvan Fratric of the Google Security Team discovered a heap-based buffer\noverflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter\nlibrary. A remote attacker could provide a specially-crafted YAML\ndocument that, when parsed by an application using libyaml, would cause\nthe application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.1.3-1+deb6u4.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.1.4-2+deb7u4.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your libyaml packages.
\nStefan Esser discovered that Horde, a web application framework providing\nclasses for dealing with preferences, compression, browser detection,\nconnection tracking, MIME, and more, is insufficiently validating and\nescaping user provided input. The Horde_Form_Type_image form element\nallows to reuse a temporary filename on reuploads which are stored in a\nhidden HTML field and then trusted without prior validation. An attacker\ncan use this to overwrite arbitrary files on the system or to upload PHP\ncode and thus execute arbitrary code with the rights of the webserver.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 3.1.3-4etch6.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.2.2+debian0-2+lenny1.
\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 3.3.5+debian0-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.3.5+debian0-1.
\nWe recommend that you upgrade your horde3 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nViliam Holub discovered a bug in gtksee whereby, when loading PNG\nimages of certain color depths, gtksee would overflow a heap-allocated\nbuffer. This vulnerability could be exploited by an attacker using a\ncarefully constructed PNG image to execute arbitrary code when the\nvictim loads the file in gtksee.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.5.0-6.
\nFor the unstable distribution (sid) this problem will be fixed soon.\nRefer to Debian bug #76346.
\nWe recommend that you update your gtksee package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nHan Han of Red Hat discovered that augeas, a configuration editing\ntool, improperly handled some escaped strings. A remote attacker could\nleverage this flaw by sending maliciously crafted strings, thus\ncausing an augeas-enabled application to crash or potentially execute\narbitrary code.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.2.0-0.2+deb8u2.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.8.0-1+deb9u1.
\nWe recommend that you upgrade your augeas packages.
\nSteve Grubb discovered a problem in the Portable Network Graphics\nlibrary libpng which is utilised in several applications. When\nprocessing a broken PNG image, the error handling routine will access\nmemory that is out of bounds when creating an error message.\nDepending on machine architecture, bounds checking and other\nprotective measures, this problem could cause the program to crash if\na defective or intentionally prepared PNG image file is handled by\nlibpng.
\nThis could be used as a denial of service attack against various\nprograms that link against this library. The following commands will\nshow you which packages utilise this library and whose programs should\nprobably restarted after an upgrade:
\n\n apt-cache showpkg libpng2\n apt-cache showpkg libpng3\n\n
The following security matrix explains which package versions will\ncontain a correction.
\nPackage | \nstable (woody) | \nunstable (sid) | \n
---|---|---|
libpng | \n1.0.12-3.woody.5 | \n1.0.15-5 | \n
libpng3 | \n1.2.1-1.1.woody.5 | \n1.2.5.0-6 | \n
We recommend that you upgrade your libpng and related packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in the Bugzilla\nbug tracking system, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:
\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered that insecure temporary\n file usage may lead to denial of service through a symlink attack.
Several cross-site scripting vulnerabilities may lead to injection\n of arbitrary web script code.
For the stable distribution (sarge) these problems have been fixed in\nversion 2.16.7-7sarge2.
\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 2.22.1-1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.22.1-1.
\nWe recommend that you upgrade your bugzilla packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that pattern-based ACLs in the Mosquitto MQTT broker\ncould be bypassed.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.3.4-2+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.10-3.
\nWe recommend that you upgrade your mosquitto packages.
\nJakob Lell discovered a bug in the 'noroff' script included in noweb\nwhereby a temporary file was created insecurely. During a review,\nseveral other instances of this problem were found and fixed. Any of\nthese bugs could be exploited by a local user to overwrite arbitrary\nfiles owned by the user invoking the script.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.9a-7.3.
\nFor old stable distribution (potato) this problem has been fixed in\nversion 2.9a-5.1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you update your noweb package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that Icinga, a host and network monitoring system,\ncontains several buffer overflows in the history.cgi CGI program.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.2-2+squeeze1.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.7.1-5.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.7.1-5.
\nWe recommend that you upgrade your icinga packages.
\nByrial Jensen discovered a couple of off-by-one buffer overflow in the\nIMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME,\nGPG, PGP and threading. This code is imported in the Balsa package.\nThis problem could potentially allow a remote malicious IMAP server to\ncause a denial of service (crash) and possibly execute arbitrary code\nvia a specially crafted mail folder.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.2.4-2.2.
\nThe old stable distribution (potato) does not seem to be affected by\nthis problem.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your balsa package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nUlf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nformat string vulnerability in the CDDB processing component of\nxine-lib, the xine video/media player library, that could lead to the\nexecution of arbitrary code caused by a malicious CDDB entry.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody4.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your libxine0 and libxine1 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in OpenJPEG, a JPEG 2000\nimage library, that may lead to denial of service (CVE-2013-1447) via\napplication crash or high memory consumption, possible code execution\nthrough heap buffer overflows (CVE-2013-6045), information disclosure\n(CVE-2013-6052), or yet another heap buffer overflow that only appears\nto affect OpenJPEG 1.3 (CVE-2013-6054).
\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.3+dfsg-4+squeeze2.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.3+dfsg-4.7.
\nFor the testing distribution (jessie), and the unstable distribution (sid),\nthese problems will be fixed soon.
\nWe recommend that you upgrade your openjpeg packages.
\nDan McMahill noticed that our advisory DSA 661-1 did not correct\nthe multiple insecure files problem, hence, this update. For\ncompleteness below is the original advisory text:
\n\n\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit project\ndiscovered that f2c and fc, which are both part of the f2c package, a\nfortran 77 to C/C++ translator, open temporary files insecurely and\nare hence vulnerable to a symlink attack. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:
\n\n
\n- CAN-2005-0017\n
Multiple insecure temporary files in the f2c translator.
\n- CAN-2005-0018\n
Two insecure temporary files in the f2 shell script.
\n
For the stable distribution (woody) and all others including testing\nthis problem has been fixed in version 20010821-3.2.
\nWe recommend that you upgrade your f2c package.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the revised advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in network traffic\nanalyzer Wireshark. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nThe GSM SMS dissector is vulnerable to denial of service.
The PANA and KISMET dissectors are vulnerable to denial of service.
The RMI dissector could disclose system memory.
The packet reassembling module is vulnerable to denial of service.
The zlib uncompression module is vulnerable to denial of service.
The Bluetooth ACL dissector is vulnerable to denial of service.
The PRP and MATE dissectors are vulnerable to denial of service.
The Q931 dissector is vulnerable to denial of service.
For the stable distribution (etch), these problems have been fixed in\nversion 0.99.4-5.etch.3.
\nFor the upcoming stable distribution (lenny), these problems have been\nfixed in version 1.0.2-3+lenny2.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your wireshark packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMax Vozeler discovered several format string vulnerabilities in the\nmovemail utility of Emacs, the well-known editor. Via connecting to a\nmalicious POP server an attacker can execute arbitrary code under the\nprivileges of group mail.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 20.7-13.3.
\nThe unstable distribution (sid) does not contain an Emacs20 package\nanymore.
\nWe recommend that you upgrade your emacs packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThe KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.
\nBy carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.
\nFor the current stable distribution (woody), these problems have been\nfixed in version 2.2.2-8.2. Please note that we are unable to provide\nupdated packages for both MIPS architectures since the compilation of\nkdemultimedia triggers an internal compiler error on these machines.
\nThe old stable distribution (potato) does not contain KDE packages.
\nFor the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.
\nWe recommend that you upgrade your KDE packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.
\nregenrecht
discovered that incorrect pointer handling in the SVG\n processing code could lead to the execution of arbitrary code.
regenrecht
discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.
moz_bug_r_a_4
discovered a Chrome privilege escalation\n vulnerability in the event handler code.
Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.
shutdown
discovered an information leak in the handling of\n RegExp.input.
moz_bug_r_a4
discovered a Chrome privilege escalation\n vulnerability.
As indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.12-1.
\nWe recommend that you upgrade your iceweasel packages.
\nPaul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to flushing the TLB (Translation\nLookaside Buffer, an address cache) too early it is possible for an\nattacker to trigger a local root exploit.
\nThe attack vectors for 2.4.x and 2.2.x kernels are exclusive for the\nrespective kernel series, though. We formerly believed that the\nexploitable vulnerability in 2.4.x does not exist in 2.2.x which is\nstill true. However, it turned out that a second (sort of)\nvulnerability is indeed exploitable in 2.2.x, but not in 2.4.x, with a\ndifferent exploit, of course.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 9woody1 of Linux 2.2 kernel images for the sparc architecture\nand in version 2.2.20-5woody3 of Linux 2.2.20 source.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 9.1 of Linux 2.2 kernel images for the sparc architecture.
\nThis problem has been fixed for other architectures already.
\nWe recommend that you upgrade your Linux kernel package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been fixed in the GNU C Library, eglibc.
\nThe CVE-2015-7547 vulnerability listed below is considered to have\ncritical impact.
\nRobin Hack discovered that the nss_files database did not\n correctly implement enumeration interleaved with name-based or\n ID-based lookups. This could cause the enumeration enter an\n endless loop, leading to a denial of service.
Arjun Shankar discovered that the _r variants of host name\n resolution functions (like gethostbyname_r), when performing DNS\n name resolution, suffered from a buffer overflow if a misaligned\n buffer was supplied by the applications, leading to a crash or,\n potentially, arbitrary code execution. Most applications are not\n affected by this vulnerability because they use aligned buffers.
The Google Security Team and Red Hat discovered that the eglibc\n host name resolver function, getaddrinfo, when processing\n AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its\n internal buffers, leading to a stack-based buffer overflow and\n arbitrary code execution. This vulnerability affects most\n applications which perform host name resolution using getaddrinfo,\n including system services.
Adam Nielsen discovered that if an invalid separated time value\n is passed to strftime, the strftime function could crash or leak\n information. Applications normally pass only valid time\n information to strftime; no affected applications are known.
Hector Marco-Gisbert reported that LD_POINTER_GUARD was not\n ignored for SUID programs, enabling an unintended bypass of a\n security feature. This update causes eglibc to always ignore the\n LD_POINTER_GUARD environment variable.
Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r\n functions did not check the size argument properly, leading to a\n crash (denial of service) for certain arguments. No impacted\n applications are known at this time.
The catopen function contains several unbound stack allocations\n (stack overflows), causing it the crash the process (denial of\n service). No applications where this issue has a security impact\n are currently known.
The following fixed vulnerabilities currently lack CVE assignment:
\nJoseph Myers reported that an integer overflow in the\n strxfrm can lead to heap-based buffer overflow, possibly allowing\n arbitrary code execution. In addition, a fallback path in strxfrm\n uses an unbounded stack allocation (stack overflow), leading to a\n crash or erroneous application behavior.
Kostya Serebryany reported that the fnmatch function could skip\n over the terminating NUL character of a malformed pattern, causing\n an application calling fnmatch to crash (denial of service).
Joseph Myers reported that the IO_wstr_overflow function,\n internally used by wide-oriented character streams, suffered from\n an integer overflow, leading to a heap-based buffer overflow. On\n GNU/Linux systems, wide-oriented character streams are rarely\n used, and no affected applications are known.
Andreas Schwab reported a memory leak (memory allocation without a\n matching deallocation) while processing certain DNS answers in\n getaddrinfo, related to the _nss_dns_gethostbyname4_r function.\n This vulnerability could lead to a denial of service.
While it is only necessary to ensure that all processes are not using\nthe old eglibc anymore, it is recommended to reboot the machines after\napplying the security upgrade.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.13-38+deb7u10.
\nWe recommend that you upgrade your eglibc packages.
\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.
\nJim Mattson discovered that the KVM implementation for Intel x86\n processors does not properly handle #BP and #OF exceptions in an\n L2 (nested) virtual machine. A local attacker in an L2 guest VM\n can take advantage of this flaw to cause a denial of service for\n the L1 guest VM.
Alexander Popov discovered a race condition flaw in the n_hdlc\n line discipline that can lead to a double free. A local\n unprivileged user can take advantage of this flaw for privilege\n escalation. On systems that do not already have the n_hdlc module\n loaded, this can be mitigated by disabling it:\n echo>> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false
Gareth Evans reported that privileged users can map memory at\n address 0 through the shmat() system call. This could make it\n easier to exploit other kernel security vulnerabilities via a\n set-UID program.
Alexander Popov reported a race condition in the SCTP\n implementation that can be used by local users to cause a\n denial-of-service (crash). The initial fix for this was incorrect\n and introduced further security issues (\n CVE-2017-6353). This update includes a later fix that\n avoids those. On systems that do not already have the sctp\n module loaded, this can be mitigated by disabling it:\n echo>> /etc/modprobe.d/disable-sctp.conf install sctp false
Dmitry Vyukov reported a bug in the TCP implementation's handling\n of urgent data in the splice() system call. This can be used by a\n remote attacker for denial-of-service (hang) against applications\n that read from TCP sockets with splice().
Andrey Konovalov reported that the LLC type 2 implementation\n incorrectly assigns socket buffer ownership. This can be used\n by a local user to cause a denial-of-service (crash). On systems\n that do not already have the llc2 module loaded, this can be\n mitigated by disabling it:\n echo>> /etc/modprobe.d/disable-llc2.conf install llc2 false
Dmitry Vyukov reported a race condition in the raw packet (af_packet)\n fanout feature. Local users with the CAP_NET_RAW capability (in any\n user namespace) can use this for denial-of-service and possibly for\n privilege escalation.
Dmitry Vyukov reported that the general queue implementation in\n the IrDA subsystem does not properly manage multiple locks,\n possibly allowing local users to cause a denial-of-service\n (deadlock) via crafted operations on IrDA devices.
For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u2.
\nWe recommend that you upgrade your linux packages.
\nThis update fixes all currently known regressions introduced with\nthe previous two revisions of DSA-1409.\nThe original text is reproduced below:
\n\n\nSeveral local/remote vulnerabilities have been discovered in samba,\na LanManager-like file and printer server for Unix. The Common\nVulnerabilities and Exposures project identifies the following problems:
\n\n
\n- CVE-2007-5398\n
\nAlin Rad Pop of Secunia Research discovered that nmbd did not properly\n check the length of netbios packets. When samba is configured as a WINS\n server, a remote attacker could send multiple crafted requests resulting\n in the execution of arbitrary code with root privileges.
\n- CVE-2007-4572\n
\nSamba developers discovered that nmbd could be made to overrun a buffer\n during the processing of GETDC logon server requests. When samba is\n configured as a Primary or Backup Domain Controller, a remote attacker\n could send malicious logon requests and possibly cause a denial of\n service.
\n
For the old stable distribution (sarge), these problems have been fixed in\nversion 3.0.14a-3sarge10.
\nFor the stable distribution (etch), these problems have been fixed in\nversion 3.0.24-6etch8.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.0.27-1.
\nWe recommend that you upgrade your samba packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nKarthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in\nthe TLS 1.2 protocol which could allow the MD5 hash function to be used\nfor signing ServerKeyExchange and Client Authentication packets during a\nTLS handshake. A man-in-the-middle attacker could exploit this flaw to\nconduct collision attacks to impersonate a TLS server or an\nauthenticated TLS client.
\nMore information can be found at\nhttps://www.mitls.org/pages/attacks/SLOTH
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.0.1e-2+deb7u19.
\nFor the stable distribution (jessie), the testing distribution (stretch)\nand the unstable distribution (sid), this issue was already addressed in\nversion 1.0.1f-1.
\nWe recommend that you upgrade your openssl packages.
\nJoan Calvet discovered that httrack, a utility to create local copies of\nwebsites, is vulnerable to a buffer overflow potentially allowing to\nexecute arbitrary code when passed excessively long URLs.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 3.40.4-3.1+etch1.
\nFor the testing (lenny) and unstable distribution (sid), this problem has\nbeen fixed in version 3.42.3-1.
\nWe recommend that you upgrade your httrack package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nUlf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nformat string vulnerability in ez-ipupdate, a client for many dynamic\nDNS services. This problem can only be exploited if ez-ipupdate is\nrunning in daemon mode (most likely) with many but not all service\ntypes.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.0.11b5-1woody2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.0.11b8-8.
\nWe recommend that you upgrade your ez-ipupdate package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSteve Kemp from the Debian Security Audit project discovered that gforge,\na collaborative development tool, used temporary files insecurely which\ncould allow local users to truncate files upon the system with the privileges\nof the gforge user, or create a denial of service attack.
\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 3.1-31sarge4.
\nFor the stable distribution (etch), this problem has been fixed in version\n4.5.14-22etch3.
\nWe recommend that you upgrade your gforge package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that puppet, a centralized configuration management\nsystem, did not correctly handle YAML payloads. A remote attacker could\nuse a specially-crafted payload to execute arbitrary code on the puppet\nmaster.
\nFor the oldstable distribution (squeeze), this problem will be fixed in\nversion 2.6.2-5+squeeze8.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.18-5.
\nFor the testing distribution (jessie), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.2-1.
\nWe recommend that you upgrade your puppet packages.
\nTom Lane discovered a buffer overflow in the to_ascii function in\nPostgreSQL. This allows remote attackers to execute arbitrary code on\nthe host running the database.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 7.2.1-2woody4.
\nThe unstable distribution (sid) does not contain this problem.
\nWe recommend that you upgrade your postgresql package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nJens Steube reported a pair of buffer overflow vulnerabilities in\nhztty, a program to translate Chinese character encodings in a\nterminal session. These vulnerabilities could be exploited by a local\nattacker to gain root privileges on a system where hztty is installed.
