The OVAL Repository
5.5
2015-09-03T07:27:19.391-04:00
DSA-1802 squirrelmail -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
squirrelmail
Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following problems: Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data. Code injection was possible when SquirrelMail was configured to use the map_yp_alias function to authenticate users. This is not the default. It was possible to hijack an active user session by planting a specially crafted cookie into the user's browser. Specially crafted HTML emails could use the CSS positioning feature to place email content over the SquirrelMail user interface, allowing for phishing.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1762 icu -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
icu
It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to crossite scripting attacks.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1892 dovecot -- buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
dovecot
It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1734 opensc -- programming error
Debian GNU/Linux 5.0
opensc
B.Badrignans discovered that OpenSC, a set of smart card utilities, could store private data on a smart card without proper access restrictions. Only blank cards initialised with OpenSC are affected by this problem. This update only improves creating new private data objects, but cards already initialised with such private data objects need to be modified to repair the access control conditions on such cards. Instructions for a variety of situations can be found at the OpenSC web site: http://www.opensc-project.org/security.html The old stable distribution (etch) is not affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1749 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry. Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem. David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1736 mahara -- insufficient input sanitising
Debian GNU/Linux 5.0
mahara
It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting attacks, which allows the injection of arbitrary Java or HTML code. The old stable distribution (etch) does not contain mahara.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1737 wesnoth -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
wesnoth
Several security issues have been discovered in wesnoth, a fantasy turn-based strategy game. The Common Vulnerabilities and Exposures project identifies the following problems: Daniel Franke discovered that the wesnoth server is prone to a denial of service attack when receiving special crafted compressed data. Daniel Franke discovered that the sandbox implementation for the python AIs can be used to execute arbitrary python code on wesnoth clients. In order to prevent this issue, the python support has been disabled. A compatibility patch was included, so that the affected campagne is still working properly.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1898 openswan -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openswan
It was discovered that the pluto daemon in openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1895 xmltooling -- several vulnerabilities
Debian GNU/Linux 5.0
xmltooling
Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth: Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution). Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignores key usage constraints. This minor issue also needs a correction in the opensaml2 packages, which will be provided in an upcoming stable point release (and, before that, via stable-proposed-updates).
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1743 libtk-img -- buffer overflows
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libtk-img
Two buffer overflows have been found in the GIF image parsing code of Tk, a cross-platform graphical toolkit, which could lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that libtk-img is prone to a buffer overflow via specially crafted multi-frame interlaced GIF files. It was discovered that libtk-img is prone to a buffer overflow via specially crafted GIF files with certain subimage sizes.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1807 cyrus-sasl2, cyrus-sasl2-heimdal -- buffer overflow
Debian GNU/Linux 5.0
cyrus-sasl2
cyrus-sasl2-heimdal
James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution. Important notice (Quoting from US-CERT): While this patch will fix currently vulnerable code, it can cause non-vulnerable existing code to break. Here's a function prototype from include/saslutil.h to clarify my explanation: Assume a scenario where calling code has been written in such a way that it calculates the exact size required for base64 encoding in advance, then allocates a buffer of that exact size, passing a pointer to the buffer into sasl_encode64() as *out. As long as this code does not anticipate that the buffer is NUL-terminated (does not call any string-handling functions like strlen(), for example) the code will work and it will not be vulnerable. Once this patch is applied, that same code will break because sasl_encode64() will begin to return SASL_BUFOVER.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1805 pidgin -- several vulnerabilities
Debian GNU/Linux 5.0
pidgin
Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems: A buffer overflow in the Jabber file transfer code may lead to denial of service or the execution of arbitrary code. Memory corruption in an internal library may lead to denial of service. The patch provided for the security issue tracked as CVE-2008-2927 - integer overflows in the MSN protocol handler - was found to be incomplete. The old stable distribution (etch) is affected under the source package name gaim. However, due to build problems the updated packages couldn't be released along with the stable version. It will be released once the build problem is resolved.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1850 libmodplug -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libmodplug
Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that libmodplug is prone to an integer overflow when processing a MED file with a crafted song comment or song name. It was discovered that libmodplug is prone to a buffer overflow in the PATinst function, when processing a long instrument name.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1800 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a sensitive memory leak. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. Roland McGrath discovered an issue on amd64 kernels with CONFIG_SECCOMP enabled. By making a specially crafted syscall, local users can bypass access restrictions. Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters. Igor Zhbanov reported that nfsd was not properly dropping CAP_MKNOD, allowing users to create device nodes on file systems exported with root_squash. Dan Carpenter reported a coding issue in the selinux subsystem that allows local users to bypass certain networking checks when running with compat_net=1. Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialised memory. Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops. Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialised kernel memory that may contain sensitive data. Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach processes outside of the current process namespace. Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1852 fetchmail -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
fetchmail
It was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the subjectAltName or Common Name fields. Note, as a fetchmail user you should always use strict certificate validation through either these option combinations: sslcertck ssl sslproto ssl3 (for service on SSL-wrapped ports) or sslcertck sslproto tls1 (for STARTTLS-based services)
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1803 nsd, nsd3 -- buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
nsd
nsd3
Ilja van Sprundel discovered that a buffer overflow in NSD, an authoritative name service daemon, allowed to crash the server by sending a crafted packet, creating a denial of service.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1935 gnutls13 gnutls26 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gnutls13
gnutls26
Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a "\0" character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. (CVE-2009-2730) In addition, with this update, certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptographically secure. It only affects the oldstable distribution (etch).(CVE-2009-2409)
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1894 newt -- buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
newt
Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to a buffer overflow in the content processing code, which can lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1890 wxwindows2.4 wxwidgets2.6 wxwidgets2.8 -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
wxwindows2.4
wxwidgets2.6
wxwidgets2.8
Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1851 gst-plugins-bad0.10 -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gst-plugins-bad0.10
It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1779 apt -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apt
Two vulnerabilities have been discovered in APT, the well-known dpkg frontend. The Common Vulnerabilities and Exposures project identifies the following problems: In time zones where daylight savings time occurs at midnight, the apt cron.daily script fails, stopping new security updates from being applied automatically. A repository that has been signed with an expired or revoked OpenPGP key would still be considered valid by APT.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1741 psi -- integer overflow
Debian GNU/Linux 5.0
psi
Jesus Olmos Gonzalez discovered that an integer overflow in the PSI Jabber client may lead to remote denial of service. The old stable distribution (etch) is not affected.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1817 ctorrent -- stack-based buffer overflow