\nAdditionally, hztty had been incorrectly installed setuid root, when\nit only requires the privileges of group utmp. This has also been\ncorrected in this update.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.0-5.2woody1.
\nFor the unstable distribution (sid) this problem will be fixed in\nversion 2.0-6.
\nWe recommend that you update your hztty package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral security related problems have been discovered in Mozilla\nThunderbird. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:
\nThe \"run-mozilla.sh\" script allows local users to create or\n overwrite arbitrary files when debugging is enabled via a symlink\n attack on temporary files.
Web pages with extremely long titles cause subsequent launches of\n the browser to appear to \"hang\" for up to a few minutes, or even\n crash if the computer has insufficient memory. [MFSA-2006-03]
The JavaScript interpreter does not properly dereference objects,\n which allows remote attackers to cause a denial of service or\n execute arbitrary code. [MFSA-2006-01]
The function allocation code allows attackers to cause a denial of\n service and possibly execute arbitrary code. [MFSA-2006-01]
XULDocument.persist() did not validate the attribute name,\n allowing an attacker to inject arbitrary XML and JavaScript code\n into localstore.rdf that would be read and acted upon during\n startup. [MFSA-2006-05]
An anonymous researcher for TippingPoint and the Zero Day\n Initiative reported that an invalid and nonsensical ordering of\n table-related tags can be exploited to execute arbitrary code.\n [MFSA-2006-27]
A particular sequence of HTML tags can cause memory corruption\n that can be exploited to execute arbitrary code. [MFSA-2006-18]
Georgi Guninski reports that forwarding mail in-line while using\n the default HTML \"rich mail\" editor will execute JavaScript\n embedded in the e-mail message with full privileges of the client.\n [MFSA-2006-21]
The HTML rendering engine does not properly block external images\n from inline HTML attachments when \"Block loading of remote images\n in mail messages\" is enabled, which could allow remote attackers\n to obtain sensitive information. [MFSA-2006-26]
A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]
Georgi Guninski reported two variants of using scripts in an XBL\n control to gain chrome privileges when the page is viewed under\n \"Print Preview\". [MFSA-2006-25]
\"shutdown\" discovered that the crypto.generateCRMFRequest method\n can be used to run arbitrary code with the privilege of the user\n running the browser, which could enable an attacker to install\n malware. [MFSA-2006-24]
Claus J\u00f8rgensen reported that a text input box can be pre-filled\n with a filename and then turned into a file-upload control,\n allowing a malicious website to steal any local file whose name\n they can guess. [MFSA-2006-23]
An anonymous researcher for TippingPoint and the Zero Day\n Initiative discovered an integer overflow triggered by the CSS\n letter-spacing property, which could be exploited to execute\n arbitrary code. [MFSA-2006-22]
\"moz_bug_r_a4\" discovered that some internal functions return\n prototypes instead of objects, which allows remote attackers to\n conduct cross-site scripting attacks. [MFSA-2006-19]
\"shutdown\" discovered that it is possible to bypass same-origin\n protections, allowing a malicious site to inject script into\n content from another site, which could allow the malicious page to\n steal information such as cookies or passwords from the other\n site, or perform transactions on the user's behalf if the user\n were already logged in. [MFSA-2006-17]
\"moz_bug_r_a4\" discovered that the compilation scope of privileged\n built-in XBL bindings is not fully protected from web content and\n can still be executed which could be used to execute arbitrary\n JavaScript, which could allow an attacker to install malware such\n as viruses and password sniffers. [MFSA-2006-16]
\"shutdown\" discovered that it is possible to access an internal\n function object which could then be used to run arbitrary\n JavaScript code with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-15]
It is possible to create JavaScript functions that would get\n compiled with the wrong privileges, allowing an attacker to run\n code of their choice with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-14]
It is possible to trick users into downloading and saving an\n executable file via an image that is overlaid by a transparent\n image link that points to the executable. [MFSA-2006-13]
An integer overflow allows remote attackers to cause a denial of\n service and possibly execute arbitrary bytecode via JavaScript\n with a large regular expression. [MFSA-2006-11]
An unspecified vulnerability allows remote attackers to cause a\n denial of service. [MFSA-2006-11]
Certain Cascading Style Sheets (CSS) can cause an out-of-bounds\n array write and buffer overflow that could lead to a denial of\n service and the possible execution of arbitrary code. [MFSA-2006-11]
It is possible for remote attackers to spoof secure site\n indicators such as the locked icon by opening the trusted site in\n a popup window, then changing the location to a malicious site.\n [MFSA-2006-12]
\"shutdown\" discovered that it is possible to inject arbitrary\n JavaScript code into a page on another site using a modal alert to\n suspend an event handler while a new page is being loaded. This\n could be used to steal confidential information. [MFSA-2006-09]
Igor Bukanov discovered that the JavaScript engine does not\n properly handle temporary variables, which might allow remote\n attackers to trigger operations on freed memory and cause memory\n corruption. [MFSA-2006-10]
A regression fix that could lead to memory corruption allows\n remote attackers to cause a denial of service and possibly execute\n arbitrary code. [MFSA-2006-11]
For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.5.0.2-1 of thunderbird.
\nWe recommend that you upgrade your Mozilla Thunderbird packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that libvirt, a library for interfacing with different\nvirtualization systems, is prone to an integer overflow (CVE-2011-2511).\nAdditionally, the stable version is prone to a denial of service,\nbecause its error reporting is not thread-safe (CVE-2011-1486).
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.8.3-5+squeeze2.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.4.6-10+lenny2.
\nFor the testing distribution (wheezy), these problems will fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.9.2-7).
\nWe recommend that you upgrade your libvirt packages.
\nStefan Esser discovered several buffer overflows and a broken boundary\ncheck within fetchmail. If fetchmail is running in multidrop mode\nthese flaws can be used by remote attackers to crash it or to execute\narbitrary code under the user id of the user running fetchmail.\nDepending on the configuration this even allows a remote root\ncompromise.
\nThese problems have been fixed in version 5.9.11-6.1 for both\nfetchmail and fetchmail-ssl for the current stable distribution\n(woody), in version 5.3.3-4.2 for fetchmail for the old stable\ndistribution (potato) and in version 6.1.0-1 for both fetchmail and\nfetchmail-ssl for the unstable distribution (sid). There are no\nfetchmail-ssl packages for the old stable distribution (potato) and\nthus no updates.
\nWe recommend that you upgrade your fetchmail packages immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nChristian J. Eibl discovered that the TeX filter of Moodle, a web-based\ncourse management system, doesn't check user input for certain TeX commands\nwhich allows an attacker to include and display the content of arbitrary system\nfiles.
\nNote that this doesn't affect installations that only use the mimetex\nenvironment.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.6.3-2+etch3.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.8.2.dfsg-3+lenny2.
\nFor the testing distribution (squeeze), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.2.dfsg-5.
\nWe recommend that you upgrade your moodle packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nHendrik Weimer discovered that it is possible for a normal user to\ndisable the login shell of the root account via usermin, a web-based\nadministration tool.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.110-3.1.
\nIn the upstream distribution this problem is fixed in version 1.220.
\nWe recommend that you upgrade your usermin package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAPR-util is part of the Apache Portable Runtime library which is used\nby projects such as Apache httpd and Subversion.
\nJeff Trawick discovered a flaw in the apr_brigade_split_line() function\nin apr-util. A remote attacker could send crafted http requests to\ncause a greatly increased memory consumption in Apache httpd, resulting\nin a denial of service.
\nThis upgrade fixes this issue. After the upgrade, any running apache2\nserver processes need to be restarted.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.12+dfsg-8+lenny5.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.3.9+dfsg-4.
\nWe recommend that you upgrade your apr-util packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that curl, a client and library to get files from servers\nusing HTTP, HTTPS or FTP, is vulnerable to the \"Null Prefix Attacks Against\nSSL/TLS Certificates\" recently published at the Blackhat conference. This\nallows an attacker to perform undetected man-in-the-middle attacks via a\ncrafted ITU-T X.509 certificate with an injected null byte in the Common\nName field.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 7.15.5-1etch3.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny3.
\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.
\nWe recommend that you upgrade your curl packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\n\n\n When trying to decode binaries, the built-in code executes any shell\n scripts the article might contain, apparently assuming they would be\n some kind of self-extracting archive.\n
\n
This problem has been fixed in version 0.9.6.2-9potato2 by removing\nthis feature.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that PyOpenSSL, a Python wrapper around the OpenSSL\nlibrary, does not properly handle certificates with NULL characters in\nthe Subject Alternative Name field.
\nA remote attacker in the position to obtain a certificate for\n'www.foo.org\\0.example.com' from a CA that a SSL client trusts, could\nuse this to spoof www.foo.org
and conduct man-in-the-middle attacks\nbetween the PyOpenSSL-using client and the SSL server.
For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.10-1+squeeze1.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.13-2+deb7u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.13-2.1.
\nWe recommend that you upgrade your pyopenssl packages.
\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leaks or privilege\nescalation.
\nIt was discovered that the Crypto API allowed unprivileged users\n to load arbitrary kernel modules. A local user can use this flaw\n to exploit vulnerabilities in modules that would not normally be\n loaded.
Akira Fujita found that the splice() system call did not validate\n the given file offset and length. A local unprivileged user can use\n this flaw to cause filesystem corruption on ext4 filesystems, or\n possibly other effects.
Florian Westphal discovered that a netfilter (iptables/ip6tables) rule\n accepting packets to a specific SCTP, DCCP, GRE or UDPlite\n port/endpoint could result in incorrect connection tracking state.\n If only the generic connection tracking module (nf_conntrack) was\n loaded, and not the protocol-specific connection tracking module,\n this would allow access to any port/endpoint of the specified\n protocol.
It was found that kernel functions that iterate over a directory\n tree can dead-lock or live-lock in case some of the directory\n entries were recently deleted or dropped from the cache. A local\n unprivileged user can use this flaw for denial of service.
Andy Lutomirski discovered that address randomisation for the vDSO\n in 64-bit processes is extremely biased. A local unprivileged user\n could potentially use this flaw to bypass the ASLR protection\n mechanism.
Dmitry Chernenkov discovered that eCryptfs writes past the end of\n the allocated buffer during encrypted filename decoding, resulting\n in local denial of service.
It was found that KVM did not correctly emulate the x86 SYSENTER\n instruction. An unprivileged user within a guest system that has\n not enabled SYSENTER, for example because the emulated CPU vendor\n is AMD, could potentially use this flaw to cause a denial of\n service or privilege escalation in that guest.
It was discovered that the open_by_handle_at() system call reads\n the handle size from user memory a second time after validating\n it. A local user with the CAP_DAC_READ_SEARCH capability could use\n this flaw for privilege escalation.
It was found that the SCTP implementation could free an\n authentication state while it was still in use, resulting in heap\n corruption. This could allow remote users to cause a denial of\n service or privilege escalation.
It was found that address randomisation for the initial stack in\n 64-bit processes was limited to 20 rather than 22 bits of entropy.\n A local unprivileged user could potentially use this flaw to\n bypass the ASLR protection mechanism.
For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u2. Additionally this update fixes regressions\nintroduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.
\nFor the upcoming stable distribution (jessie), these problems will be fixed\nsoon (a subset is fixed already).
\nFor the unstable distribution (sid), these problems will be fixed soon\n(a subset is fixed already).
\nWe recommend that you upgrade your linux packages.
\nTwo security related problems have been discovered in Mantis, a\nweb-based bug tracking system. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nA remote attacker could supply a specially crafted URL to scan\n arbitrary ports on arbitrary hosts that may not be accessible\n otherwise.
\nA remote attacker was able to insert arbitrary HTML code in bug\n reports, hence, cross site scripting.
\nA remote attacker was able to insert arbitrary HTML code in bug\n reports, hence, cross site scripting.
\nThe old stable distribution (woody) does not seem to be affected by\nthese problems.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.19.2-4.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.19.2-4.
\nWe recommend that you upgrade your mantis package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities were discovered in tcpdump, a tool for\ninspecting network traffic. If a vulnerable version of tcpdump\nattempted to examine a maliciously constructed packet, a number of\nbuffer overflows could be exploited to crash tcpdump, or potentially\nexecute arbitrary code with the privileges of the tcpdump process.
\nFor the current stable distribution (woody) these problems have been\nfixed in version 3.6.2-2.7.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you update your tcpdump package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit Project\nnoticed that the debstd script from\ndebmake, a deprecated helper package for Debian packaging, created\ntemporary directories in an insecure manner. This can be exploited by\na malicious user to overwrite arbitrary files owned by the victim.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.6.10.woody.1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.7.7.
\nWe recommend that you upgrade your debmake package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nHans Jerry Illikainen discovered that libgd2, a library for programmatic\ngraphics creation and manipulation, suffers of a signedness\nvulnerability which may result in a heap overflow when processing\nspecially crafted compressed gd2 data. A remote attacker can take\nadvantage of this flaw to cause an application using the libgd2 library\nto crash, or potentially, to execute arbitrary code with the privileges\nof the user running the application.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.0.36~rc1~dfsg-6.1+deb7u2.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-5+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.1-4.1.
\nWe recommend that you upgrade your libgd2 packages.
\nSeveral remote vulnerabilities have been discovered in Smarty, a PHP\ntemplating engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nThe _expand_quoted_text function allows for certain restrictions in\n templates, like function calling and PHP execution, to be bypassed.
The smarty_function_math function allows context-dependent attackers\n to execute arbitrary commands via shell metacharacters in the equation\n attribute of the math function.
For the old stable distribution (etch), these problems have been fixed\nin version 2.6.14-1etch2.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.6.20-1.2.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your smarty package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJohn Lightsey discovered a format string injection vulnerability in the\nlocalisation of templates in Movable Type, a blogging system. An\nunauthenticated remote attacker could take advantage of this flaw to\nexecute arbitrary code as the web server user.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.1.4+dfsg-4+deb7u3.
\nWe recommend that you upgrade your movabletype-opensource packages.
\nSeveral vulnerabilities have been discovered in the X Window System,\nwhich may lead to privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nSean Larsson discovered an integer overflow in the XC-MISC extension,\n which might lead to denial of service or local privilege escalation.
Greg MacManus discovered an integer overflow in the font handling,\n which might lead to denial of service or local privilege escalation.
Greg MacManus discovered an integer overflow in the font handling,\n which might lead to denial of service or local privilege escalation.
Sami Leides discovered an integer overflow in the libx11 library\n which might lead to the execution of arbitrary code.\n This update introduces tighter sanity checking of input passed to\n XCreateImage(). To cope with this an updated rdesktop package is\n delivered along with this security update. Another application\n reported to break is the proprietary Opera browser, which isn't\n part of Debian. The vendor has released updated packages, though.
For the old stable distribution (sarge) these problems have been fixed in\nversion 4.3.0.dfsg.1-14sarge4. This update lacks builds for the Sparc\narchitecture, due to problems on the build host. Packages will be released\nonce this problem has been resolved.
\nThe stable distribution (etch) isn't affected by these problems, as the\nvulnerabilities have already been fixed during the Etch preparation\nfreeze phase.
\nWe recommend that you upgrade your XFree86 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation:
\nLiu Wei of Red Hat discovered that a SCTP server doing ASCONF will\n panic on malformed INIT chunks by triggering a NULL pointer\n dereference.
A flaw was discovered in the way iommu mapping failures were handled\n in the kvm_iommu_map_pages() function in the Linux kernel. A guest\n OS user could exploit this flaw to cause a denial of service (host\n OS memory corruption) or possibly have other unspecified impact on\n the host OS.
A stack-based buffer overflow flaw was discovered in the\n TechnoTrend/Hauppauge DEC USB driver. A local user with write access\n to the corresponding device could use this flaw to crash the kernel\n or, potentially, elevate their privileges.
Andy Lutomirski discovered that the do_double_fault function in\n arch/x86/kernel/traps.c in the Linux kernel did not properly handle\n faults associated with the Stack Segment (SS) segment register,\n which allows local users to cause a denial of service (panic).
For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.63-2+deb7u2. This update also includes fixes for regressions\nintroduced by previous updates.
\nFor the unstable distribution (sid), these problems will be fixed soon\nin version 3.16.7-ckt2-1.
\nWe recommend that you upgrade your linux packages.
\nDaniel P. Berrange discovered that incorrect memory handling in the\nremoteDispatchDomainMemoryStats() function could lead to denial of\nservice.
\nThe oldstable distribution (squeeze) is not affected.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.9.12-11+deb7u4. This update also includes some non-security\nrelated bugfixes scheduled for the upcoming Wheezy 7.2 point release.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your libvirt packages.
\nMark Dowd discovered a buffer overflow in the mod_rewrite component of\napache, a versatile high-performance HTTP server. In some situations a\nremote attacker could exploit this to execute arbitrary code.
\nFor the stable distribution (sarge) this problem has been fixed in version 1.3.33-6sarge2.
\nFor the unstable distribution (sid) this problem will be fixed shortly.
\nWe recommend that you upgrade your apache package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities were discovered in PostgreSQL database server.
\nMitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center\n discovered that it was possible for a connection request containing a\n database name that begins with -
to be crafted that can damage or\n destroy files within a server's data directory. Anyone with access to the\n port the PostgreSQL server listens on can initiate this request.
Random numbers generated by contrib/pgcrypto functions may be easy for\n another database user to guess.
An unprivileged user could run commands that could interfere with\n in-progress backups.
For the stable distribution (squeeze), postgresql-9.1 is not available.\nDSA-2657-1 has been released for CVE-2013-1900\naffecting posgresql-8.4.
\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 9.1.9-0wheezy1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.1.9-1.
\nWe recommend that you upgrade your postgresql-9.1 packages.
\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.25. Please see the MariaDB 10.0 Release Notes for further\ndetails:
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.25-0+deb8u1.
\nWe recommend that you upgrade your mariadb-10.0 packages.
\nGuillem Jover discovered that the changelog retrieval functionality in\napt-get used temporary files in an insecure way, allowing a local user\nto cause arbitrary files to be overwritten.
\nThis vulnerability is neutralized by the fs.protected_symlinks setting in\nthe Linux kernel, which is enabled by default in Debian 7 Wheezy and up.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.9.7.9+deb7u6.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.9.2.
\nWe recommend that you upgrade your apt packages.
\nThe information security group at ETH Zurich discovered a denial of\nservice vulnerability in the crypto helper handler of the IKE daemon\npluto. More information can be found in the upstream advisory.\n
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1:2.4.12+dfsg-1.3+lenny4.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:2.6.28+dfsg-5+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.6.37-1.
\nWe recommend that you upgrade your openswan packages.
\nSeveral vulnerabilities were discovered in Postfix, a mail transfer\nagent. The Common Vulnerabilities and Exposures project identifies\nthe following problems:
\nThe postinst script grants the postfix user write access to\n /var/spool/postfix/pid, which might allow local users to\n conduct symlink attacks that overwrite arbitrary files.
The STARTTLS implementation does not properly restrict I/O\n buffering, which allows man-in-the-middle attackers to insert\n commands into encrypted SMTP sessions by sending a cleartext\n command that is processed after TLS is in place.
A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a crafted SASL\n authentication request.
For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1.
\nWe recommend that you upgrade your postfix packages.
\nSeveral vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:
\nImproper handling of SQL queries containing the NULL character\n allows local users to bypass logging mechanisms.
Usernames without a trailing null byte allow remote attackers to\n read portions of memory.
A request with an incorrect packet length allows remote attackers\n to obtain sensitive information.
Specially crafted request packets with invalid length values allow\n the execution of arbitrary code.
The following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:
\n\u00a0 | \nwoody | \nsarge | \nsid | \n
---|---|---|---|
mysql | \n3.23.49-8.15 | \nn/a | \nn/a | \n
mysql-dfsg | \nn/a | \n4.0.24-10sarge2 | \nn/a | \n
mysql-dfsg-4.1 | \nn/a | \n4.1.11a-4sarge3 | \nn/a | \n
mysql-dfsg-5.0 | \nn/a | \nn/a | \n5.0.21-3 | \n
We recommend that you upgrade your mysql packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAlexander Sulfrian discovered a buffer overflow in the\nyy_get_next_buffer() function generated by Flex, which may result in\ndenial of service and potentially the execution of code if operating on\ndata from untrusted sources.
\nAffected applications need to be rebuild. bogofilter will be rebuild\nagainst the updated flex in a followup update. Further affected\napplications should be reported at the bug referenced above.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.5.39-8+deb8u1.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 2.6.1-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.
\nWe recommend that you upgrade your flex packages.
\nSeveral issues have been fixed in phpMyAdmin, the web administration\ntool for MySQL.
\nMultiple cross-site scripting (XSS) vulnerabilities.
Denial of service (resource consumption) via a long password.
Risk of BREACH attack due to reflected parameter.
XSRF/CSRF vulnerability in phpMyAdmin setup.
Vulnerability allowing man-in-the-middle attack on API call to GitHub.
Vulnerability that allows bypassing the reCaptcha test.
Content spoofing vulnerability when redirecting user to an\n external site.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 4:3.4.11.1-2+deb7u2.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4:4.2.12-2+deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:4.5.1-1.
\nWe recommend that you upgrade your phpmyadmin packages.
\nZane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm\nengine for OpenStack. Aodh does not verify that the user creating the\nalarm is the trustor or has the same rights as the trustor, nor that the\ntrust is for the same project as the alarm. The bug allows that an\nauthenticated user without a Keystone token with knowledge of trust IDs\nto perform unspecified authenticated actions by adding alarm actions.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 3.0.0-4+deb9u1.
\nWe recommend that you upgrade your aodh packages.
\nMultiple security issues have been found in the Mantis bug tracking\nsystem, which may result in phishing, information disclosure, CAPTCHA\nbypass, SQL injection, cross-site scripting or the execution of arbitrary\nPHP code.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.18-1.
\nWe recommend that you upgrade your mantis packages.
\nSeveral vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nFlorian Apolloner discovered that in certain situations, URL\n reversing could generate scheme-relative URLs which could\n unexpectedly redirect a user to a different host, leading to\n phishing attacks.
David Wilson reported a file upload denial of service vulnerability.\n Django's file upload handling in its default configuration may\n degrade to producing a huge number of `os.stat()` system calls when\n a duplicate filename is uploaded. A remote attacker with the ability\n to upload files can cause poor performance in the upload handler,\n eventually causing it to become very slow.
David Greisen discovered that under some circumstances, the use of\n the RemoteUserMiddleware middleware and the RemoteUserBackend\n authentication backend could result in one user receiving another\n user's session, if a change to the REMOTE_USER header occurred\n without corresponding logout/login actions.
Collin Anderson discovered that it is possible to reveal any field's\n data by modifying the popup
and to_field
parameters of the query\n string on an admin change form page. A user with access to the admin\n interface, and with sufficient knowledge of model structure and the\n appropriate URLs, could construct popup views which would display\n the values of non-relationship fields, including fields the\n application developer had not intended to expose in such a fashion.
For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.5-1+deb7u8.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.6.6-1.
\nWe recommend that you upgrade your python-django packages.
\nJakub Zalas discovered that Symfony, a framework to create websites and\nweb applications, was vulnerable to restriction bypass. It was\naffecting applications with ESI or SSI support enabled, that use the\nFragmentListener. A malicious user could call any controller via the\n/_fragment path by providing an invalid hash in the URL (or removing\nit), bypassing URL signing and security rules.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.3.21+dfsg-4+deb8u1.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 2.7.0~beta2+dfsg-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.0~beta2+dfsg-2.
\nWe recommend that you upgrade your symfony packages.
\nBreno Silveira Soares of Servico Federal de Processamento de Dados\n(SERPRO) discovered that the BIND DNS server is prone to a denial of\nservice vulnerability. A remote attacker who can cause a validating\nresolver to query a zone containing specifically constructed contents\ncan cause the resolver to terminate with an assertion failure, resulting\nin a denial of service to clients relying on the resolver.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u5.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u1.
\nFor the testing distribution (stretch) and the unstable distribution\n(sid), this problem will be fixed soon.
\nWe recommend that you upgrade your bind9 packages.
\nIlja van Sprundel of IOActive discovered several security issues in the\nX.Org libXfont library, which may allow a local, authenticated user to\nattempt to raise privileges; or a remote attacker who can control the\nfont server to attempt to execute code with the privileges of the X\nserver.
\nInteger overflow of allocations in font metadata file parsing could\n allow a local user who is already authenticated to the X server to\n overwrite other memory in the heap.
libxfont does not validate length fields when parsing xfs protocol\n replies allowing to write past the bounds of allocated memory when\n storing the returned data from the font server.
Integer overflows calculating memory needs for xfs replies could\n result in allocating too little memory and then writing the returned\n data from the font server past the end of the allocated buffer.
For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.4.1-5.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.4.5-4.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.4.7-2.
\nWe recommend that you upgrade your libxfont packages.
\nAnders Kaseorg discovered that afuse, an automounting file system\nin user-space, did not properly escape meta characters in paths.\nThis allowed a local attacker with read access to the filesystem to\nexecute commands as the owner of the filesystem.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.1.1-1+etch1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.2-3.
\nWe recommend that you upgrade your afuse (0.1.1-1+etch1) package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\nIn DSA-1603-1, Debian released an update to the BIND 9 domain name\nserver, which introduced UDP source port randomization to mitigate\nthe threat of DNS cache poisoning attacks (identified by the Common\nVulnerabilities and Exposures project as CVE-2008-1447).\nThe fix, while correct, was incompatible with the version of SELinux Reference\nPolicy shipped with Debian Etch, which did not permit a process running in the\nnamed_t domain to bind sockets to UDP ports other than the standard 'domain'\nport (53).\nThe incompatibility affects both the 'targeted' and 'strict' policy packages\nsupplied by this version of refpolicy.\n
\n\nThis update to the refpolicy packages grants the ability to bind to\narbitrary UDP ports to named_t processes.\nWhen installed, the updated packages will attempt to update the bind policy\nmodule on systems where it had been previously loaded and where the previous\nversion of refpolicy was 0.0.20061018-5 or below.\n
\n\nBecause the Debian refpolicy packages are not yet designed with policy module\nupgradeability in mind, and because SELinux-enabled Debian systems often have\nsome degree of site-specific policy customization, it is difficult to assure\nthat the new bind policy can be successfully upgraded.\nTo this end, the package upgrade will not abort if the bind policy update\nfails.\nThe new policy module can be found at\n/usr/share/selinux/refpolicy-targeted/bind.pp after installation.\nAdministrators wishing to use the bind service policy can reconcile any policy\nincompatibilities and install the upgrade manually thereafter.\nA more detailed discussion of the corrective procedure may be found on\nhttps://wiki.debian.org/SELinux/Issues/BindPortRandomization.
\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.0.20061018-5.1+etch1.\n
\n\nThe unstable distribution (sid) is not affected, as subsequent refpolicy\nreleases have incorporated an analogous change.\n
\n\nWe recommend that you upgrade your refpolicy packages.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple vulnerabilities were discovered in Zend Framework, a PHP\nframework:
\nIt was discovered that due to incorrect permissions masks when\n creating directories, local attackers could potentially execute\n arbitrary code or escalate privileges.
Chris Kings-Lynne discovered an SQL injection vector caused by\n missing null byte filtering in the MS SQL PDO backend, and a similar\n issue was also found in the SQLite backend.
For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.11.13-1.1+deb7u4.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.12.9+dfsg-2+deb8u4.
\nFor the testing distribution (stretch), this problem has been fixed\nin version 1.12.16+dfsg-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.12.16+dfsg-1.
\nWe recommend that you upgrade your zendframework packages.
\nMultiple vulnerabilities were discovered in the dissectors for DVB-CI,\nGSM\u00a0A Common and ASN.1 PER and in the Netmon file parser.
\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.2.11-6+squeeze11.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy5.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.1-1.
\nWe recommend that you upgrade your wireshark packages.
\nPaul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to flushing the TLB (Translation\nLookaside Buffer, an address cache) too early it is possible for an\nattacker to trigger a local root exploit.
\nThe attack vectors for 2.4.x and 2.2.x kernels are exclusive for the\nrespective kernel series, though. We formerly believed that the\nexploitable vulnerability in 2.4.x does not exist in 2.2.x which is\nstill true. However, it turned out that a second (sort of)\nvulnerability is indeed exploitable in 2.2.x, but not in 2.4.x, with a\ndifferent exploit, of course.
\nFor the stable distribution (woody) this problem has been fixed in\nthe following versions and architectures:
\npackage | \narch | \nversion | \n
---|---|---|
kernel-source-2.2.22 | \nsource | \n2.2.22-1woody1 | \n
kernel-image-2.2.22-alpha | \nalpha | \n2.2.22-2 | \n
For the unstable distribution (sid) this problem will be fixed soon\nfor the architectures that still ship a 2.2.x kernel package.
\nWe recommend that you upgrade your Linux kernel package.
\nVulnerability matrix for CAN-2004-0077
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple vulnerabilities may lead\nto the execution of arbitrary code, data leakage or bypass of the content\nsecurity policy.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.6.0-1~deb8u1.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your icedove packages.
\nSeveral cross-site-scripting and denial of service vulnerabilities\nwere discovered in Ruby on Rails, a Ruby framework for web application\ndevelopment.
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 2.3.5-1.2+squeeze8.
\nFor the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in the version 3.2.6-5 of\nruby-activerecord-3.2, version 2.3.14-6 of ruby-activerecord-2.3,\nversion 2.3.14-7 of ruby-activesupport-2.3, version 3.2.6-6 of\nruby-actionpack-3.2 and in version 2.3.14-5 of ruby-actionpack-2.3.
\nWe recommend that you upgrade your rails packages.
\nSeveral vulnerabilities were discovered in phpMyAdmin, a tool to\nadministrate MySQL over the web. The Common Vulnerabilities and\nExposures project identifies the following problems:
\nPossible session manipulation in Swekey authentication.
Possible code injection in setup script, in case session\n variables are compromised.
Regular expression quoting issue in Synchronize code.
Possible directory traversal in MIME-type transformation.
Cross site scripting in table Print view when the attacker can\n create crafted table names.
Possible superglobal and local variables manipulation in\n Swekey authentication. (PMASA-2011-12)
The oldstable distribution (lenny) is only affected by\nCVE-2011-2642, which has been fixed in version 2.11.8.1-5+lenny9.
\nFor the stable distribution (squeeze), these problems have been fixed\nin version 3.3.7-6.
\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 3.4.3.2-1.
\nWe recommend that you upgrade your phpmyadmin packages.
\nWesley Miaw discovered that libcurl, a multi-protocol file transfer\nlibrary, is prone to a buffer overflow via the callback function when\nan application relies on libcurl to automatically uncompress data. Note\nthat this only affects applications that trust libcurl's maximum limit\nfor a fixed buffer size and do not perform any sanity checks themselves.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny4.
\nDue to a problem with the archive software, we are unable to release all\narchitectures simultaneously. Binaries for the hppa, ia64, mips, mipsel\nand s390 architectures will be provided once they are available.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 7.20.0-1.
\nWe recommend that you upgrade your curl packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nGenkin, Shamir and Tromer discovered that RSA key material could\nbe extracted by using the sound generated by the computer during the\ndecryption of some chosen ciphertexts.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.4.10-4+squeeze4.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.12-7+deb7u3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.15-3.
\nWe recommend that you upgrade your gnupg packages.
\nIt was discovered that the code to validate level 2 page table entries\nis bypassed when certain conditions are satisfied. A malicious PV guest\nadministrator can take advantage of this flaw to gain privileges via a\ncrafted superpage mapping.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.4-3+deb7u9.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.4.1-9+deb8u2.
\nWe recommend that you upgrade your xen packages.
\nThe version of enscript (a tool to convert ASCII text to different\nformats) in potato has been found to create temporary files insecurely.
\nThis has been fixed in version 1.6.2-4.1.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that the Ingo email filter rules manager performs\ninsufficient escaping of user-provided data in created procmail rules\nfiles, which allows the execution of arbitrary shell commands.
\nFor the stable distribution (sarge), this problem has been fixed in\nversion 1.0.1-1sarge1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.2-1.
\nWe recommend that you upgrade your ingo1 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the chromium web browser.
\nA use-after-free issue was discovered in the v8 javascript library.
The chrome development team found and fixed various issues during\n internal auditing.
For the stable distribution (jessie), these problems have been fixed in\nversion 53.0.2785.143-1~deb8u1.
\nFor the testing distribution (stretch), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 53.0.2785.143-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nDyon Balding discovered buffer overflows in the MikMod sound library,\nwhich could lead to the execution of arbitrary code if a user is\ntricked into opening malformed Impulse Tracker or Ultratracker sound\nfiles.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.1.11-6+lenny1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.1.11-6.2.
\nWe recommend that you upgrade your libmikmod packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that missing input sanitising in Libreoffice's filter\nfor HWP documents may result in the execution of arbitrary code if a\nmalformed document is opened.
\nFor the oldstable distribution (wheezy), this problem has been fixed in\nversion 1:3.5.4+dfsg2-0+deb7u4.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:4.3.3-2+deb8u1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your libreoffice packages.
\nMateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening\nmalformed fonts may result in denial of service or the execution of\narbitrary code.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.4.9-1.1+deb7u1.
\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.5.2-3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.5.2-3.
\nWe recommend that you upgrade your freetype packages.
\nA vulnerability has been discovered in the shadow suite which provides\nprograms like chfn and chsh. It is possible for a user, who is logged\nin but has an expired password to alter his account information with\nchfn or chsh without having to change the password. The problem was\noriginally thought to be more severe.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 20000902-12woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 4.0.3-30.3.
\nWe recommend that you upgrade your passwd package (from the shadow\nsuite).
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in libphp-adodb, the\n'adodb' database abstraction layer for PHP, which is embedded in\nmoodle, a course management system for online learning. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nAndreas Sandblad discovered that improper user input sanitisation\n results in a potential remote SQL injection vulnerability enabling\n an attacker to compromise applications, access or modify data, or\n exploit vulnerabilities in the underlying database implementation.\n This requires the MySQL root password to be empty. It is fixed by\n limiting access to the script in question.
A dynamic code evaluation vulnerability allows remote attackers to\n execute arbitrary PHP functions via the 'do' parameter.
Andy Staudacher discovered an SQL injection vulnerability due to\n insufficient input sanitising that allows remote attackers to\n execute arbitrary SQL commands.
GulfTech Security Research discovered multiple cross-site\n scripting vulnerabilities due to improper user-supplied input\n sanitisation. Attackers can exploit these vulnerabilities to\n cause arbitrary scripts to be executed in the browser of an\n unsuspecting user's machine, or result in the theft of\n cookie-based authentication credentials.