Debian GNU/Linux 5.0
ctorrent
Michael Brooks discovered that ctorrent, a text-mode bittorrent client, does not verify the length of file paths in torrent files. An attacker can exploit this via a crafted torrent that contains a long file path to execute arbitrary code with the rights of the user opening the file. The oldstable distribution (etch) does not contain ctorrent.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1891 changetrack -- shell command execution
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
changetrack
Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1771 clamav -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
clamav
Several vulnerabilities have been discovered in the ClamAV anti-virus toolkit: Attackers can cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. Attackers can cause a denial of service (infinite loop) via a crafted tar file that causes (1) clamd and (2) clamscan to hang. (no CVE Id yet) Attackers can cause a denial of service (crash) via a crafted EXE file that crashes the UPack unpacker.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1806 cscope -- buffer overflows
Debian GNU/Linux 5.0
cscope
Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1725 websvn -- programming error
Debian GNU/Linux 5.0
websvn
Bas van Schaik discovered that WebSVN, a tool to view Subversion repositories over the web, did not properly restrict access to private repositories, allowing a remote attacker to read significant parts of their content. The old stable distribution (etch) is not affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1933 cups -- missing input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
cups
Aaron Siegel discovered that the web interface of cups, the Common UNIX Printing System, is prone to cross-site scripting attacks.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1936 libgd2 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libgd2
Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: Kees Cook discovered a buffer overflow in libgd2's font renderer. An attacker could cause denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. This issue only affects the oldstable distribution (etch). Tomas Hoger discovered a boundary error in the "_gdGetColors()" function. An attacker could conduct a buffer overflow or buffer over-read attacks via a crafted GD file.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1784 freetype -- integer overflows
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
freetype
Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1932 pidgin -- programming error
Debian GNU/Linux 5.0
pidgin
It was discovered that incorrect pointer handling in the purple library, an internal component of the multi-protocol instant messaging client Pidgin, could lead to denial of service or the execution of arbitrary code through malformed contact requests.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1772 udev -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
udev
Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon. udev does not check the origin of NETLINK messages, allowing local users to gain root privileges. udev suffers from a buffer overflow condition in path encoding, potentially allowing arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1938 php-mail -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
php-mail
It was discovered that php-mail, a PHP PEAR module for sending email, has insufficient input sanitising, which might be used to obtain sensitive data from the system that uses php-mail.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1740 yaws -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
yaws
It was discovered that yaws, a high performance HTTP 1.1 webserver, is prone to a denial of service attack via a request with a large HTTP header.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1858 imagemagick -- multiple vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
imagemagick
Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable (etch). Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable (etch). Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1739 mldonkey -- path traversal
Debian GNU/Linux 5.0
mldonkey
It has been discovered that mldonkey, a client for several P2P networks, allows attackers to download arbitrary files using crafted requests to the HTTP console. The old stable distribution (etch) is not affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1934 apache2 -- multiple issues
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apache2
A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate): As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1825 nagios2, nagios3 -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
nagios2
nagios3
It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1812 apr-util -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apr-util
Apr-util, the Apache Portable Runtime Utility library, is used by Apache 2.x, Subversion, and other applications. Two denial of service vulnerabilities have been found in apr-util: "kcope" discovered a flaw in the handling of internal XML entities in the apr_xml_* interface that can be exploited to use all available memory. This denial of service can be triggered remotely in the Apache mod_dav and mod_dav_svn modules. (No CVE id yet) Matthew Palmer discovered an underflow flaw in the apr_strmatch_precompile function that can be exploited to cause a daemon crash. The vulnerability can be triggered (1) remotely in mod_dav_svn for Apache if the "SVNMasterURI" directive is in use, (2) remotely in mod_apreq2 for Apache or other applications using libapreq2, or (3) locally in Apache by a crafted ".htaccess" file. Other exploit paths in other applications using apr-util may exist. If you use Apache, or if you use svnserver in standalone mode, you need to restart the services after you upgraded the libaprutil1 package. The oldstable distribution (etch), these problems have been fixed in version 1.2.7+dfsg-2+etch2.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1767 multipath-tools -- insecure file permissions
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
multipath-tools
It was discovered that multipathd of multipath-tools, a tool-chain to manage disk multipath device maps, uses insecure permissions on its unix domain control socket which enables local attackers to issue commands to multipathd prevent access to storage devices or corrupt file system data.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1764 tunapie -- several vulnerabilities
Debian GNU/Linux 5.0
tunapie
Several vulnerabilities have been discovered in Tunapie, a GUI frontend to video and radio streams. The Common Vulnerabilities and Exposures project identifies the following problems: Kees Cook discovered that insecure handling of temporary files may lead to local denial of service through symlink attacks. Mike Coleman discovered that insufficient escaping of stream URLs may lead to the execution of arbitrary commands if a user is tricked into opening a malformed stream URL.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1774 ejabberd -- insufficient input sanitising
Debian GNU/Linux 5.0
ejabberd
It was discovered that ejabberd, a distributed, fault-tolerant Jabber/XMPP server, does not sufficiently sanitise MUC logs, allowing remote attackers to perform cross-site scripting (XSS) attacks. The oldstable distribution (etch) is not affected by this issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1924 mahara -- several vulnerabilities
Debian GNU/Linux 5.0
mahara
Two vulnerabilities have been discovered in mahara, an electronic portfolio, weblog, and resume builder. The Common Vulnerabilities and Exposures project identifies the following problems: Ruslan Kabalin discovered a issue with resetting passwords, which could lead to a privilege escalation of an institutional administrator account. Sven Vetsch discovered a cross-site scripting vulnerability via the resume fields.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1766 krb5 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
krb5
Several vulnerabilities have been found in the MIT reference implementation of Kerberos V5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identified the following problems: The Apple Product Security team discovered that the SPNEGO GSS-API mechanism suffers of a missing bounds check when reading a network input buffer which results in an invalid read crashing the application or possibly leaking information. Under certain conditions the SPNEGO GSS-API mechanism references a null pointer which crashes the application using the library. An incorrect length check inside the ASN.1 decoder of the MIT krb5 implementation allows an unauthenticated remote attacker to crash of the kinit or KDC program. Under certain conditions the ASN.1 decoder of the MIT krb5 implementation frees an uninitialised pointer which could lead to denial of service and possibly arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1828 ocsinventory-agent -- insecure module search path
Debian GNU/Linux 5.0
ocsinventory-agent
It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system. The oldstable distribution (etch) does not contain ocsinventory-agent.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1931 nspr -- several vulnerabilities
Debian GNU/Linux 5.0
nspr
Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: A programming error in the string handling code may lead to the execution of arbitrary code. An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. The old stable distribution (etch) doesn't contain nspr.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1827 ipplan -- insufficient input sanitising
Debian GNU/Linux 5.0
ipplan
It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks. The oldstable distribution (etch) does not contain ipplan.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1853 memcached -- heap-based buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
memcached
Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached (on etch with root privileges).