The old stable distribution (woody) does not contain moodle packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.4.4.dfsg.1-3sarge1.
\nFor the unstable distribution these problems will be fixed soon.
\nWe recommend that you upgrade your moodle package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThis has been fixed in version 2.3.2-1.3 and we recommend you upgrade\nyour rsync package immediately.
\nUnfortunately the patch used to fix that problem broke rsync.\nThis has been fixed in version 2.3.2-1.5 and we recommend you\nupgrade to that version immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n(DSA-106-2)\n
\n\n\nThe regular expression engine of Ruby, a scripting language, contains a\nmemory leak which can be triggered remotely under certain circumstances,\nleading to a denial of service condition (CVE-2008-3443).
\nIn addition, this security update addresses a regression in the REXML\nXML parser of the ruby1.8 package; the regression was introduced in\nDSA-1651-1.
\nFor the stable distribution (etch), this problem has been fixed in version\n1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4\nof the ruby1.9 package.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be\nfixed soon.
\nWe recommend that you upgrade your Ruby packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the audiofile library,\nwhich may result in denial of service or the execution of arbitrary code\nif a malformed audio file is processed.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.3.6-2+deb8u2.
\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 0.3.6-4.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.3.6-4.
\nWe recommend that you upgrade your audiofile packages.
\nEthan Benson discovered a problem in xfsdump, that contains\nadministrative utilities for the XFS filesystem. When filesystem\nquotas are enabled xfsdump runs xfsdq to save the quota information\ninto a file at the root of the filesystem being dumped. The manner in\nwhich this file is created is unsafe.
\nWhile fixing this, a new option \u201c-f path\u201d has been added to xfsdq(8)\nto specify an output file instead of using the standard output stream.\nThis file is created by xfsdq and xfsdq will fail to run if it exists\nalready. The file is also created with a more appropriate mode than\nwhatever the umask happened to be when xfsdump(8) was run.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.0.1-2.
\nThe old stable distribution (potato) is not affected since it doesn't\ncontain xfsdump packages.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.2.8-1.
\nWe recommend that you upgrade your xfsdump package immediately.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nIt was discovered that file, a file type classification tool, contains a\nflaw in the handling of indirect
magic rules in the libmagic library,\nwhich leads to an infinite recursion when trying to determine the file\ntype of certain files. The Common Vulnerabilities and Exposures project\nID CVE-2014-1943 has been assigned to identify this flaw. Additionally,\nother well-crafted files might result in long computation times (while\nusing 100% CPU) and overlong results.
For the oldstable distribution (squeeze), this problem has been fixed in\nversion 5.04-5+squeeze3.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.11-2+deb7u1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your file packages.
\nEvgeny Legerov discovered that gnupg, the GNU privacy guard, a free\nPGP replacement contains an integer overflow that can cause a\nsegmentation fault and possibly overwrite memory via a large user ID\nstring.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1.sarge4 of GnuPG and in version 1.9.15-6sarge1 of GnuPG2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.4.3-2 of GnuPG, a fix for GnuPG2 is pending.
\nWe recommend that you upgrade your gnupg package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nBy itself that is not a problem, except if Samba is configured to\nwrite log-files to a file that includes the NetBIOS name of the\nremote side by using the `%m' macro in the `log file' command. In\nthat case an attacker could use a NetBIOS name like '../tmp/evil'.\nIf the log-file was set to \"/var/log/samba/%s\" Samba would then\nwrite to /var/tmp/evil.\n
Since the NetBIOS name is limited to 15 characters and the `log\nfile' command could have an extension to the filename the results\nof this are limited. However if the attacker is also able to create\nsymbolic links on the Samba server they could trick Samba into\nappending any data they want to all files on the filesystem which\nSamba can write to.\n
The Debian GNU/Linux packaged version of Samba has a safe\nconfiguration and is not vulnerable.\n
As temporary workaround for systems that are vulnerable change all\noccurrences of the `%m' macro in smb.conf to `%l' and restart Samba.\n
This has been fixed in version 2.0.7-3.4, and we recommend that you\nupgrade your Samba package immediately.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral remote vulnerabilities have been discovered in Imagemagick, a\ncollection of image manipulation tools, which may lead to the execution\nof arbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nEero H\u00e4kkinen discovered that the display tool allocates insufficient\n memory for globbing patterns, which might lead to a buffer overflow.
Tavis Ormandy from the Google Security Team discovered that the Sun\n bitmap decoder performs insufficient input sanitising, which might\n lead to buffer overflows and the execution of arbitrary code.
Tavis Ormandy from the Google Security Team discovered that the XCF\n image decoder performs insufficient input sanitising, which might\n lead to buffer overflows and the execution of arbitrary code.
For the stable distribution (sarge) these problems have been fixed in\nversion 6:6.0.6.2-2.7.
\nFor the unstable distribution (sid) these problems will be fixed soon.
\nWe recommend that you upgrade your imagemagick packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:
\nIf a PHP application accepted untrusted SOAP object input remotely\n from clients, an attacker could read system files readable for the\n webserver.
The soap.wsdl_cache_dir function did not take PHP open_basedir\n restrictions into account. Note that Debian advises against relying\n on open_basedir restrictions for security.
For the stable distribution (squeeze), these problems have been fixed in\nversion 5.3.3-7+squeeze15.
\nFor the testing distribution (wheezy), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.4.4-14.
\nWe recommend that you upgrade your php5 packages.
\nIn MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities\nin the dispatch_command() function in libmysqld/sql_parse.cc in mysqld\nallow remote authenticated users to cause a denial of service (daemon\ncrash) and potentially the execution of arbitrary code via format\nstring specifiers in a database name in a COM_CREATE_DB or\nCOM_DROP_DB request.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 5.0.51a-24+lenny2.
\nFor the old stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch11.
\nWe recommend that you upgrade your mysql packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA denial of service vulnerability was found in the Shibboleth (an\nfederated identity framework) Service Provider. When processing certain\nmalformed SAML message generated by an authenticated attacker, the\ndaemon could crash.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.4.3+dfsg-5+deb7u1.
\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 2.5.3+dfsg-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.5.3+dfsg-2.
\nWe recommend that you upgrade your shibboleth-sp2 packages.
\nJoey Hess discovered that fuzz, a software stress-testing tool,\ncreates a temporary file without taking appropriate security\nprecautions. This bug could allow an attacker to gain the privileges\nof the user invoking fuzz, excluding root (fuzz does not allow itself\nto be invoked as root).
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.6-6woody1.
\nThe old stable distribution (potato) does not contain a fuzz package.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you update your fuzz package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMatthias Andree discovered that fetchmail, an SSL enabled POP3, APOP\nand IMAP mail gatherer/forwarder, can under certain circumstances\nattempt to dereference a NULL pointer and crash.
\nFor the old stable distribution (sarge), this problem was not present.
\nFor the stable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your fetchmail package.
\nMD5 checksums of the listed files are available in the original advisory.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nFour vulnerabilities have been discovered in XFree86.
\nThe xterm package provides a terminal escape sequence that reports\n the window title by injecting it into the input buffer of the\n terminal window, as if the user had typed it. An attacker can craft\n an escape sequence that sets the title of a victim's xterm window to\n an arbitrary string (such as a shell command) and then reports that\n title. If the victim is at a shell prompt when this is done, the\n injected command will appear on the command line, ready to be run.\n Since it is not possible to embed a carriage return in the window\n title, the attacker would have to convince the victim to press Enter\n (or rely upon the victim's careless or confusion) for the shell or\n other interactive process to interpret the window title as user\n input. It is conceivable that the attacker could craft other escape\n sequences that might convince the victim to accept the injected\n input, however. The Common Vulnerabilities and Exposures project at\n cve.mitre.org has assigned the name\n CAN-2003-0063\n to this issue.
\nTo determine whether your version of xterm is vulnerable to abuse of\n the window title reporting feature, run the following command at a\n shell prompt from within an xterm window:
\necho -e \"\\e[21t\"\n
(The terminal bell may ring, and the window title may be prefixed\n with an \"l\".)
\nThis flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to\n take action to cause the escape sequence to be sent, however (such\n as by viewing a malicious text document with the \"cat\" command).\n Whether you are likely to be exposed to it depends on how you use\n xterm. Consider the following:
\necho -e '\\e]2;s && echo rm -rf *\\a' > /tmp/sploit\n echo -e '\\e[21t' >> /tmp/sploit\n cat /tmp/sploit\n
Debian has resolved this problem by disabling the window title\n reporting escape sequence in xterm; it is understood but ignored.\n The escape sequence to set the window title has not been disabled.
\nA future release of the xterm package will have a configuration\n option to permit the user to turn the window title reporting feature\n back on, but it will default off.
\nThe xterm package, since it emulates DEC VT-series text terminals,\n emulates a feature of DEC VT terminals known as \"User-Defined Keys\"\n (UDK for short). There is a bug in xterm's handling of DEC UDK\n escape sequences, however, and an ill-formed one can cause the xterm\n process to enter a tight loop. This causes the process to \"spin\",\n consuming CPU cycles uselessly, and refusing to handle signals (such\n as efforts to kill the process or close the window).
\nTo determine whether your version of xterm is vulnerable to this\n attack, run the following command at a shell prompt from within a\n \"sacrificial\" xterm window (i.e., one that doesn't have anything in\n the scrollback buffer you might need to see later):
\necho -e \"\\eP0;0|0A/17\\x9c\"\n
This flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to\n take action to cause the escape sequence to be sent, however (such\n as by viewing a malicious text document with the \"cat\" command).\n Whether you are likely to be exposed to it depends on how you use\n xterm.
\nDebian has resolved this problem by backporting an upstream fix\n to XFree86 4.1.0.
\nMost X servers descended from the MIT/X Consortium/X.Org Sample\n Implementation, including XFree86's X servers, support an extension\n to the X protocol called MIT-SHM, which enables X clients running on\n the same host as the X server to operate more quickly and\n efficiently by taking advantage of an operating system feature\n called shared memory where it is available. The Linux kernel, for\n example, supports shared memory.
\nBecause the X server runs with elevated privileges, the operating\n system's built-in access control mechanisms are ineffective to\n police the X server's usage of segments of shared memory. The X\n server has to implement its own access control. This was\n imperfectly done in previous releases of XFree86 (and the MIT/X\n Consortium/X.Org Sample Implementation before it), leaving\n opportunities for malicious X clients to read and alter shared\n memory segments to which they should not have access. The Common\n Vulnerabilities and Exposures project at cve.mitre.org has assigned\n the name\n CAN-2002-0164\n to this issue.
\nDebian's XFree86 4.1.0-16 packages shipped with an incomplete fix\n for the this flaw, only enforcing proper access control for X\n servers that were not started by a display manager (e.g., xdm).\n This update resolves that problem.
\nThe Debian Project knows of no exploits for this vulnerability. A\n malicious X client that abused the MIT-SHM extension could\n conceivably be written however, and run (deliberately or\n unwittingly) by a user able to run an X server on a host. The\n impact of this flaw depends on how shared memory is used on the\n system. See the ipcs(8) manual page for more information.
\nDebian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.
\nSecurity researcher \"blexim\" wrote [paraphrased]:
\n\n\nI have identified several bugs in the font libraries of the\n current version of the XFree86 source code. These bugs could\n potentially lead to the execution of arbitrary code by a remote\n user in any process which calls the functions in question. The\n functions are related to the transfer and enumeration of fonts\n from font servers to clients, limiting the range of the exposure\n caused by these bugs.
\nSpecifically, several sizing variables passed from a font server\n to a client are not adequately checked, causing calculations on\n them to result in erroneous values. These erroneous calculations\n can lead to buffers on the heap and stack overflowing, potentially\n leading to arbitrary code execution. As stated before, the risk\n is limited by the fact that only clients can be affected by these\n bugs, but in some (non-default) configurations, both xfs and the X\n server can act as clients to remote font servers. In these\n configurations, both xfs and the X server could be potentially\n compromised.
\n
The Common Vulnerabilities and Exposures project at cve.mitre.org\n has assigned the name\n CAN-2003-0730\n to this issue.
\nThe Debian Project knows of no exploits for this vulnerability. By\n default in Debian, X servers are configured to listen only to a\n locally-running font server, which is not even used if the xfs\n package is not installed. The Debian default configuration of xfs\n uses only font directories on the local host, and does not attempt\n to connect to any external font servers.
\nDebian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.
\nAll of the above problems also affect the xfree86v3 packages (in the\ncase of the first two flaws, the xterm source code contains the flaws,\nbut no xterm package is produced). Due to resource limitations and a\nlack of upstream support for this legacy code, Debian is unable to\ncontinue supporting version 3.3.6 of XFree86. To avoid exposure to\nthe latter two flaws in this advisory, we recommend that you remove\nthe following packages if you have them installed:
\n(You may also wish to remove the xext, xlib6, and xlib6-altdev packages,\nas support for them is being terminated along with the rest of the\nXFree86 3.3.6 packages, though they are not affected by the flaws in\nthis advisory.)
\nFor the stable distribution (woody) these problems have been fixed in\nversion 4.1.0-16woody1.
\nFor the unstable distribution (sid) all problems except\nCAN-2003-0730\nare fixed in version 4.2.1-11.\nCAN-2003-0730\nwill be fixed in 4.2.1-12, currently in preparation.
\nWe recommend that you update your xfree86 package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in Python-YAML, a YAML parser and emitter\nfor Python. An attacker able to load specially crafted YAML input into an\napplication using python-yaml could cause the application to crash.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.10-4+deb7u1.
\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.11-2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.11-2.
\nWe recommend that you upgrade your pyyaml packages.
\nSeveral vulnerabilities have been discovered in the chromium web browser.
\nA cross-site scripting issue was discovered.
Giwan Go discovered a heap overflow issue.
A use-after-free issue was discovered in the pdfium library.
Another use-after-free issue was discovered in the pdfium library.
cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
Abdulrahman Alqabandi discovered an out-of-bounds read issue in the\n developer tools.
Luan Herrera discovered a URL spoofing issue.
Luan Herrera discovered that some drop down menus can be used to\n hide parts of the user interface.
xisigr discovered a URL spoofing issue.
Atte Kettunen discovered a use-after-free issue.
Gareth Hughes discovered a cross-site scripting issue.
haojunhou@gmail.com discovered a same-origin bypass.
Yuyang Zhou discovered a way to pop open a new window.
The chrome development team found and fixed various issues during\n internal auditing.
Tencent Keen Security Lab discovered an out-of-bounds memory access\n issue in the v8 javascript library.
A heap corruption issue was discovered in the ffmpeg library.
Choongwoo Han discovered an out-of-bounds memory access issue in\n the v8 javascript library.
Rob Wu discovered an information leak.
The chrome development team found and fixed various issues during\n internal auditing.
A use-after-free issue was discovered in the pdfium library.
Mariusz Mlynski discovered a cross-site scripting issue in SVG\n image handling.
A cross-site scripting issue was discovered.
Rob Wu discovered a same-origin bypass in the pdfium library.
Mariusz Mlynski discovered a cross-site scripting issue.
Mariusz Mlynski discovered another cross-site scripting issue.
Giwan Go discovered an out-of-bounds write issue in Blink/Webkit.
Ke Liu discovered an out-of-bounds write in the pdfium library.
A use-after-free issue was discovered in the pdfium library.
Khalil Zhani discovered an information disclosure issue in the\n developer tools.
Khalil Zhani discovered a use-after-free issue in the v8 javascript\n library.
Jonathan Birch discovered a file download protection bypass.
Looben Yang discovered a use-after-free issue.
A use-after-free issue was discovered in the pdfium library.
Rob Wu discovered a condition where data was not validated by\n the pdfium library.
Abdulrahman Alqabandi discovered a URL spoofing issue.
Rob Wu discovered a use-after-free issue in the v8 javascript\n library.
Rob Wu discovered a way to access files on the local system.
Tim Becker discovered an integer overflow issue in the angle\n library.
xisigr discovered a URL spoofing issue.
Hwiwon Lee discovered an integer overflow issue in the pdfium\n library.
Roeland Krak discovered a same-origin bypass in SVG image handling.
Scott Helme discovered a Content Security Protection bypass.
Jun Kokatsu discovered a cross-scripting issue.
Jakub \u017boczek discovered a Content Security Protection information\n disclosure.
Guang Gong discovered a way to access private data in the v8\n javascript library.
The chrome development team found and fixed various issues during\n internal auditing.
For the stable distribution (jessie), these problems have been fixed in\nversion 55.0.2883.75-1~deb8u1.
\nFor the testing distribution (stretch), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 55.0.2883.75-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nMultiple vulnerabilities have been found in the Drupal content management\nframework. More information can be found at\nhttps://www.drupal.org/SA-CORE-2015-001
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 7.14-2+deb7u9.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.32-1+deb8u2.
\nWe recommend that you upgrade your drupal7 packages.
\nMarcus Meissner discovered that attackers can trigger a buffer overflow\nin the path handling code by creating or abusing existing symlinks, which\nmay lead to the execution of arbitrary code.
\nThis vulnerability isn't present in the kernel NFS server.
\nThis update includes a bugfix for attribute handling of symlinks. This\nfix does not have security implications, but at the time when this DSA\nwas prepared it was already queued for the next stable point release, so\nwe decided to include it beforehand.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.2beta47-12woody1.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.2beta47-20sarge2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.2beta47-22.
\nWe recommend that you upgrade your nfs-user-server package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that djvulibre, the Open Source DjVu implementation\nproject, can be crashed or possibly make it execute arbitrary code when\nprocessing a specially crafted djvu file.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 3.5.23-3+squeeze1.