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1789 php5 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
php5
Several remote vulnerabilities have been discovered in the PHP5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems. The following four vulnerabilities have already been fixed in the stable (lenny) version of php5 prior to the release of lenny. This update now addresses them for etch (oldstable) as well: The GENERATE_SEED macro has several problems that make predicting generated random numbers easier, facilitating attacks against measures that use rand() or mt_rand() as part of a protection. A buffer overflow in the mbstring extension allows attackers to execute arbitrary code via a crafted string containing an HTML entity. The page_uid and page_gid variables are not correctly set, allowing use of some functionality intended to be restricted to root. Directory traversal vulnerability in the ZipArchive::extractTo function allows attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. This update also addresses the following three vulnerabilities for both oldstable (etch) and stable (lenny): Cross-site scripting (XSS) vulnerability, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML. When running on Apache, PHP allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. The JSON_parser function allows a denial of service (segmentation fault) via a malformed string to the json_decode API function. Furthermore, two updates originally scheduled for the next point update for oldstable are included in the etch package: Let PHP use the system timezone database instead of the embedded timezone database which is out of date. From the source tarball, the unused "dbase" module has been removed which contained licensing problems.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1911 pygresql -- missing escape function
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
pygresql
It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new function is called pg_escape_string(), which takes the database connection as a first argument. The old function escape_string() has been preserved as well for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1854 apr, apr-util -- heap buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apr
apr-util
Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations. This could cause the library to return a memory area, which smaller than requested, resulting a heap overflow and possibly arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1873 xulrunner -- programming error
Debian GNU/Linux 5.0
xulrunner
Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. Xulrunner is no longer supported for the old stable distribution (etch).
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1855 subversion -- heap overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
subversion
Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1808 drupal6 -- insufficient input sanitising
Debian GNU/Linux 5.0
drupal6
Markus Petrux discovered a cross-site scripting vulnerability in the taxonomy module of drupal6, a fully-featured content management framework. It is also possible that certain browsers using the UTF-7 encoding are vulnerable to a different cross-site scripting vulnerability.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1866 kdegraphics -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
kdegraphics
Two security issues have been discovered in kdegraphics, the graphics apps from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the KSVG animation element implementation suffers from a null pointer dereference flaw, which could lead to the execution of arbitrary code. It was discovered that the KSVG animation element implementation is prone to a use-after-free flaw, which could lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1859 libxml2 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libxml2
Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1870 pidgin -- insufficient input validation
Debian GNU/Linux 5.0
pidgin
Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN. The first packet is used to create an SLP message object with an offset of zero, the second packet then contains a crafted offset, which hits the vulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376, and allows an attacker to execute arbitrary code. Note: Users with the "Allow only the users below" setting are not vulnerable to this attack. If you can't install the below updates you may want to set this via Tools->Privacy.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1897 horde3 -- insufficient input sanitisation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
horde3
Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1823 samba -- several vulnerabilities
Debian GNU/Linux 5.0
samba
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server. The Common Vulnerabilities and Exposures project identifies the following problems: The smbclient utility contains a formatstring vulnerability where commands dealing with file names treat user input as format strings to asprintf. In the smbd daemon, if a user is trying to modify an access control list (ACL) and is denied permission, this deny may be overridden if the parameter "dos filemode" is set to "yes" in the smb.conf and the user already has write access to the file. The old stable distribution (etch) is not affected by these problems.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1920 nginx -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
nginx
A denial of service vulnerability has been found in nginx, a small and efficient web server. Jasson Bell discovered that a remote attacker could cause a denial of service (segmentation fault) by sending a crafted request.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1874 nss -- several vulnerabilities
Debian GNU/Linux 5.0
nss
Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptographically secure. The old stable distribution (etch) doesn't contain nss.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1776 slurm-llnl -- programming error
Debian GNU/Linux 5.0
slurm-llnl
It was discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster job management and scheduling system, did not drop the supplemental groups. These groups may be system groups with elevated privileges, which may allow a valid SLURM user to gain elevated privileges. The old stable distribution (etch) does not contain a slurm-llnl package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1747 glib2.0 -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
glib2.0
Diego Pettenograve discovered that glib2.0, the GLib library of C routines, handles large strings insecurely via its Base64 encoding functions. This could possible lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1818 gforge -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gforge
Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to conduct cross-site scripting attacks.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1777 git-core -- file permission error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
git-core
Peter Palfrader discovered that in the Git revision control system, on some architectures files under /usr/share/git-core/templates/ were owned by a non-root user. This allows a user with that uid on the local system to write to these files and possibly escalate their privileges. This issue only affects the DEC Alpha and MIPS (big and little endian) architectures.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1856 mantis -- information leak
Debian GNU/Linux 5.0
mantis
It was discovered that the Debian Mantis package, a web based bug tracking system, installed the database credentials in a file with world-readable permissions onto the local filesystem. This allows local users to acquire the credentials used to control the Mantis database. This updated package corrects this problem for new installations and will carefully try to update existing ones. Administrators can check the permissions of the file /etc/mantis/config_db.php to see if they are safe for their environment. The old stable distribution (etch) does not contain a mantis package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1786 acpid -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
acpid
It was discovered that acpid, a daemon for delivering ACPI events, is prone to a denial of service attack by opening a large number of UNIX sockets, which are not closed properly.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1867 kdelibs -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
kdelibs
Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1809 linux-2.6 -- denial of service, privilege escalation
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. Jan Beulich discovered an issue in Xen where local guest users may cause a denial of service (oops). This update also fixes a regression introduced by the fix for CVE-2009-1184 in 2.6.26-15lenny3. This prevents a boot time panic on systems with SELinux enabled.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1811 cups, cupsys -- null ptr dereference
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
cups