\nThis problem has been fixed before the release of the stable distribution\n(wheezy), therefore it is not affected.
\nWe recommend that you upgrade your djvulibre packages.
\nA vulnerability has been discovered in HSQLDB, the default database\nengine shipped with OpenOffice.org. This could result in the\nexecution of arbitrary Java code embedded in a OpenOffice.org database\ndocument with the user's privilege. This update requires an update of\nboth openoffice.org and hsqldb.
\nThe old stable distribution (sarge) is not affected by this problem.
\nFor the stable distribution (etch) this problem has been fixed in\nversion 2.0.4.dfsg.2-7etch4 of OpenOffice.org and in version\n1.8.0.7-1etch1 of hsqldb.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.3.1-1 of OpenOffice.org and in version 1.8.0.9-2 of hsqldb.
\nFor the experimental distribution this problem has been fixed in\nversion 2.3.1~rc1-1 of OpenOffice.org and in version 1.8.0.9-1 of\nhsqldb.
\nWe recommend that you upgrade your OpenOffice.org and hsqldb packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The CVE IDs mentioned above are\njust a small portion of the security issues fixed in this update. A full\nlist of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.9-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.10-1.
\nWe recommend that you upgrade your libav packages.
\nSeveral vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nEven Rouault reported that cURL does not properly handle long file\n names when doing an TFTP upload. A malicious HTTP(S) server can take\n advantage of this flaw by redirecting a client using the cURL\n library to a crafted TFTP URL and trick it to send private memory\n contents to a remote server over UDP.
Brian Carpenter and Yongji Ouyang reported that cURL contains a flaw\n in the globbing function that parses the numerical range, leading to\n an out-of-bounds read when parsing a specially crafted URL.
Max Dymond reported that cURL contains an out-of-bounds read flaw in\n the FTP PWD response parser. A malicious server can take advantage\n of this flaw to effectively prevent a client using the cURL library\n to work with it, causing a denial of service.
For the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u6.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u1.
\nWe recommend that you upgrade your curl packages.
\nSeveral vulnerabilities have been identified in Gnash, the GNU Flash\nplayer.
\nTielei Wang from Georgia Tech Information Security Center discovered a\n vulnerability in GNU Gnash which is caused due to an integer overflow\n error and can be exploited to cause a heap-based buffer overflow by\n tricking a user into opening a specially crafted SWF file.
Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie\n files are stored under /tmp and have predictable names, and the vulnerability\n allows a local attacker to overwrite arbitrary files the users has\n write permissions for, and are also world-readable which may cause\n information leak.
Jakub Wilk discovered an unsafe management of temporary files during the\n build process. Files are stored under /tmp and have predictable names, and the\n vulnerability allows a local attacker to overwrite arbitrary files\n the users has write permissions for.
For the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.8-5+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-5.
\nWe recommend that you upgrade your gnash packages.
\n\nSeveral local/remote vulnerabilities have been discovered in the MySQL\ndatabase server. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n
\n\n It was discovered that the privilege validation for the source table\n of CREATE TABLE LIKE statements was insufficiently enforced, which\n might lead to information disclosure. This is only exploitable by\n authenticated users.\n
\n It was discovered that symbolic links were handled insecurely during\n the creation of tables with DATA DIRECTORY or INDEX DIRECTORY\n statements, which might lead to denial of service by overwriting\n data. This is only exploitable by authenticated users.\n
\n It was discovered that queries to data in a FEDERATED table can\n lead to a crash of the local database server, if the remote server\n returns information with less columns than expected, resulting in\n denial of service.\n
\nThe old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.\n
\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.0.32-7etch4.\n
\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.0.51-1.\n
\n\nWe recommend that you upgrade your mysql-dfsg-5.0 packages.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\"infamous41md\" noticed that the log functions in dhcp 2.x, which is\nstill distributed in the stable Debian release, contained pass\nparameters to function that use format strings. One use seems to be\nexploitable in connection with a malicious DNS server.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.0pl5-11woody1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.0pl5-19.1.
\nWe recommend that you upgrade your dhcp package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been discovered in the Xen virtualisation\nsolution which may result in information leaks or denial of service.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 4.1.4-3+deb7u2.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your xen packages.
\nA buffer overflow has been discovered in the ODBC driver of PostgreSQL,\nan object-relational SQL database, descended from POSTGRES. It is possible\nto exploit this problem and crash the surrounding application. Hence, a\nPHP script using php4-odbc can be utilised to crash the surrounding\nApache webserver. Other parts of postgresql are not affected.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 7.2.1-2woody5.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 07.03.0200-3.
\nWe recommend that you upgrade your postgresql and related package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMichele Spagnuolo of the Google Security Team discovered that unzip, an\nextraction utility for archives compressed in .zip format, is affected\nby heap-based buffer overflows within the CRC32 verification function\n(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the\ngetZip64Data() function (CVE-2014-8141), which may lead to the execution\nof arbitrary code.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6.0-8+deb7u1.
\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6.0-13.
\nWe recommend that you upgrade your unzip packages.
\nxfstt, a TrueType font server for the X window system was found to\ncontain two classes of vulnerabilities:
\nCAN-2003-0581: a remote attacker could send requests crafted to\n trigger any of several buffer overruns, causing a denial of service or\n possibly executing arbitrary code on the server with the privileges\n of the \"nobody\" user.
\nCAN-2003-0625: certain invalid data sent during the connection\n handshake could allow a remote attacker to read certain regions of\n memory belonging to the xfstt process. This information could be\n used for fingerprinting, or to aid in exploitation of a different\n vulnerability.
\nFor the current stable distribution (woody) these problems have been\nfixed in version 1.2.1-3.
\nFor the unstable distribution (sid), CAN-2003-0581 is fixed in xfstt\n1.5-1, and CAN-2003-0625 will be fixed soon.
\nWe recommend that you update your xfstt package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMike Ashton discovered that splitvt, a utility to run two programs in a\nsplit screen, did not drop group privileges prior to executing xprop
.\nThis could allow any local user to gain the privileges of group utmp.
For the stable distribution (etch), this problem has been fixed in version\n1.6.5-9etch1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.6-4.
\nWe recommend that you upgrade your splitvt package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMarcus Meissner and Sebastian Krahmer discovered and fixed a temporary\nfile vulnerability in the mm shared memory library. This problem can\nbe exploited to gain root access to a machine running Apache which is\nlinked against this library, if shell access to the user \u201cwww-data\u201d\nis already available (which could easily be triggered through PHP).
\nThis problem has been fixed in the upstream version 1.2.0 of mm, which\nwill be uploaded to the unstable Debian distribution while this\nadvisory is released. Fixed packages for potato (Debian 2.2) and\nwoody (Debian 3.0) are linked below.
\nWe recommend that you upgrade your libmm packages immediately and\nrestart your Apache server.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nThe rsync team has received evidence that a vulnerability in all\nversions of rsync prior to 2.5.7, a fast remote file copy program, was\nrecently used in combination with a Linux kernel vulnerability to\ncompromise the security of a public rsync server.
\nWhile this heap overflow vulnerability could not be used by itself to\nobtain root access on an rsync server, it could be used in combination\nwith the recently announced do_brk() vulnerability in the Linux kernel\nto produce a full remote compromise.
\nPlease note that this vulnerability only affects the use of rsync as\nan \"rsync server\". To see if you are running a rsync server you\nshould use the command \"netstat -a -n\" to see if you are listening on\nTCP port 873. If you are not listening on TCP port 873 then you are\nnot running an rsync server.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.5.5-0.2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.5.6-1.1.
\nHowever, since the Debian infrastructure is not yet fully functional\nafter the recent break-in, packages for the unstable distribution are\nnot able to enter the archive for a while. Hence they were placed in\nJoey's home directory on the security machine.
\nWe recommend that you upgrade your rsync package immediately if you\nare providing remote sync services. If you are running testing and\nprovide remote sync services please use the packages for woody.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf,\nthe Portable Document Format (PDF) suite, which is also present in\ntetex-bin, the binary files of teTeX, and which can lead to a denial of\nservice by crashing the application or possibly to the execution of\narbitrary code.
\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.0.7+20011202-7.7.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.0.2-30sarge4.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.4.3-2 of poppler against which tetex-bin links.
\nWe recommend that you upgrade your tetex-bin package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSimon Josefsson noticed that the tspc.conf configuration file in\nfreenet6, a client to configure an IPv6 tunnel to freenet6.net, is set\nworld readable. This file can contain the username and the password\nused to contact the IPv6 tunnelbroker freenet6.net.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.6-1woody2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0-2.2.
\nWe recommend that you upgrade your freenet6 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may\nlead to a denial of service or arbitrary code execution. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:
\nDirk Nehring discovered a vulnerability in the IPsec code that allows\n remote users to cause a denial of service by sending a specially crafted\n ESP packet.
Tavis Ormandy discovered a vulnerability that allows local users to access\n uninitialized kernel memory, possibly leaking sensitive data. This issue\n is specific to the amd64-flavour kernel images.
Andi Kleen discovered an issue where uninitialized kernel memory\n was being leaked to userspace during an exception. This issue may allow\n local users to gain access to sensitive data. Only the amd64-flavour\n Debian kernel images are affected.
Alan Cox discovered an issue in multiple tty drivers that allows\n local users to trigger a denial of service (NULL pointer dereference)\n and possibly obtain elevated privileges.
Gabriel Campana discovered an integer overflow in the sctp code that\n can be exploited by local users to cause a denial of service.
Miklos Szeredi reported a missing privilege check in the do_change_type()\n function. This allows local, unprivileged users to change the properties\n of mount points.
Tobias Klein reported a locally exploitable data leak in the\n snd_seq_oss_synth_make_info() function. This may allow local users\n to gain access to sensitive information.
Zoltan Sogor discovered a coding error in the VFS that allows local users\n to exploit a kernel memory leak resulting in a denial of service.
For the stable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-22etch2.
\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nBenjamin Bach discovered that Django incorrectly handled dotted\n Python paths when using the reverse() URL resolver function. An\n attacker able to request a specially crafted view from a Django\n application could use this issue to cause Django to import arbitrary\n modules from the Python path, resulting in possible code execution.
Paul McMillan discovered that Django incorrectly cached certain\n pages that contained CSRF cookies. A remote attacker could use this\n flaw to acquire the CSRF token of a different user and bypass\n intended CSRF protections in a Django application.
Michael Koziarski discovered that certain Django model field classes\n did not properly perform type conversion on their arguments, which\n allows remote attackers to obtain unexpected results.
Michael Nelson, Natalia Bidart and James Westby discovered that\n cached data in Django could be served to a different session, or to\n a user with no session at all. An attacker may use this to retrieve\n private data or poison caches.
Peter Kuma and Gavin Wahl discovered that Django incorrectly\n validated certain malformed URLs from user input. An attacker may\n use this to cause unexpected redirects.
For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.2.3-3+squeeze10.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.5-1+deb7u7.
\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.6.5-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.6.5-1.
\nWe recommend that you upgrade your python-django packages.
\nSeveral vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nMark Striemer discovered that some user-supplied redirect URLs\n containing basic authentication credentials are incorrectly handled,\n potentially allowing a remote attacker to perform a malicious\n redirect or a cross-site scripting attack.
Sjoerd Job Postmus discovered that Django allows user enumeration\n through timing difference on password hasher work factor upgrades.
For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.4.5-1+deb7u16.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.7.7-1+deb8u4.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.4-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.4-1.
\nWe recommend that you upgrade your python-django packages.
\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:
\nSecurity researcher Guido Landi discovered that a XSL stylesheet could\n be used to crash the browser during a XSL transformation. An attacker\n could potentially use this crash to run arbitrary code on a victim's\n computer.
Security researcher Nils reported via TippingPoint's Zero Day Initiative\n that the XUL tree method _moveToEdgeShift was in some cases triggering\n garbage collection routines on objects which were still in use. In such\n cases, the browser would crash when attempting to access a previously\n destroyed object and this crash could be used by an attacker to run\n arbitrary code on a victim's computer.
Note that after installing these updates, you will need to restart any\npackages using xulrunner, typically iceweasel or epiphany.
\nAs indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.
\nFor the stable distribution (lenny), these problems have been fixed in version\n1.9.0.7-0lenny2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.8-1
\nWe recommend that you upgrade your xulrunner package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJibbers McGee discovered that PyMongo, a high-performance schema-free\ndocument-oriented data store, is prone to a denial-of-service\nvulnerability.
\nAn attacker can remotely trigger a NULL pointer dereference causing MongoDB\nto crash.
\nThe oldstable distribution (squeeze) is not affected by this issue.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.2-4+deb7u1.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 2.5.2-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.5.2-1.
\nWe recommend that you upgrade your pymongo packages.
\nAn unauthorized SSL certificate has been found in the wild issued\nfor the DigiNotar Certificate Authority, obtained through a security\ncompromise with said company. Debian, like other software\ndistributors, has as a precaution decided to disable the DigiNotar\nRoot CA by default in its ca-certificates bundle.
\nFor other software in Debian that ships a CA bundle, like the\nMozilla suite, updates are forthcoming.
\nFor the oldstable distribution (lenny), the ca-certificates package\ndoes not contain this root CA.
\nFor the stable distribution (squeeze), the root CA has been\ndisabled starting ca-certificates version 20090814+nmu3.
\nFor the testing distribution (wheezy) and unstable distribution\n(sid), the root CA has been disabled starting ca-certificates\nversion 20110502+nmu1.
\nWe recommend that you upgrade your ca-certificates packages.
\nPaul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to missing function return value check\nof internal functions a local attacker can gain root privileges.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 011226.16 of ia64 kernel source and images.
\nOther architectures are or will be mentioned in a separate advisory\nrespectively or are not affected (m68k).
\nFor the unstable distribution (sid) this problem will be fixed in version\n2.4.24-3.
\nThis problem is also fixed in the upstream version of Linux 2.4.25 and\n2.6.3.
\nWe recommend that you upgrade your Linux kernel packages immediately.
\nVulnerability matrix for CAN-2004-0077
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nHeap memory corruption leading to invalid free when processing certain\n Gray16 TIFF images.
Huzaifa Sidhpurwala of the Red Hat Security Response Team found a\n heap-based buffer overflow in JPEG2000 image parsing.
Huzaifa Sidhpurwala of the Red Hat Security Response Team found a\n heap-based buffer overflow when decoding JPEG2000 images.
For the stable distribution (squeeze), these problems have been fixed in\nversion 1.3+dfsg-4+squeeze1.
\nFor the testing (wheezy) and unstable (sid) distributions, these problems\nhave been fixed in version 1.3+dfsg-4.6.
\nWe recommend that you upgrade your openjpeg packages.
\nSebastian Krahmer discovered that opie, a system that makes it simple to use\nOne-Time passwords in applications, is prone to a privilege escalation\n(CVE-2011-2490)\nand an off-by-one error, which can lead to the execution of arbitrary code\n(CVE-2011-2489).\nAdam Zabrocki and Maksymilian Arciemowicz also discovered another off-by-one\nerror\n(CVE-2010-1938),\nwhich only affects the lenny version as the fix was already included in\nsqueeze.
\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 2.32-10.2+lenny2.
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 2.32.dfsg.1-0.2+squeeze1
\nThe testing distribution (wheezy) and the unstable distribution (sid) do\nnot contain opie.
\nWe recommend that you upgrade your opie packages.
\nWe recommend you upgrade your wu-ftpd package immediately.
Two issues were discovered in the Tomcat servlet and JSP engine.
\nRick Riemer discovered that the Cross-Origin Resource Sharing\n filter did not add a Vary header indicating possible different\n responses, which could lead to cache poisoning.
Markus D\u00f6rschmidt found that the HTTP/2 implementation bypassed\n some security checks, thus allowing an attacker to conduct\n directory traversal attacks by using specially crafted URLs.
For the oldstable distribution (jessie), these problems have been fixed\nin version 8.0.14-1+deb8u11.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 8.5.14-1+deb9u2.
\nWe recommend that you upgrade your tomcat8 packages.
\nChris Evans discovered that the GStreamer 0.10 plugin to decode NES\nSound Format files allowed the execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttp://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.10.23-7.4+deb8u1.
\nThe unstable distribution (sid) no longer contains Gstreamer 0.10.
\nWe recommend that you upgrade your gst-plugins-bad0.10 packages.
\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors, buffer overflows, use-after-frees and other implementation errors\nmay lead to the execution of arbitrary code, the bypass of security\nrestrictions or denial of service.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 31.3.0-1~deb7u1.
\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 31.3.0-1.
\nWe recommend that you upgrade your icedove packages.