cupsys
Anibal Sacco discovered that cups, a general printing system for UNIX systems, suffers from null pointer dereference because of its handling of two consecutive IPP packets with certain tag attributes that are treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers to perform denial of service attacks by crashing the cups daemon.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1871 wordpress -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
wordpress
Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks. It was discovered that remote attackers had the ability to trigger an application upgrade, which could lead to a denial of service attack. It was discovered that wordpress lacks authentication checks in the plugin configuration, which might leak sensitive information. It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions. It was discovered that the administrator interface is prone to a cross-site scripting attack. It was discovered that remote attackers can gain privileges via certain direct requests. It was discovered that the _bad_protocol_once function in KSES, as used by wordpress, allows remote attackers to perform cross-site scripting attacks. It was discovered that wordpress lacks certain checks around user information, which could be used by attackers to change the password of a user. It was discovered that the get_category_template function is prone to a directory traversal vulnerability, which could lead to the execution of arbitrary code. It was discovered that the _httpsrequest function in the embedded snoopy version is prone to the execution of arbitrary commands via shell metacharacters in https URLs. It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1821 amule -- insufficient input sanitising
Debian GNU/Linux 5.0
amule
Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player. The oldstable distribution (etch) is not affected by this issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1937 gforge -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gforge
It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. The oldstable distribution (etch), these problems have been fixed in version 4.5.14-22etch12.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1833 dhcp3 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
dhcp3
Several remote vulnerabilities have been discovered in ISC's DHCP implementation: It was discovered that dhclient does not properly handle overlong subnet mask options, leading to a stack-based buffer overflow and possible arbitrary code execution. Christoph Biedl discovered that the DHCP server may terminate when receiving certain well-formed DHCP requests, provided that the server configuration mixes host definitions using "dhcp-client-identifier" and "hardware ethernet". This vulnerability only affects the lenny versions of dhcp3-server and dhcp3-server-ldap.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1804 ipsec-tools -- null pointer dereference, memory leaks
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ipsec-tools
Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the following problems: Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets that contain no payload. This results in the daemon crashing which can be used for denial of service attacks. Various memory leaks in the X.509 certificate authentication handling and the NAT-Traversal keepalive implementation can result in memory exhaustion and thus denial of service.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1899 strongswan -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
strongswan
Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems: The charon daemon can crash when processing certain crafted IKEv2 packets. (The old stable distribution (etch) was not affected by these two problems because it lacks IKEv2 support.) The pluto daemon could crash when processing a crafted X.509 certificate.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1815 libtorrent-rasterbar -- programming error
Debian GNU/Linux 5.0
libtorrent-rasterbar
It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files. The old stable distribution (etch) doesn't include libtorrent-rasterbar.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1921 expat -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
expat
Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1836 fckeditor -- missing input sanitising
Debian GNU/Linux 5.0
fckeditor
Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code. The old stable distribution (etch) doesn't contain fckeditor.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1801 ntp -- buffer overflows
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ntp
Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems: A buffer overflow in ntpq allow a remote NTP server to create a denial of service attack or to execute arbitrary code via a crafted response. A buffer overflow in ntpd allows a remote attacker to create a denial of service attack or to execute arbitrary code when the autokey functionality is enabled.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1763 openssl -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openssl
It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1769 openjdk-6 -- several vulnerabilities
Debian GNU/Linux 5.0
openjdk-6
Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference, leading to denial of service (CVE-2009-0793). The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1830 icedove -- several vulnerabilities
Debian GNU/Linux 5.0
icedove
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10) It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01) It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01) Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalised domain names. (MFSA 2009-15) Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07) The layout engine allows the execution of arbitrary code in vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07) The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07) The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07) Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09) The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14) The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14) Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17) The possible arbitrary execution of code was discovered via vectors involving "double frame construction." (MFSA 2009-24) Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. (MFSA 2009-24) Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage collection implementation. (MFSA 2009-29) moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. (MFSA 2009-33)
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1826 eggdrop -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
eggdrop
Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that eggdrop is vulnerable to a buffer overflow, which could result in a remote user executing arbitrary code. The previous DSA (DSA-1448-1) did not fix the issue correctly. It was discovered that eggdrop is vulnerable to a denial of service attack, that allows remote attackers to cause a crash via a crafted PRIVMSG.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1923 libhtml-parser-perl -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libhtml-parser-perl
A denial of service vulnerability has been found in libhtml-parser-perl, a collection of modules to parse HTML in text documents which is used by several other projects like e.g. SpamAssassin. Mark Martinec discovered that the decode_entities() function will get stuck in an infinite loop when parsing certain HTML entities with invalid UTF-8 characters. An attacker can use this to perform denial of service attacks by submitting crafted HTML to an application using this functionality.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1829 sork-passwd-h3 -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
sork-passwd-h3
It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1758 nss-ldapd -- insecure config file creation
Debian GNU/Linux 5.0
nss-ldapd
Leigh James discovered that nss-ldapd, an NSS module for using LDAP as a naming service, by default creates the configuration file /etc/nss-ldapd.conf world-readable which could leak the configured LDAP password if one is used for connecting to the LDAP server. The old stable distribution (etch) doesn't contain nss-ldapd.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1813 evolution-data-server -- Several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
evolution-data-server
Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1886 iceweasel -- several vulnerabilities
Debian GNU/Linux 5.0
iceweasel
Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: "moz_bug_r_a4" discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1880 openoffice.org -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openoffice.org
Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in an integer underflow that may lead to heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo. This vulnerability does not exist in the packages for oldstable, testing and unstable.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1760 openswan -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openswan
Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux. The Common Vulnerabilities and Exposures project identifies the following problems: Dmitry E. Oboukhov discovered that the livetest tool is using temporary files insecurely, which could lead to a denial of service attack. Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone to a denial of service attack via a malicious packet.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1814 libsndfile -- heap-based buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libsndfile
Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data. The Common Vulnerabilities and Exposures project identified the following problems: Tobias Klein discovered that the VOC parsing routines suffer of a heap-based buffer overflow which can be triggered by an attacker via a crafted VOC header. The vendor discovered that the AIFF parsing routines suffer of a heap-based buffer overflow similar to CVE-2009-1788 which can be triggered by an attacker via a crafted AIFF header. In both cases the overflowing data is not completely attacker controlled but still leads to application crashes or under some circumstances might still lead to arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1896 opensaml, shibboleth-sp -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
opensaml
shibboleth-sp
Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x: Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution). Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignored key usage constraints.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1751 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. Gary Kwong, and Timothee Groleau discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. It was discovered that incorrect memory management in the DOM element handling may lead to the execution of arbitrary code. Georgi Guninski discovered a violation of the same-origin policy through RDFXMLDataSource and cross-domain redirects. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1879 silc-client/silc-toolkit -- several vulnerabilities
Debian GNU/Linux 5.0
silc-client/silc-toolkit
Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services. The Common Vulnerabilities and Exposures project identifies the following problems: An incorrect format string in sscanf() used in the ASN1 encoder to scan an OID value could overwrite a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. On 64-bit architectures this could result in unexpected application behaviour or even code execution in some cases. Various format string vulnerabilities when handling parsed SILC messages allow an attacker to execute arbitrary code with the rights of the victim running the SILC client via crafted nick names or channel names containing format strings. CVE-2008-7160 An incorrect format string in a sscanf() call used in the HTTP server component of silcd could result in overwriting a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. An attacker could exploit this by using crafted Content-Length header values resulting in unexpected application behaviour or even code execution in some cases. silc-server doesn't need an update as it uses the shared library provided by silc-toolkit. silc-client/silc-toolkit in the oldstable distribution (etch) is not affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1862 linux-2.6 -- privilege escalation
Debian GNU/Linux 5.0
linux-2.6
A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem: Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialised in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1727 proftpd-dfsg -- SQL injection vulnerabilities
Debian GNU/Linux 5.0
proftpd-dfsg
Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures project identifies the following problems: Shino discovered that proftpd is prone to an SQL injection vulnerability via the use of certain characters in the username. TJ Saunders discovered that proftpd is prone to an SQL injection vulnerability due to insufficient escaping mechanisms, when multybite character encodings are used.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1773 cups -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
cups
It was discovered that the imagetops filter in cups, the Common UNIX Printing System, is prone to an integer overflow when reading malicious TIFF images.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1910 mysql-ocaml -- missing escape function
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
mysql-ocaml
It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1912 camlimages -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
camlimages
It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. It also expands the patch for CVE-2009-2660 to cover another potential overflow in the processing of JPEG images.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1757 auth2db -- SQL injection
Debian GNU/Linux 5.0
auth2db
It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to an SQL injection vulnerability, when used with multibyte character encodings. The oldstable distribution (etch) doesn't contain auth2db.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1831 djbdns -- programming error
Debian GNU/Linux 5.0
djbdns
Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain Name System server, does not constrain offsets in the required manner, which allows remote attackers with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain. The old stable distribution (etch) does not contain djbdns.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1922 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection() function. "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. Paul Stone discovered that history information from web forms could be stolen.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1913 bugzilla -- SQL injection vulnerability
Debian GNU/Linux 5.0
bugzilla
Max Kanat-Alexander, Bradley Baetz, and Frédéric Buclin discovered an SQL injection vulnerability in the Bug.create WebService function in Bugzilla, a web-based bug tracking system, which allows remote attackers to execute arbitrary SQL commands. The oldstable distribution (etch) isn't affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1849 xml-security-c -- design flaw
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
xml-security-c
It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1918 phpmyadmin -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
phpmyadmin
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. SQL injection vulnerability in the PDF schema generator functionality allows remote attackers to execute arbitrary SQL commands. This issue does not apply to the version in Debian 4.0 Etch. Additionally, extra fortification has been added for the web based setup.php script. Although the shipped web server configuration should ensure that this script is protected, in practice this turned out not always to be the case. The config.inc.php file is not writable anymore by the webserver user. See README.Debian for details on how to enable the setup.php script if and when you need it.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1876 dnsmasq -- buffer overflow
Debian GNU/Linux 5.0
dnsmasq
Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq. The Common Vulnerabilities and Exposures project identifies the following problems: A buffer overflow in TFTP processing may enable arbitrary code execution to attackers which are permitted to use the TFTP service. Malicious TFTP clients may crash dnsmasq, leading to denial of service. The old stable distribution is not affected by these problems.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1796 libwmf -- pointer use-after-free
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libwmf
Tavis Ormandy discovered that the embedded GD library copy in libwmf, a library to parse windows metafiles (WMF), makes use of a pointer after it was already freed. An attacker using a crafted WMF file can cause a denial of service or possibly the execute arbitrary code via applications using this library.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1761 moodle -- missing input sanitisation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
moodle
Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn't affect installations that only use the mimetex environment.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1919 smarty -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
smarty
Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1904 wget -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
wget
Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using HTTP(S) and FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1837 dbus -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
dbus
It was discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for DSA-1658-1.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1759 strongswan -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
strongswan
Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an IPSec implementation for linux, is prone to a denial of service attack via a malicious packet.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1877 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
mysql-dfsg-5.0
In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1742 libsndfile -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libsndfile
Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1943 openldap openldap2.3 -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openldap
openldap2.3
It was discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a "\0" character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1756 xulrunner -- multiple vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. Note that after installing these updates, you will need to restart any packages using xulrunner, typically iceweasel or epiphany. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1908 samba -- several vulnerabilities
Debian GNU/Linux 5.0
samba
Several vulnerabilities have been discovered in samba, an implementation of the SMB/CIFS protocol for Unix systems, providing support for cross-platform file and printer sharing with other operating systems and more. The Common Vulnerabilities and Exposures project identifies the following problems: The mount.cifs utility is missing proper checks for file permissions when used in verbose mode. This allows local users to partly disclose the content of arbitrary files by specifying the file as credentials file and attempting to mount a samba share. A reply to an oplock break notification which samba doesn't expect could lead to the service getting stuck in an infinite loop. An attacker can use this to perform denial of service attacks via a specially crafted SMB request. A lack of error handling in case no home directory was configured/specified for the user could lead to file disclosure. In case the automated [homes] share is enabled or an explicit share is created with that username, samba fails to enforce sharing restrictions which results in an attacker being able to access the file system from the root directory.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1940 php5 -- multiple issues
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
php5
Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: The following issues have been fixed in both the stable (lenny) and the oldstable (etch) distributions: CVE-2009-2687, CVE-2009-3292. The exif module did not properly handle malformed jpeg files, allowing an attacker to cause a segfault, resulting in a denial of service. The php_openssl_apply_verification_policy() function did not properly perform certificate validation. Bogdan Calin discovered that a remote attacker could cause a denial of service by uploading a large number of files in using multipart/ form-data requests, causing the creation of a large number of temporary files. To address this issue, the max_file_uploads option introduced in PHP 5.3.1 has been backported. This option limits the maximum number of files uploaded per request. The default value for this new option is 50. See NEWS.Debian for more information. The following issue has been fixed in the stable (lenny) distribution: A flaw in the ini_restore() function could lead to a memory disclosure, possibly leading to the disclosure of sensitive data. In the oldstable (etch) distribution, this update also fixes a regression introduced by the fix for CVE-2008-5658 in DSA-1789-1 (bug #527560).
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1791 moin -- insufficient input sanitising
Debian GNU/Linux 5.0
moin
It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks when renaming attachements or performing other sub-actions. The oldstable distribution (etch) is not vulnerable.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1893 cyrus-imapd-2.2 kolab-cyrus-imapd -- buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
cyrus-imapd-2.2
kolab-cyrus-imapd
It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1783 mysql-dfsg-5.0 -- multiple vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
mysql-dfsg-5.0
Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application. The Common Vulnerabilities and Exposures project identifies the following two problems: Kay Roepke reported that the MySQL server would not properly handle an empty bit-string literal in an SQL statement, allowing an authenticated remote attacker to cause a denial of service (a crash) in mysqld. This issue affects the oldstable distribution (etch), but not the stable distribution (lenny). Thomas Henlich reported that the MySQL commandline client application did not encode HTML special characters when run in HTML output mode (that is, "mysql --html ..."). This could potentially lead to cross-site scripting or unintended script privilege escalation if the resulting output is viewed in a browser or incorporated into a web site.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1799 qemu -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
qemu
Several vulnerabilities have been discovered in the QEMU processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: Ian Jackson discovered that range checks of file operations on emulated disk devices were insufficiently enforced. It was discovered that an error in the format auto detection of removable media could lead to the disclosure of files in the host system. A buffer overflow has been found in the emulation of the Cirrus graphics adaptor.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1820 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. (MFSA 2009-24) It is possible to execute arbitrary code via vectors involving "double frame construction." (MFSA 2009-24) Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. (MFSA 2009-24) Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. (MFSA 2009-25) Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. (MFSA 2009-26) Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) Jakob Balle and Carsten Eiram reported a race condition in the NPObjWrapper_NewResolve function that can be used to execute arbitrary code. (MFSA 2009-28) moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. (MFSA 2009-29) Adam Barth and Collin Jackson reported a potential privilege escalation when loading a file::resource via the location bar. (MFSA 2009-30) Wladimir Palant discovered that it is possible to bypass access restrictions due to a lack of content policy check, when loading a script file into a XUL document. (MFSA 2009-31) moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32)
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1914 mapserver -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
mapserver
Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: Missing input validation on a user supplied map queryfile name can be used by an attacker to check for the existence of a specific file by using the queryfile GET parameter and checking for differences in error messages. A lack of file type verification when parsing a map file can lead to partial disclosure of content from arbitrary files through parser error messages. Due to missing input validation when saving map files under certain conditions it is possible to perform directory traversal attacks and to create arbitrary files. NOTE: Unless the attacker is able to create directories in the image path or there is already a readable directory this doesn't affect installations on Linux as the fopen() syscall will fail in case a sub path is not readable. It was discovered that mapserver is vulnerable to a stack-based buffer overflow when processing certain GET parameters. An attacker can use this to execute arbitrary code on the server via crafted id parameters. An integer overflow leading to a heap-based buffer overflow when processing the Content-Length header of an HTTP request can be used by an attacker to execute arbitrary code via crafted POST requests containing negative Content-Length values. An integer overflow when processing HTTP requests can lead to a heap-based buffer overflow. An attacker can use this to execute arbitrary code either via crafted Content-Length values or large HTTP request. This is partly because of an incomplete fix for CVE-2009-0840.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1841 git-core -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
git-core
It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1793 kdegraphics -- multiple vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
kdegraphics
kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to "g*allocn." The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialised memory. The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. Multiple "input validation flaws" in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. The old stable distribution (etch), these problems have been fixed in version 4:3.5.5-3etch3.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1842 openexr -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openexr
Several vulnerabilities have been discovered in the OpenEXR image library, which can lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered integer overflows in the preview and compression code. Drew Yao discovered that an uninitialised pointer could be freed in the decompression code. A buffer overflow was discovered in the compression code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1875 ikiwiki -- missing input sanitising
Debian GNU/Linux 5.0
ikiwiki
Josh Triplett discovered that the blacklist for potentially harmful TeX code of the teximg module of the Ikiwiki wiki compiler was incomplete, resulting in information disclosure. The old stable distribution (etch) is not affected.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1792 drupal6 -- multiple vulnerabilities
Debian GNU/Linux 5.0
drupal6
Multiple vulnerabilities have been discovered in drupal, a web content management system. The Common Vulnerabilities and Exposures project identifies the following problems: pod.Edge discovered a cross-site scripting vulnerability due that can be triggered when some browsers interpret UTF-8 strings as UTF-7 if they appear before the generated HTML document defines its Content-Type. This allows a malicious user to execute arbitrary javascript in the context of the web site if they're allowed to post content. Moritz Naumann discovered an information disclosure vulnerability. If a user is tricked into visiting the site via a specially crafted URL and then submits a form (such as the search box) from that page, the information in their form submission may be directed to a third-party site determined by the URL and thus disclosed to the third party. The third party site may then execute a cross-site request forgery attack against the submitted form. The old stable distribution (etch) does not contain drupal and is not affected.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1944 request-tracker3.4 request-tracker3.6 -- session hijack
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
request-tracker3.4
request-tracker3.6
Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user's RT session.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1860 ruby1.8, ruby1.9 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ruby1.8
ruby1.9
Several vulnerabilities have been discovered in Ruby. The Common Vulnerabilities and Exposures project identifies the following problems: The return value from the OCSP_basic_verify function was not checked properly, allowing continued use of a revoked certificate. An issue in parsing BigDecimal numbers can result in a denial-of-service condition (crash). The following matrix identifies fixed versions: We recommend that you upgrade your Ruby packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1781 ffmpeg-debian -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ffmpeg-debian
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that watching a malformed 4X movie file could lead to the execution of arbitrary code. It was discovered that using a crafted STR file can lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1857 camlimages -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
camlimages
Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of JPEG and GIF Images, while DSA 1832-1 addressed the issue with PNG images.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1840 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake Kaplan discovered several issues in the browser engine that could potentially lead to the execution of arbitrary code. (MFSA 2009-34) monarch2020 reported an integer overflow in a base64 decoding function. (MFSA 2009-34) Christophe Charron reported a possibly exploitable crash occuring when multiple RDF files were loaded in a XUL tree element. (MFSA 2009-34) Yongqian Li reported that an unsafe memory condition could be created by specially crafted document. (MFSA 2009-34) Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book discovered several issues in the JavaScript engine that could possibly lead to the execution of arbitrary JavaScript. (MFSA 2009-34) Attila Suszter discovered an issue related to a specially crafted Flash object, which could be used to run arbitrary code. (MFSA 2009-35) PenPal discovered that it is possible to execute arbitrary code via a specially crafted SVG element. (MFSA 2009-37) Blake Kaplan discovered a flaw in the JavaScript engine that might allow an attacker to execute arbitrary JavaScript with chrome privileges. (MFSA 2009-39) moz_bug_r_a4 discovered an issue in the JavaScript engine that could be used to perform cross-site scripting attacks. (MFSA 2009-40)
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1832 camlimages -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
camlimages
Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1900 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
postgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4
Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. (The old stable distribution (etch) is not affected by this issue.) Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. (The old stable distribution (etch) is not affected by this issue.) In addition, this update contains reliability improvements which do not target security issues.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1843 squid3 -- several vulnerabilities
Debian GNU/Linux 5.0
squid3
It was discovered that squid3, a high-performance proxy caching server for web clients, is prone to several denial of service attacks. Due to incorrect bounds checking and insufficient validation while processing response and request data an attacker is able to crash the squid daemon via crafted requests or responses. The squid package in the oldstable distribution (etch) is not affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1810 libapache-mod-jk -- information disclosure
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libapache-mod-jk
An information disclosure flaw was found in mod_jk, the Tomcat Connector module for Apache. If a buggy client included the "Content-Length" header without providing request body data, or if a client sent repeated requests very quickly, one client could obtain a response intended for another client. The oldstable distribution (etch), this problem has been fixed in version 1:1.2.18-3etch2.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1847 bind9 -- improper assert
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
bind9
It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1822 mahara -- insufficient input sanitization
Debian GNU/Linux 5.0
mahara
It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users. The oldstable distribution (etch) does not contain mahara.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1746 ghostscript -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ghostscript
Two security issues have been discovered in ghostscript, the GPL Ghostscript PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems: Jan Lieskovsky discovered multiple integer overflows in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images. Jan Lieskovsky discovered insufficient upper-bounds checks on certain variable sizes in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1744 weechat -- missing input sanitisation
Debian GNU/Linux 5.0
weechat
Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients via a crafted PRIVMSG command. The weechat version in the oldstable distribution (etch) is not affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1755 systemtap -- race condition
Debian GNU/Linux 5.0
systemtap
Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an instrumentation system for Linux 2.6, allows local privilege escalation for members of the stapusr group. The old stable distribution (etch) isn't affected.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1885 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. Carsten Book and "Taral" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn't informative enough, which might allow social engineering attacks. It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1887 rails -- missing input sanitising
Debian GNU/Linux 5.0
rails
Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1907 kvm -- several vulnerabilities
Debian GNU/Linux 5.0
kvm
Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. The oldstable distribution (etch) does not contain kvm.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1882 xapian-omega -- missing input sanitisation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
xapian-omega
It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1790 xpdf -- multiple vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
xpdf
Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialised memory. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1926 typo3-src -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
typo3-src