\n\nTavis Ormandy of the Google Security Team has discovered several\nsecurity issues in PCRE, the Perl-Compatible Regular Expression library,\nwhich potentially allow attackers to execute arbitrary code by compiling\nspecially crafted regular expressions.\n
\n\nVersion 7.0 of the PCRE library featured a major rewrite of the regular\nexpression compiler, and it was deemed infeasible to backport the\nsecurity fixes in version 7.3 to the versions in Debian's stable and\noldstable distributions (6.7 and 4.5, respectively). Therefore, this\nupdate is based on version 7.4 (which includes the security bug fixes of\nthe 7.3 version, plus several regression fixes), with special patches to\nimprove the compatibility with the older versions. As a result, extra\ncare is necessary when applying this update.\n
\n\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n
\n\n Unmatched \\Q\\E sequences with orphan \\E codes can cause the compiled\n regex to become desynchronized, resulting in corrupt bytecode that may\n result in multiple exploitable conditions.\n
\n Multiple forms of character classes had their sizes miscalculated on\n initial passes, resulting in too little memory being allocated.\n
\n Multiple patterns of the form \\X?\\d or \\P{L}?\\d in non-UTF-8 mode\n could backtrack before the start of the string, possibly leaking\n information from the address space, or causing a crash by reading out\n of bounds.\n
\n A number of routines can be fooled into reading past the end of a\n string looking for unmatched parentheses or brackets, resulting in a\n denial of service.\n
\n Multiple integer overflows in the processing of escape sequences could\n result in heap overflows or out of bounds reads/writes.\n
\n Multiple infinite loops and heap overflows were discovered in the\n handling of \\P and \\P{x} sequences, where the length of these\n non-standard operations was mishandled.\n
\n Character classes containing a lone unicode sequence were incorrectly\n optimised, resulting in a heap overflow.\n
\nFor the old stable distribution (sarge), these problems have been fixed in\nversion 4.5+7.4-1.\n
\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 6.7+7.4-2.\n
\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.3-1.\n
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nUlf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0b-1.
\nWe recommend that you upgrade your axel package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that in Mediawiki, a wiki engine, several API modules\nallowed anti-CSRF tokens to be accessed via JSONP. These tokens protect\nagainst cross site request forgeries and are confidential.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.15.5-2squeeze6.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.19.5-1+deb7u1.
\nFor the testing distribution (jessie) and unstable distribution (sid),\nthis problem has been fixed in version 1.19.8+dfsg-1.
\nWe recommend that you upgrade your mediawiki packages.
\nSeveral remote vulnerabilities have been discovered in the TYPO3 content\nmanagement framework.
\nBecause of a not sufficiently secure default value of the TYPO3\nconfiguration variable fileDenyPattern, authenticated backend users\ncould upload files that allowed to execute arbitrary code as the\nwebserver user.
\nUser input processed by fe_adminlib.inc is not being properly filtered\nto prevent Cross Site Scripting (XSS) attacks, which is exposed when\nspecific plugins are in use.
\nFor the stable distribution (etch), these problems have been fixed in version\n4.0.2+debian-5.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.1.7-1.
\nWe recommend that you upgrade your typo3 package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA number of vulnerabilities have been discovered in the Linux kernel.
\nThis advisory provides corrected source code for Linux 2.4.17, and\ncorrected binary kernel images for the mips and mipsel architectures.\nOther versions and architectures will be covered by separate\nadvisories.
\nFor the stable distribution (woody), these problems have been fixed in\nkernel-source-2.4.17 version 2.4.17-1woody1 and\nkernel-patch-2.4.17-mips version 2.4.17-0.020226.2.woody2.
\nFor the unstable distribution (sid) these problems are fixed in\nkernel-source-2.4.20 version 2.4.20-8.
\nWe recommend that you update your kernel packages.
\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSimon Nielsen discovered that the BGP dissector in tcpdump, a powerful\ntool for network monitoring and data acquisition, does not properly\nhandle a -1 return value from an internal function that decodes data\npackets. A specially crafted BGP packet can cause a denial of service\nvia an infinite loop.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.8.3-5sarge1.
\nWe recommend that you upgrade your tcpdump package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral issues were discovered in openvpn, a virtual private network\napplication.
\nIt was discovered that openvpn did not properly handle the\n rollover of packet identifiers. This would allow an authenticated\n remote attacker to cause a denial-of-service via application\n crash.
Guido Vranken discovered that openvpn did not properly handle\n specific malformed IPv6 packets. This would allow a remote\n attacker to cause a denial-of-service via application crash.
Guido Vranken discovered that openvpn did not properly handle\n clients connecting to an HTTP proxy with NTLMv2\n authentication. This would allow a remote attacker to cause a\n denial-of-service via application crash, or potentially leak\n sensitive information like the user's proxy password.
Guido Vranken discovered that openvpn did not properly handle\n some x509 extensions. This would allow a remote attacker to cause\n a denial-of-service via application crash.
For the oldstable distribution (jessie), these problems have been fixed\nin version 2.3.4-5+deb8u2.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.4.0-6+deb9u1.
\nFor the testing distribution (buster), these problems have been fixed\nin version 2.4.3-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.3-1.
\nWe recommend that you upgrade your openvpn packages.
\nimagemagick's libmagick library, under certain circumstances, creates\ntemporary files without taking appropriate security precautions. This\nvulnerability could be exploited by a local user to create or\noverwrite files with the privileges of another user who is invoking a\nprogram using this library.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 4:5.4.4.5-1woody1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 4:5.5.7-1.
\nWe recommend that you update your imagemagick package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nPhil Oester discovered that Squid-3, a fully featured Web Proxy cache, is\nprone to a denial of service attack via a specially crafted request that\nincludes empty strings.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny4.
\nFor the testing distribution (squeeze), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.1.6-1.1.
\nWe recommend that you upgrade your squid3 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nYarom and Falkner discovered that RSA secret keys in applications using\nthe libgcrypt11 library, for example GnuPG 2.x, could be leaked via\na side channel attack, where a malicious local user could obtain private\nkey information from another user on the system.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.4.5-2+squeeze1.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.5.0-5+deb7u1.
\nFor the testing distribution (jessie) and unstable distribution (sid),\nthis problem has been fixed in version 1.5.3-1.
\nWe recommend that you upgrade your libgcrypt11 packages.
\nCarlo Contavalli discovered an integer overflow in CFS, a cryptographic\nfilesystem, which allows local users to crash the encryption daemon.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-15sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.4.1-17.
\nWe recommend that you upgrade your cfs package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral issues have been discovered in PHP, a widely-used open source\ngeneral-purpose scripting language.
\nLoading a TIFF or JPEG malicious file can lead to a Denial-of-Service\n attack when the EXIF header is being parsed.
Loading a malicious phar archive can cause an extensive memory\n allocation, leading to a Denial-of-Service attack on 32 bit\n computers.
An attacker might remotely execute arbitrary code using a malicious\n phar archive. This is the consequence of an off-by-one memory\n corruption.
An attacker with control of the unserialize() function argument can\n cause an out-of-bounce read. This could lead to a Denial-of-Service\n attack or a remote code execution.
For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.30+dfsg-0+deb8u1.
\nWe recommend that you upgrade your php5 packages.
\nMultiple issues were discovered in the TIFF tools, a set of utilities for\nTIFF image file manipulation and conversion.
\nEmmanuel Bouillon discovered a heap-based buffer overflow in the\n tp_process_jpeg_strip function in the tiff2pdf tool. This could\n potentially lead to a crash or arbitrary code execution.
Emmanuel Bouillon discovered many stack-based buffer overflows in\n the TIFF tools. These issues could potentially lead to a crash or\n arbitrary code execution.
For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.9.4-5+squeeze9.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 4.0.2-6+deb7u1.
\nFor the testing distribution (jessie), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.2-6+nmu1.
\nWe recommend that you upgrade your tiff packages.
\nIlja van Sprundel, Alan Coopersmith and William Robinet discovered\nmultiple issues in libxfont's code to process BDF fonts, which might\nresult in privilege escalation.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.5-5.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your libxfont packages.
\nThis updates fixes many vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,\nPDB, DDS, DCM, EXIF, RGF or BMP files are processed.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u4.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your imagemagick packages.
\nA remotely triggerable use-after-free vulnerability was found in\nrpcbind, a server that converts RPC program numbers into universal\naddresses. A remote attacker can take advantage of this flaw to mount a\ndenial of service (rpcbind crash).
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 0.2.0-8+deb7u1.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.2.1-6+deb8u1.
\nWe recommend that you upgrade your rpcbind packages.
\nIt was discovered that acpid, a daemon for delivering ACPI events, is\nprone to a denial of service attack by opening a large number of UNIX\nsockets, which are not closed properly.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.8-1lenny1.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.4-5etch1.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.0.10-1.
\nWe recommend that you upgrade your acpid packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit project\ndiscovered that two scripts in antiword, utilities to convert Word\nfiles to text and Postscript, create a temporary file in an insecure\nfashion.
\nFor the old stable distribution (woody) these problems have been fixed in\nversion 0.32-2woody0.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.35-2sarge1.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.35-2.
\nWe recommend that you upgrade your antiword package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nFrancisco Alonso of Red Hat Product Security found an issue in the file\nutility: when checking ELF files, note headers are incorrectly checked,\nthus potentially allowing attackers to cause a denial of service\n(out-of-bounds read and application crash) by supplying a specially\ncrafted ELF file.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.11-2+deb7u6.
\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:5.20-2.
\nWe recommend that you upgrade your file packages.
\nSteve Kemp from the Debian Security Audit project discovered that\nfireflier-server, an interactive firewall rule creation tool, uses temporary\nfiles in an unsafe manner which may be exploited to remove arbitrary files from\nthe local system.
\nFor the old stable distribution (sarge) this problem has been fixed in\nversion 1.1.5-1sarge1.
\nFor the stable distribution (etch) this problem has been fixed in\nversion 1.1.6-3etch1.
\nFor the unstable distribution (sid) this problem will be fixed shortly.
\nWe recommend that you upgrade your fireflier-server package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA cross-site scripting vulnerability was discovered in sqwebmail, a\nweb mail application provided by the courier mail suite, whereby an\nattacker could cause web script to be executed within the security\ncontext of the sqwebmail application by injecting it via an email\nmessage.
\nFor the current stable distribution (woody), this problem has been\nfixed in version 0.37.3-2.5.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.45.4-4.
\nWe recommend that you update your courier package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nPaul Szabo discovered insecure creation of a temporary file in\nps2epsi, a script that is distributed as part of gs-common which\ncontains common files for different Ghostscript releases. ps2epsi uses\na temporary file in the process of invoking ghostscript. This file\nwas created in an insecure fashion, which could allow a local attacker\nto overwrite files owned by a user who invokes ps2epsi.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.3.3.0woody1.
\nThe old stable distribution (potato) is not affected by this problem.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.3.3.1.
\nWe recommend that you upgrade your gs-common package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer\noverflows and other implementation errors may lead to the execution of\narbitrary code, denial of service, bypass of the same-origin policy or\nincorrect enforcement of CSP.
\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 52.3.0esr-1~deb8u2.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 52.3.0esr-1~deb9u1.
\nWe recommend that you upgrade your firefox-esr packages.
\nChris Evans discovered that the GStreamer 1.0 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.4.4-2+deb8u2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.1-2.
\nWe recommend that you upgrade your gst-plugins-good1.0 packages.
\nIt was discovered that OpenLDAP, a free implementation of the Lightweight\nDirectory Access Protocol, when OpenSSL is used, does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field of an X.509\ncertificate, which allows man-in-the-middle attackers to spoof arbitrary SSL\nservers via a crafted certificate issued by a legitimate Certification Authority.
\nFor the oldstable distribution (etch), this problem has been fixed in version\n2.3.30-5+etch3 for openldap2.3.
\nFor the stable distribution (lenny), this problem has been fixed in version\n2.4.11-1+lenny1 for openldap.
\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.4.17-2.1 for openldap.
\nWe recommend that you upgrade your openldap2.3/openldap packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\n\"infamous41md\" and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code. The same code is present in kpdf\nwhich is part of the kdegraphics package.
\nThe old stable distribution (woody) does not contain kpdf packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 3.3.2-2sarge3.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.5.0-3.
\nWe recommend that you upgrade your kpdf package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that weechat, a fast and light chat client, is prone\nto a buffer overflow vulnerability in the IRC plugin, allowing a remote\nattacker to cause a denial-of-service by sending a specially crafted\nfilename via DCC.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.0.1-1+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.7-3.
\nWe recommend that you upgrade your weechat packages.
\nMultiple security issues have been discovered in cyrus-imapd, a highly scalable\nmail system designed for use in enterprise environments. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nCoverity discovered a stack-based buffer overflow in the NNTP server\n implementation (nttpd) of cyrus-imapd. An attacker can exploit this\n flaw via several crafted NNTP commands to execute arbitrary code.
Stefan Cornelius of Secunia Research discovered that the command processing\n of the NNTP server implementation (nttpd) of cyrus-imapd is not properly\n implementing access restrictions for certain commands and is not checking\n for a complete, successful authentication. An attacker can use this flaw\n to bypass access restrictions for some commands and, e.g. exploit\n CVE-2011-3208 without proper authentication.
For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.2_2.2.13-14+lenny5.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.2_2.2.13-19+squeeze2.
\nFor the testing distribution (wheezy), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\ncyrus-imapd-2.4 version 2.4.12-1.
\nWe recommend that you upgrade your cyrus-imapd-2.2 packages.
\nSeveral vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nGoogle Chrome before 9.0.597.107 does not properly implement JavaScript\n dialogs, which allows remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other impact via a crafted\n HTML document.
Google Chrome before 9.0.597.107 does not properly process nodes in Cascading\n Style Sheets (CSS) stylesheets, which allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via unknown\n vectors that lead to a stale pointer
.
Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly\n perform pickle deserialization, which allows remote attackers to cause a\n denial of service (out-of-bounds read) via unspecified vectors.
Google Chrome before 9.0.597.107 does not properly handle tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a stale node
.
Google Chrome before 9.0.597.107 does not properly render tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a stale pointer
.
Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers\n to cause a denial of service or possibly have unspecified other impact via\n vectors involving a TEXTAREA element.
The WebGL implementation in Google Chrome before 9.0.597.107 allows remote\n attackers to cause a denial of service (out-of-bounds read) via unspecified\n vectors, aka Issue 71960.
In addition, this upload fixes the following issues (they don't have a CVE\n id yet):
\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze3.
\nFor the testing distribution (wheezy), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed\nversion 10.0.648.127~r76697-1.
\nWe recommend that you upgrade your chromium-browser packages.
\nMultiple security issues have been discovered in Wordpress, a weblog\nmanager, that could allow remote attackers to upload files with invalid\nor unsafe names, mount social engineering attacks or compromise a site\nvia cross-site scripting, and inject SQL commands.
\nMore information can be found in the upstream advisories at\nhttps://wordpress.org/news/2015/04/wordpress-4-1-2/ and\nhttps://wordpress.org/news/2015/04/wordpress-4-2-1/
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 3.6.1+dfsg-1~deb7u6.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed in\nversion 4.2.1+dfsg-1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.2.1+dfsg-1.
\nWe recommend that you upgrade your wordpress packages.
\n\"bazarr\" discovered that eterm is vulnerable to a buffer overflow of\nthe ETERMPATH environment variable. This bug can be exploited to gain\nthe privileges of the group \"utmp\" on a system where eterm is\ninstalled.
\nFor the stable distribution (woody), this problem has been fixed in\nversion 0.9.2-0pre2002042903.1.
\nThe old stable distribution (potato) is not affected by this bug.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you update your eterm package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nTakeshi Terada discovered a vulnerability in PHPMailer, a PHP library for\nemail transfer, used by many CMSs. The library accepted email addresses\nand SMTP commands containing line breaks, which can be abused by an\nattacker to inject messages.
\nFor the oldstable distribution (wheezy), this problem has been fixed in\nversion 5.1-1.1.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.2.14+dfsg-1.
\nWe recommend that you upgrade your libphp-phpmailer packages.
\nKousuke Ebihara discovered that redcloth, a Ruby module used to\nconvert Textile markup to HTML, did not properly sanitize its\ninput. This allowed a remote attacker to perform a cross-site\nscripting attack by injecting arbitrary JavaScript code into the\ngenerated HTML.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 4.2.9-2+deb7u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.2.9-4.
\nWe recommend that you upgrade your ruby-redcloth packages.
\nEric Romang discovered that gtkdiskfree, a GNOME program that shows\nfree and used space on filesystems, creates a temporary file in an\ninsecure fashion.
\nThe old stable distribution (woody) does not contain the gtkdiskfree\npackage.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.9.3-4sarge1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your gtkdiskfree package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral security related problems have been discovered in webcalendar,\na PHP based multi-user calendar. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:
\nMultiple SQL injection vulnerabilities allow remote attackers to\n execute arbitrary SQL commands.
Missing input sanitising allows an attacker to overwrite local\n files.
A CRLF injection vulnerability allows remote attackers to modify\n HTTP headers and conduct HTTP response splitting attacks.
The old stable distribution (woody) does not contain webcalendar packages.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.9.45-4sarge3.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.2-1.
\nWe recommend that you upgrade your webcalendar package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that a specially-crafted packet sent to the racoon\nipsec key exchange server could cause a tunnel to crash, resulting in\na denial of service.
\nThe oldstable distribution (sarge) isn't affected by this problem.
\nFor the stable distribution (etch) this problem has been fixed in\nversion 1:0.6.6-3.1.
\nThe unstable distribution (sid) will be fixed soon.
\nWe recommend that you upgrade your racoon package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.
\nlibextractor includes a copy of the xpdf code and required an update\nas well.
\nFor the oldstable distribution (sarge) this problem has been fixed in\nversion 0.4.2-2sarge6.
\nThe stable distribution (etch) isn't affected by this problem.
\nThe unstable distribution (sid) isn't affected by this problem.
\nWe recommend that you upgrade your libextractor packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nMultiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code or denial of service.
\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 52.3.0-4~deb8u2.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 52.3.0-4~deb9u1.
\nWe recommend that you upgrade your icedove packages.
\nwu-ftpd, an FTP server, implements a feature whereby multiple files\ncan be fetched in the form of a dynamically constructed archive file,\nsuch as a tar archive. The names of the files to be included are\npassed as command line arguments to tar, without protection against\nthem being interpreted as command-line options. GNU tar supports\nseveral command line options which can be abused, by means of this\nvulnerability, to execute arbitrary programs with the privileges of\nthe wu-ftpd process.
\nGeorgi Guninski pointed out that this vulnerability exists in Debian\nwoody.
\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.6.2-3woody2.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you update your wu-ftpd package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nAnother buffer overflow was discovered in xtokkaetama, involving the\n\"-nickname\" command line option. This vulnerability could be\nexploited by a local attacker to gain gid 'games'.
\nFor the current stable distribution (woody) this problem has been fixed\nin version 1.0b-6woody2.
\nFor the unstable distribution (sid) this problem is fixed in version\n1.0b-9.
\nWe recommend that you update your xtokkaetama package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nRafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly\nuncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation\nto kernel for local users.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 8.1+dfsg-8+squeeze3.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 8.3-4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.3-4.
\nWe recommend that you upgrade your kfreebsd-8 packages.
\njoernchen of Phenoelit discovered that rails, an MVC ruby based framework\ngeared for web application development, is not properly treating\nuser-supplied input to find_by_*
methods. Depending on how the\nruby on rails application is using these methods, this allows an attacker\nto perform SQL injection attacks, e.g., to bypass authentication if\nAuthlogic is used and the session secret token is known.
For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze4.
\nFor the testing distribution (wheezy), this problem will be fixed soon.
\nFor the unstable distribution (sid), this problem has been fixed in\nruby-activerecord-2.3 version 2.3.14-3.
\nWe recommend that you upgrade your rails/ruby-activerecord-2.3 packages.
\n\"Supernaut\" noticed that shorewall, the Shoreline Firewall, could\ngenerate an iptables configuration which is significantly more\npermissive than the rule set given in the shorewall configuration, if\nMAC verification are used in a non-default manner.
\nWhen MACLIST_DISPOSITION is set to ACCEPT in the shorewall.conf file,\nall packets from hosts which fail the MAC verification pass through\nthe firewall, without further checks. When MACLIST_TTL is set to a\nnon-zero value, packets from hosts which pass the MAC verification\npass through the firewall, again without further checks.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.2.3-2.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.4.1-2.
\nWe recommend that you upgrade your shorewall package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nJavier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit Project\nhas discovered multiple insecure uses\nof temporary files that could lead to overwriting arbitrary files via\na symlink attack.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 21.8-3.
\nThe unstable distribution (sid) does not contain this package.
\nWe recommend that you upgrade your htmlheadline package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in gallery, a web-based\nphoto album written in PHP4. The Common Vulnerabilities and Exposures\nproject identifies the following vulnerabilities:
\nJim Paris discovered a cross site scripting vulnerability which\n allows code to be inserted by using specially formed URLs.
\nThe upstream developers of gallery have fixed several cases of\n possible variable injection that could trick gallery to unintended\n actions, e.g. leaking database passwords.
\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.2.5-8woody3.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.4-pl4-1.
\nWe recommend that you upgrade your gallery package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nThis has been fixed upstream in version 1.2.5.1 and 1.3.25. The\nrelevant patch has been added to version 1.2.5-5 of the Debian\npackage.\n
MD5 checksums of the listed files are available in the original advisory.\n(DSA-096-2)\n
\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.
\nLi Qiang reported a reference counter leak in the ipxitf_ioctl\n function which may result into a use-after-free vulnerability,\n triggerable when a IPX interface is configured.
Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that\n the NFSv2 and NFSv3 server implementations are vulnerable to an\n out-of-bounds memory access issue while processing arbitrarily long\n arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of\n service.
Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3\n server implementations do not properly handle payload bounds\n checking of WRITE requests. A remote attacker with write access to a\n NFS mount can take advantage of this flaw to read chunks of\n arbitrary memory from both kernel-space and user-space.
Arnd Bergmann found that the DVB-USB core misused the device\n logging system, resulting in a use-after-free vulnerability, with\n unknown security impact.
It was discovered that the net_csk_clone_lock() function allows a\n remote attacker to cause a double free leading to a denial of\n service or potentially have other impact.
Johan Hovold found that the io_ti USB serial driver could leak\n sensitive information if a malicious USB device was connected.
Johan Hovold found a reference counter leak in the omninet USB\n serial driver, resulting in a use-after-free vulnerability. This\n can be triggered by a local user permitted to open tty devices.
Andrey Konovalov reported that the IPv6 fragmentation\n implementation could read beyond the end of a packet buffer. A\n local user or guest VM might be able to use this to leak sensitive\n information or to cause a denial of service (crash).
Andrey Konovalov reported that the SCTP/IPv6 implementation\n wrongly initialised address lists on connected sockets, resulting\n in a use-after-free vulnerability, a similar issue to\n CVE-2017-8890. This can be triggered by any local user.
Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations\n wrongly initialised address lists on connected sockets, a similar\n issue to CVE-2017-9075.
Andrey Konovalov reported a packet buffer overrun in the IPv6\n implementation. A local user could use this for denial of service\n (memory corruption; crash) and possibly for privilege escalation.
The Qualys Research Labs discovered that the size of the stack guard\n page is not sufficiently large. The stack-pointer can jump over the\n guard-page and moving from the stack into another memory region\n without accessing the guard-page. In this case no page-fault\n exception is raised and the stack extends into the other memory\n region. An attacker can exploit this flaw for privilege escalation.
\nThe default stack gap protection is set to 256 pages and can be\n configured via the stack_guard_gap kernel parameter on the kernel\n command line.
\nFurther details can be found at\n https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u1.
\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u1 or earlier versions before the stretch release.
\nWe recommend that you upgrade your linux packages.
\nJon Erickson of iSIGHT Partners Labs discovered a heap overflow in\nxml-security-c, an implementation of the XML Digital Security\nspecification. The fix to address\nCVE-2013-2154\nintroduced the\npossibility of a heap overflow in the processing of malformed XPointer\nexpressions in the XML Signature Reference processing code, possibly\nleading to arbitrary code execution.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.5.1-3+squeeze3.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.6.1-5+deb7u2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.1-7.
\nWe recommend that you upgrade your xml-security-c packages.
\nIt was discovered that missing input sanitising in Freetype's processing\nof CID-keyed fonts could lead to the execution of arbitrary code.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny8.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-2.1+squeeze3.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.8-1.
\nWe recommend that you upgrade your freetype packages.
\nMax Vozeler discovered that the lockmail program from maildrop, a\nsimple mail delivery agent with filtering abilities, does not drop\ngroup privileges before executing commands given on the commandline,\nallowing an attacker to execute arbitrary commands with privileges of\nthe group mail.
\nThe old stable distribution (woody) is not affected by this problem.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.5.3-1.1sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.5.3-2.
\nWe recommend that you upgrade your maildrop package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA heap-based buffer overflow was discovered in bogofilter, a software\npackage for classifying mail messages as spam or non-spam. Crafted\nmail messages with invalid base64 data could lead to heap corruption\nand, potentially, arbitrary code execution.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-2+squeeze1.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.2.2+dfsg1-2.
\nWe recommend that you upgrade your bogofilter packages.
\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.
\nBuffer overflow in the RealText parser could allow remote code\n execution via a specially crafted RealMedia file with a long\n RealText string.
Format string vulnerability in Real HelixPlayer and RealPlayer 10\n allows remote attackers to execute arbitrary code via the image\n handle attribute in a RealPix (.rp) or RealText (.rt) file.
For the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1
\nWe recommend that you upgrade your helix-player package.
\nhelix-player was distributed only on the i386 and powerpc architectures
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:
\nJiri Slaby discovered a race condition in the pty layer, which could lead\n to a denial of service or privilege escalation.
Matthew Daley discovered an information leak and missing input\n sanitising in the FDRAWCMD ioctl of the floppy driver. This could result\n in a privilege escalation.
For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze6.
\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:
\n\u00a0 | \nDebian 6.0 (squeeze) | \n
---|---|
user-mode-linux | \n2.6.32-1um-4+48squeeze6 | \n
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n
Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.
\nSeveral vulnerabilities (cross-site scripting and SQL injection) have\nbeen discovered in Cacti, a web interface for graphing of monitoring\nsystems.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 0.8.8a+dfsg-5+deb7u5.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.8.8b+dfsg-8+deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8d+ds1-1.
\nWe recommend that you upgrade your cacti packages.
\nIt was discovered that the Plone content management system lacks security\ndeclarations for three internal classes. This allows manipulation of user\nportraits by unprivileged users.
\nThe old stable distribution (woody) doesn't contain Plone.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.0.4-3sarge1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.1.2-2.
\nWe recommend that you upgrade your zope-cmfplone package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nNicolas Boullis discovered two vulnerabilities in mah-jong, a\nnetwork-enabled game.
\nThis vulnerability could be exploited by a remote attacker to\n execute arbitrary code with the privileges of the user running the\n mah-jong server.
This vulnerability could be exploited by a remote attacker to cause\n the mah-jong server to enter a tight loop and stop responding to\n commands.
For the stable distribution (woody) these problems have been fixed in\nversion 1.4-2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.5.6-2.
\nWe recommend that you update your mah-jong package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities have been found in the PostgreSQL database\nsystem:
\nIn some authentication methods empty passwords were accepted.
User mappings could leak data to unprivileged users.
The lo_put() function ignored ACLs.
\nFor more in-depth descriptions of the security vulnerabilities, please see\nhttps://www.postgresql.org/about/news/1772/
For the oldstable distribution (jessie), these problems have been fixed\nin version 9.4.13-0+deb8u1.
\nWe recommend that you upgrade your postgresql-9.4 packages.
\nSeveral vulnerabilities have been discovered in the lighttpd web server.
\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.
\nIt was discovered that lighttpd uses weak ssl ciphers when SNI (Server\n Name Indication) is enabled. This issue was solved by ensuring that\n stronger ssl ciphers are used when SNI is selected.
The clang static analyzer was used to discover privilege escalation\n issues due to missing checks around lighttpd's setuid, setgid, and\n setgroups calls. Those are now appropriately checked.
The clang static analyzer was used to discover a use-after-free issue\n when the FAM stat cache engine is enabled, which is now fixed.
For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.5.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u2.
\nFor the testing distribution (jessie), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion lighttpd_1.4.33-1+nmu1.
\nFor the testing (jessie) and unstable (sid) distributions, the regression\nproblem will be fixed soon.
\nWe recommend that you upgrade your lighttpd packages.
\nJueri Aedla discovered an off-by-one in libxml2, which could result in\nthe execution of arbitrary code.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-9.1.
\nWe recommend that you upgrade your libxml2 packages.
\nSeveral vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the\ndecoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS and\nMPEG-1/2 files could lead to the execution of arbitrary code.
\nMost of these issues were discovered by Mateusz Jurczyk and Gynvael\nColdwind.
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 4:0.5.10-1.
\nFor the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in version 6:0.8.5-1 of the source package\nlibav.
\nWe recommend that you upgrade your ffmpeg packages.
\nIt has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon,\ndoes not properly handle a '\\0' character in a domain name in the\nSubject Alternative Name field of an X.509 client certificate, when the\ndNSNameRequired TLS option is enabled.
\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny4.
\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.3.0-19etch3.
\nBinaries for the amd64 architecture will be released once they are\navailable.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.3.2a-2.
\nWe recommend that you upgrade your proftpd-dfsg packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nAn integer overflow has been found in the HTTP range module of Nginx, a\nhigh-performance web and reverse proxy server, which may result in\ninformation disclosure.
\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.2-5+deb8u5.
\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.10.3-1+deb9u1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your nginx packages.
\nDSA-2141 consists of three individual parts, which can be viewed in the\nmailing list archive:\nDSA 2141-1 (openssl),\nDSA 2141-2 (nss),\nDSA 2141-3 (apache2), and\nDSA 2141-4 (lighttpd).\nThis page only covers the first part, openssl.
\nMarsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS\nand SSLv3 protocols. If an attacker could perform a man in the middle\nattack at the start of a TLS connection, the attacker could inject\narbitrary content at the beginning of the user's session. This update\nadds backported support for the new RFC5746 renegotiation extension\nwhich fixes this issue.
\nIf openssl is used in a server application, it will by default no\nlonger accept renegotiation from clients that do not support the\nRFC5746 secure renegotiation extension. A separate advisory will add\nRFC5746 support for nss, the security library used by the iceweasel\nweb browser. For apache2, there will be an update which allows to\nre-enable insecure renegotiation.
\nThis version of openssl is not compatible with older versions of tor.\nYou have to use at least tor version 0.2.1.26-1~lenny+1, which has\nbeen included in the point release 5.0.7 of Debian stable.
\nCurrently we are not aware of other software with similar compatibility\nproblems.
In addition, this update fixes a flaw that allowed a client to bypass\nrestrictions configured in the server for the used cipher suite.
For the stable distribution (lenny), this problem has been fixed\nin version 0.9.8g-15+lenny11.
\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), this problem has been fixed in version 0.9.8o-4.
\nWe recommend that you upgrade your openssl package.
\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/
\nA buffer overflow was discovered in the Firebird database server, which\ncould result in the execution of arbitrary code. In addition, a denial\nof service vulnerability was discovered in the TraceManager.
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.
\nFor the testing distribution (wheezy), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your firebird2.5 packages.
\nMultiple vulnerabilities were discovered in ownCloud, a cloud storage\nweb service for files, music, contacts, calendars and many more.
\nHugh Davenport discovered that the contacts
application shipped\n with ownCloud is vulnerable to multiple stored cross-site\n scripting attacks. This vulnerability is effectively exploitable\n in any browser.
Roy Jansen discovered that the documents
application shipped with\n ownCloud is vulnerable to multiple stored cross-site scripting\n attacks. This vulnerability is not exploitable in browsers that\n support the current CSP standard.
Lukas Reschke discovered a blacklist bypass vulnerability, allowing\n authenticated remote attackers to bypass the file blacklist and\n upload files such as the .htaccess files. An attacker could leverage\n this bypass by uploading a .htaccess and execute arbitrary PHP code\n if the /data/ directory is stored inside the web root and a web\n server that interprets .htaccess files is used. On default Debian\n installations the data directory is outside of the web root and thus\n this vulnerability is not exploitable by default.
For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.4+dfsg-4~deb8u1.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 7.0.4+dfsg-3.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.4+dfsg-3.
\nWe recommend that you upgrade your owncloud packages.
\nJouko Pynnonen discovered a problem with IMP, a web based IMAP mail\nprogram. Using carefully crafted URLs a remote attacker is able to\ninject SQL code into SQL queries without proper user authentication.\nEven though results of SQL queries aren't directly readable from the\nscreen, an attacker might update their mail signature to contain wanted\nquery results and then view it on the preferences page of IMP.
\nThe impact of SQL injection depends heavily on the underlying database\nand its configuration. If PostgreSQL is used, it's possible to\nexecute multiple complete SQL queries separated by semicolons. The\ndatabase contains session id's so the attacker might hijack sessions\nof people currently logged in and read their mail. In the worst case,\nif the hordemgr user has the required privilege to use the COPY SQL\ncommand (found in PostgreSQL at least), a remote user may read or\nwrite to any file the database user (postgres) can. The attacker may\nthen be able to run arbitrary shell commands by writing them to the\npostgres user's ~/.psqlrc; they'd be run when the user starts the psql\ncommand which under some configurations happens regularly from a cron\nscript.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 2.2.6-5.1.
\nFor the old stable distribution (potato) this problem has been\nfixed in version 2.2.6-0.potato.5.1.
\nFor the unstable distribution (sid) this problem have been fixed in\nversion 2.2.6-7.
\nWe recommend that you upgrade your IMP packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
MD5 checksums of the listed files are available in the revised advisory.\n
\n\n\nThe security update for proftpd-dfsg in DSA-1727-1 caused a regression\nwith the postgresql backend. This update corrects the flaw. Also it was\ndiscovered that the oldstable distribution (etch) is not affected by the\nsecurity issues. For reference the original advisory follows.
\nTwo SQL injection vulnerabilities have been found in proftpd, a\nvirtual-hosting FTP daemon. The Common Vulnerabilities and Exposures\nproject identifies the following problems:
\nShino discovered that proftpd is prone to an SQL injection vulnerability\n\tvia the use of certain characters in the username.
TJ Saunders discovered that proftpd is prone to an SQL injection\n\tvulnerability due to insufficient escaping mechanisms, when multybite\n\tcharacter encodings are used.
The oldstable distribution (etch) is not affected by these problems.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.3.1-17lenny2.
\nFor the testing distribution (squeeze), these problems will be fixed\nsoon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.2-1.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nA set of buffer overflow problems have been found in hanterm, a Hangul\nterminal for X11 derived from xterm, that will read and display Korean\ncharacters in its terminal window. The font handling code in hanterm\nuses hard limited string variables but didn't check for boundaries.
\nThis problem can be exploited by a malicious user to gain access to\nthe utmp group which is able to write the wtmp and utmp files. These\nfiles record login and logout activities.
\nThis problem has been fixed in version 3.3.1p17-5.2 for the stable\nDebian distribution. A fixed package for the current testing/unstable\ndistribution is not yet available but will have a version number\nhigher than 3.3.1p18-6.1.
\nWe recommend that you upgrade your hanterm packages immediately if you\nhave them installed. Known exploits are already available.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nThis update for the Iceape internet suite, an unbranded version of\nSeamonkey, updates the certificate blacklist for several fraudulent\nHTTPS certificates.
\nMore details can be found in a blog posting by Jacob Appelbaum of the Tor project.\n
\nThe oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-4.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.13-1.
\nWe recommend that you upgrade your iceape packages.
\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u2.
\nWe recommend that you upgrade your libxml2 packages.
\nTwo SQL injection vulnerabilities were discovered in cacti, a web\ninterface for graphing of monitoring systems. Specially crafted input\ncan be used by an attacker in parameters of the graphs_new.php script to\nexecute arbitrary SQL commands on the database.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 0.8.8a+dfsg-5+deb7u8.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.8.8b+dfsg-8+deb8u4.
\nFor the testing distribution (stretch), these problems have been fixed\nin version 0.8.8f+ds1-4.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8f+ds1-4.
\nWe recommend that you upgrade your cacti packages.
\nIt has been discovered that tkmail creates temporary files insecurely.\nExploiting this an attacker with local access can easily create and\noverwrite files as another user.
\nThis problem has been fixed in version 4.0beta9-8.1 for the current\nstable distribution (woody), in version 4.0beta9-4.1 for the old\nstable distribution (potato) and in version 4.0beta9-9 for the\nunstable distribution (sid).
\nWe recommend that you upgrade your tkmail packages.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\nMichal Kowalczyk and Adam Chester discovered that missing input\nsanitising in the foomatic-rip print filter might result in the\nexecution of arbitrary commands.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 4.0.17-1+deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.0.17-5+deb8u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.17-7.
\nWe recommend that you upgrade your foomatic-filters packages.
\nSeveral integer overflows, buffer overflows and memory allocation\nerrors were discovered in the Poppler PDF rendering library, which may\nlead to denial of service or the execution of arbitrary code if a user\nis tricked into opening a malformed PDF document.
\nAn update for the old stable distribution (etch) will be issued soon as\nversion 0.4.5-5.1etch4.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-3.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your poppler packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nTwo vulnerabilities were discovered in OpenSSH, an implementation of the\nSSH protocol suite. The Common Vulnerabilities and Exposures project\nidentifies the following problems:
\nJann Horn discovered that OpenSSH incorrectly handled wildcards in\n AcceptEnv lines. A remote attacker could use this issue to trick\n OpenSSH into accepting any environment variable that contains the\n characters before the wildcard character.
Matthew Vernon reported that if a SSH server offers a\n HostCertificate that the ssh client doesn't accept, then the client\n doesn't check the DNS for SSHFP records. As a consequence a\n malicious server can disable SSHFP-checking by presenting a\n certificate.
\nNote that a host verification prompt is still displayed before\n connecting.
For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:5.5p1-6+squeeze5.
\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:6.0p1-4+deb7u1.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:6.6p1-1.
\nWe recommend that you upgrade your openssh packages.
\nMultiple vulnerabilities have been found in OpenSSL. The Common\nVulnerabilities and Exposures project identifies the following issues:
\nIvan Nestlerode discovered a weakness in the CMS and PKCS #7\n\timplementations that could allow an attacker to decrypt data\n\tvia a Million Message Attack (MMA).
It was discovered that a NULL pointer could be dereferenced\n\twhen parsing certain S/MIME messages, leading to denial of\n\tservice.
Tavis Ormandy, Google Security Team, discovered a vulnerability\n\tin the way DER-encoded ASN.1 data is parsed that can result in\n\ta heap overflow.
Additionally, the fix for CVE-2011-4619 has been updated to address an\nissue with SGC handshakes.
\n\nTomas Hoger, Red Hat, discovered that the fix for\nCVE-2012-2110\nfor the 0.9.8 series of OpenSSL was incomplete. It has been assigned the\nCVE-2012-2131\nidentifier.\n
\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.9.8o-4squeeze12.
\nFor the testing distribution (wheezy), these problems will be fixed soon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1a-1.
\nWe recommend that you upgrade your openssl packages.
\nIt was discovered that otrs2, the Open Ticket Request System, does not\nproperly sanitise user-supplied data that is used on SQL queries. An\nattacker with a valid agent login could exploit this issue to craft SQL\nqueries by injecting arbitrary SQL code through manipulated URLs.
\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.4.9+dfsg1-3+squeeze4. This update also provides fixes for\nCVE-2012-4751, CVE-2013-2625 and CVE-2013-4088, which were all fixed for\nstable already.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.7+dfsg1-8+deb7u3.
\nFor the testing distribution (jessie), this problem has been fixed in\nversion 3.2.9-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.9-1.
\nWe recommend that you upgrade your otrs2 packages.
\nKevin Kofler discovered several stack-based buffer overflows in the\nLookupTRM::lookup function in libtunepimp, a MusicBrainz tagging\nlibrary, which allows remote attackers to cause a denial of service or\nexecute arbitrary code.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.3.0-3sarge2.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.4.2-4.
\nWe recommend that you upgrade your libtunepimp packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that the Key Distribution Center (KDC) in Kerberos 5\ncrashes when processing certain crafted requests:
\nWhen the LDAP backend is used, remote users can trigger\n\ta KDC daemon crash and denial of service.
When the LDAP or Berkeley DB backend is used, remote users\n\tcan trigger a NULL pointer dereference in the KDC daemon\n\tand a denial of service.
The oldstable distribution (lenny) is not affected by these problems.
\nFor the stable distribution (squeeze), these problems have been fixed\nin version 1.8.3+dfsg-4squeeze5.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.10+dfsg~alpha1-1.
\nWe recommend that you upgrade your krb5 packages.
\nA problem has been discovered in the typespeed, a game that lets you\nmeasure your typematic speed. By overflowing a buffer a local\nattacker could execute arbitrary commands under the group id games.
\nFor the current stable distribution (woody) this problem has been\nfixed in version 0.4.1-2.1.
\nFor the old stable distribution (potato) this problem has been fixed\nin version 0.4.0-5.1.
\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.4.2-2.
\nWe recommend that you upgrade your typespeed package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\ntelnetd
package version\n0.16-4potato1, which is shipped with\nthe \"stable\" (2.2, potato) distribution of Debian GNU/Linux, is vulnerable to an\nexploitable overflow in its output handling.\n\nThe original bug was found by <scut@nb.in-berlin.de>, and announced to\nbugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were\nnot believed to be vulnerable.\n
\nOn Aug 10 2001, zen-parse posted an advisory based on the same problem, for\nall netkit-telnet versions below 0.17.\n
\nMore details can be found on http://online.securityfocus.com/archive/1/203000.\nAs Debian uses the `telnetd' user to run in.telnetd
, this is not a remote\nroot compromise on Debian systems; however, the user `telnetd' can be compromised.\n
We strongly advise you update your telnetd
package to the versions\nlisted below.\n
MD5 checksums of the listed files are available in the original advisory.\n
\n\n\nSeveral vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware.
\nQinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash).
Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw\n in the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash), or\n potentially to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the e1000 NIC emulation. A privileged guest user could use this flaw\n to mount a denial of service (QEMU process crash).
Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE\n subsystem in QEMU occurring while executing IDE's\n WIN_READ_NATIVE_MAX command to determine the maximum size of a\n drive. A privileged guest user could use this flaw to mount a\n denial of service (QEMU process crash).
For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6+deb7u11.
\nWe recommend that you upgrade your qemu-kvm packages.
\nMoritz Naumann discovered that IMP 4, a webmail component for the Horde\nframework, is prone to cross-site scripting attacks by a lack of input\nsanitising of certain Fetchmail information.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 4.2-4lenny3.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.3.7+debian0-2.1, which was already included in the squeeze\nrelease.
\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.3.7+debian0-2.1.
\nWe recommend that you upgrade your imp4 packages.
\nTony Finch and Marco Davids reported an assertion failure in BIND, a\nDNS server implementation, which causes the server process to\nterminate. This denial-of-service vulnerability is related to a\ndefect in the processing of responses with DNAME records from\nauthoritative servers and primarily affects recursive resolvers.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u8.
\nWe recommend that you upgrade your bind9 packages.
\nMatthew Daley discovered a memory disclosure vulnerability in nginx. In\nprevious versions of this web server, an attacker can receive the content of\npreviously freed memory if an upstream server returned a specially crafted HTTP\nresponse, potentially exposing sensitive information.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.7.67-3+squeeze2.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.17-1.
\nWe recommend that you upgrade your nginx packages.
\nThis update disables the Graphite font shaping library in Iceweasel,\nDebian's version of the Mozilla Firefox web browser.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 38.7.1esr-1~deb7u1.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 38.7.1esr-1~deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 45.0.1esr-1 of the firefox-esr source package.
\nWe recommend that you upgrade your iceweasel packages.
\nThis update for the Network Security Service libraries marks several\nfraudulent HTTPS certificates as unstrusted.
\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.12.3.1-0lenny4.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.12.8-1+squeeze1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.12.9.with.ckbi.1.82-1.
\nWe recommend that you upgrade your nss packages.
\nHolger Fuhrmannek discovered that missing input sanitising in the\nGraphite font rendering engine could result in the execution of arbitrary\ncode.
\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 38.6.1esr-1~deb7u1.
\nFor the stable distribution (jessie), this problem has been fixed in\nversion 38.6.1esr-1~deb8u1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 44.0-1.
\nWe recommend that you upgrade your iceweasel packages.
\nA design flaw (CVE-2010-4345)\nin exim4 allowed the local Debian-exim user to obtain root privileges by\nspecifying an alternate configuration file using the -C option or by using the\nmacro override facility (-D option). Unfortunately, fixing this vulnerability\nis not possible without some changes in exim4's behaviour. If you use the -C\nor -D options or use the system filter facility, you should evaluate\nthe changes carefully and adjust your configuration accordingly. The\nDebian default configuration is not affected by the changes.
\nThe detailed list of changes is described in the NEWS.Debian file in\nthe packages. The relevant sections are also reproduced below.
\nIn addition to that, missing error handling for the setuid/setgid\nsystem calls allowed the Debian-exim user to cause root to append log data to\narbitrary files (CVE-2011-0017).
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 4.69-9+lenny3.
\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problem have been fixed in version 4.72-4.
\nExcerpt from the NEWS.Debian file from the packages exim4-daemon-light\nand exim4-daemon-heavy:
\n\n\nExim versions up to and including 4.72 are vulnerable to\nCVE-2010-4345. This is a privilege escalation issue that allows the\nexim user to gain root privileges by specifying an alternate\nconfiguration file using the -C option. The macro override facility\n(-D) might also be misused for this purpose.\n\nIn reaction to this security vulnerability upstream has made a number\nof user visible changes. This package includes these changes.\n\nIf exim is invoked with the -C or -D option the daemon will not regain\nroot privileges though re-execution. This is usually necessary for\nlocal delivery, though. Therefore it is generally not possible anymore\nto run an exim daemon with -D or -C options.\n\nHowever this version of exim has been built with\nTRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST\ndefines a list of configuration files which are trusted; if a config\nfile is owned by root and matches a pathname in the list, then it may\nbe invoked by the Exim build-time user without Exim relinquishing root\nprivileges.\n\nAs a hotfix to not break existing installations of mailscanner we have\nalso set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to\nstart exim with -DOUTGOING while being able to do local deliveries.\n\nIf you previously were using -D switches you will need to change your\nsetup to use a separate configuration file. The \".include\" mechanism\nmakes this easy.\n\nThe system filter is run as exim_user instead of root by default. If\nyour setup requies root privileges when running the system filter you\nwill need to set the system_filter_user exim main configuration\noption.\n\n
Pierre Kim discovered two vulnerabilities in the restful API of Ganeti,\na virtual server cluster management tool. SSL parameter negotiation\ncould result in denial of service and the DRBD secret could leak.
\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.5.2-1+deb7u1.
\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.12.4-1+deb8u2.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.15.2-1.
\nWe recommend that you upgrade your ganeti packages.
\nintrigeri discovered a format string error in pidgin-otr, an Off-the-Record\nMessaging plugin for Pidgin.
\nThis could be exploited by a remote attacker to cause arbitrary code to\nbe executed on the user's machine.
\nThe problem is only in pidgin-otr. Other applications which use libotr are\nnot affected.
\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.0-5+squeeze1.
\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.2.1-1.
\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.1-1.
\nWe recommend that you upgrade your pidgin-otr packages.
\nJason Duell discovered that cscope, a source code browsing tool, does not\nverify the length of file names sourced in include statements, which may\npotentially lead to the execution of arbitrary code through specially\ncrafted source code files.
\nFor the old stable distribution (woody) this problem has been fixed in\nversion 15.3-1woody3.
\nFor the stable distribution (sarge) this problem has been fixed in\nversion 15.5-1.1sarge1.
\nFor the unstable distribution (sid) this problem will be fixed soon.
\nWe recommend that you upgrade your cscope package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nFlorian Weimer of the Red Hat product security team discovered multiple\nbuffer overflows in jbigkit, which could lead to the execution of\narbitrary code when processing malformed images.
\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.0-2+deb7u1.
\nFor the unstable distribution (sid), this problem will be fixed soon.
\nWe recommend that you upgrade your jbigkit packages.
\nKim Nielsen recently found an internal problem with the CVS server and\nreported it to the vuln-dev mailing list. The problem is triggered by\nan improperly initialized global variable. A user exploiting this can\ncrash the CVS server, which may be accessed through the pserver\nservice and running under a remote user id. It is not yet clear if\nthe remote account can be exposed, though.
\nThis problem has been fixed in version 1.10.7-9 for the stable Debian\ndistribution with help of Niels Heinen and in versions newer\nthan 1.11.1p1debian-3 for the\ntesting and unstable distribution of Debian (not yet uploaded,\nthough).
\nWe recommend that you upgrade your CVS package.
\nMD5 checksums of the listed files are available in the original advisory.\n
\n\n\n\"infamous41md\" discovered three buffer overflow errors in the xfig\nimport code of dia, a diagram editor, that can lead to the execution\nof arbitrary code.
\nFor the old stable distribution (woody) these problems have been fixed in\nversion 0.88.1-3woody1.
\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.94.0-7sarge3.
\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.94.0-18.
\nWe recommend that you upgrade your dia package.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nSeveral issues in the browser engine have been discovered, which can\nresult in the execution of arbitrary code. (MFSA 2009-24)
It is possible to execute arbitrary code via vectors involving \"double\nframe construction.\" (MFSA 2009-24)
Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript\nengine, which could lead to the execution of arbitrary code.\n(MFSA 2009-24)
Pavel Cvrcek discovered a potential issue leading to a spoofing attack\non the location bar related to certain invalid unicode characters.\n(MFSA 2009-25)
Gregory Fleischer discovered that it is possible to read arbitrary\ncookies via a crafted HTML document. (MFSA 2009-26)
Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential\nman-in-the-middle attack, when using a proxy due to insufficient checks\non a certain proxy response. (MFSA 2009-27)
Jakob Balle and Carsten Eiram reported a race condition in the\nNPObjWrapper_NewResolve function that can be used to execute arbitrary\ncode. (MFSA 2009-28)
moz_bug_r_a4 discovered that it is possible to execute arbitrary\nJavaScript with chrome privileges due to an error in the\ngarbage-collection implementation. (MFSA 2009-29)
Adam Barth and Collin Jackson reported a potential privilege escalation\nwhen loading a file::resource via the location bar. (MFSA 2009-30)
Wladimir Palant discovered that it is possible to bypass access\nrestrictions due to a lack of content policy check, when loading a\nscript file into a XUL document. (MFSA 2009-31)
moz_bug_r_a4 reported that it is possible for scripts from page content\nto run with elevated privileges and thus potentially executing arbitrary\ncode with the object's chrome privileges. (MFSA 2009-32)
For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.11-0lenny1.
\nAs indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.
\nFor the testing distribution (squeeze), these problems will be fixed\nsoon.
\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.11-1.
\nWe recommend that you upgrade your xulrunner packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nIt was discovered that otrs2, the Open Ticket Request System, does not\nproperly sanitise input data that is used on SQL queries, which might be\nused to inject arbitrary SQL to, for example, escalate privileges on a\nsystem that uses otrs2.
\nThe oldstable distribution (etch) is not affected.
\nFor the stable distribution (lenny), the problem has been fixed in\nversion 2.2.7-2lenny3.
\nFor the testing distribution (squeeze), the problem will be fixed soon.
\nFor the unstable distribution (sid), the problem has been fixed in\nversion 2.4.7-1.
\nWe recommend that you upgrade your otrs2 packages.
\nMD5 checksums of the listed files are available in the original advisory.
\n\n\n\nSeveral vulnerabilities have been discovered in the OpenOffice.org office\nsuite. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:
\nIt was discovered that macro security settings were insufficiently\n enforced for VBA macros.
It was discovered that the W3C XML Signature recommendation\n contains a protocol-level vulnerability related to HMAC output\n truncation. This also affects the integrated libxmlsec library.
Sebastian Apelt discovered that an integer overflow in the XPM\n import code may lead to the execution of arbitrary code.
Sebastian Apelt and Frank Reissner discovered that a buffer\n overflow in the GIF import code may lead to the execution of\n arbitrary code.
Nicolas Joly discovered multiple vulnerabilities in the parser for\n Word document files, which may lead to the execution of arbitrary\n code.
For the old stable distribution (etch), these problems have been fixed in\nversion 2.0.4.dfsg.2-7etch9.
\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:2.4.1+dfsg-1+lenny6.
\nFor the unstable distribution (sid), these problems will be fixed soon.
\nWe recommend that you upgrade your openoffice.org packages.
\n