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: The Backend subcomponent allows remote authenticated users to determine an encryption key via crafted input to a form field. Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent allow remote authenticated users to inject arbitrary web script or HTML. The Backend subcomponent allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters. The Backend subcomponent, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent allows remote authenticated users to execute arbitrary SQL commands. Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script. Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent allows remote attackers to inject arbitrary web script or HTML. The Install Tool subcomponent allows remote attackers to gain access by using only the password's md5 hash as a credential. Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent allows remote attackers to inject arbitrary web script or HTML.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1768 openafs -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openafs
Two vulnerabilities were discovered in the client part of OpenAFS, a distributed file system. An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to a vulnerability in XDR array decoding. An attacker with control of a file server or the ability to forge RX packets may crash OpenAFS clients because of wrongly handled error return codes in the kernel module. Note that in order to apply this security update, you must rebuild the OpenAFS kernel module. Be sure to also upgrade openafs-modules-source, build a new kernel module for your system following the instructions in /usr/share/doc/openafs-client/README.modules.gz, and then either stop and restart openafs-client or reboot the system to reload the kernel module.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1925 proftpd-dfsg -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
proftpd-dfsg
It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1738 curl -- arbitrary file access
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
curl
David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to expose local files, overwrite local files or even execute arbitrary code via a malicious URL redirect. This update introduces a new option called CURLOPT_REDIR_PROTOCOLS which by default does not include the scp and file protocol handlers.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1884 nginx -- buffer underflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
nginx
Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1838 pulseaudio -- privilege escalation
Debian GNU/Linux 5.0
pulseaudio
Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges. The old stable distribution (etch) is not affected by this issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1927 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. Additional information about this change, including instructions for making this change locally in advance of 5.0.4 (recommended), can be found at: http://wiki.debian.org/mmap_min_addr. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Eric Dumazet reported an instance of uninitialized kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. Linus Torvalds provided a change to the get_random_int() function to increase its randomness. Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. Jiri Pirko discovered a typo in the initialization of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. Ben Hutchings discovered an issue in the DRM manager for ATI Rage 128 graphics adapters. Local users may be able to exploit this vulnerability to cause a denial of service (NULL pointer dereference). Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service (system hang). David Wagner reported an overflow in the KVM subsystem on i386 systems. This issue is exploitable by local users with access to the /dev/kvm device file.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1915 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. Additional information about this change, including instructions for making this change locally in advance of 5.0.4 (recommended), can be found at: http://wiki.debian.org/mmap_min_addr. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp "N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service (kernel oops) by causing a dentry value to go negative. Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt() can result in a denial of service (kernel oops). Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations. Local users can exploit these issues to gain access to kernel memory. Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1909 postgresql-ocaml -- missing escape function
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
postgresql-ocaml
It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's libpq, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called escape_string_conn() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1848 znc -- directory traversal
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
znc
It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2019 pango1.0 -- missing input sanitisation
Debian GNU/Linux 5.0
pango1.0
Marc Schoenefeld discovered an improper input sanitisation in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service .
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1728 dkim-milter -- improper assertion
Debian GNU/Linux 5.0
dkim-milter
It was discovered that dkim-milter, an implementation of the DomainKeys Identified Mail protocol, may crash during DKIM verification if it encounters a specially-crafted or revoked public key record in DNS. The old stable distribution (etch) does not contain dkim-milter packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1834 apache2 -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apache2
A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch". A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed. The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch9.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2033 ejabberd -- heap overflow
Debian GNU/Linux 5.0
ejabberd
It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2s.erl allows remote authenticated users to cause a denial of service by sending a large number of c2s messages; that triggers an overload of the queue, which in turn causes a crash of the ejabberd daemon.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1942 wireshark -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
wireshark
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: A NULL pointer dereference was found in the RADIUS dissector. A NULL pointer dereference was found in the DCERP/NT dissector. An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues (CVE-2008-1829, CVE-2009-2562, CVE-2009-3241), which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1752 webcit -- format string vulnerability
Debian GNU/Linux 5.0
webcit
Wilfried Goesgens discovered that WebCit, the web-based user interface for the Citadel groupware system, contains a format string vulnerability in the mini_calendar component, possibly allowing arbitrary code execution (CVE-2009-0364).
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1824 phpmyadmin -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
phpmyadmin
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Cross site scripting vulnerability in the export page allow for an attacker that can place crafted cookies with the user to inject arbitrary web script or HTML. Static code injection allows for a remote attacker to inject arbitrary code into phpMyAdmin via the setup.php script. This script is in Debian under normal circumstances protected via Apache authentication. However, because of a recent worm based on this exploit, we are patching it regardless, to also protect installations that somehow still expose the setup.php script.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1963 unbound -- cryptographic implementation error
Debian GNU/Linux 5.0
unbound
It was discovered that Unbound, a DNS resolver, does not properly check cryptographic signatures on NSEC3 records. As a result, zones signed with the NSEC3 variant of DNSSEC lose their cryptographic protection. The old stable distribution does not contain an unbound package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2014 moin -- several vulnerabilities
Debian GNU/Linux 5.0
moin
Several vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. MoinMoin does not properly sanitise user profiles. The default configuration of cfg.packagepages_actions_excluded in MoinMoin does not prevent unsafe package actions. In addition, this update fixes an error when processing hierarchical ACLs, which can be exploited to access restricted sub-pages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1955 network-manager/network-manager-applet -- information disclosure
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
network-manager/network-manager-applet
It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information. If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf file, then please make sure that you merge the changes from this fix when asked during upgrade.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1795 ldns -- buffer overflow
Debian GNU/Linux 5.0
ldns
Stefan Kaltenbrunner discovered that ldns, a library and set of utilities to facilitate DNS programming, did not correctly implement a buffer boundary check in its RR DNS record parser. This weakness could enable overflow of a heap buffer if a maliciously-crafted record is parsed, potentially allowing the execution of arbitrary code. The scope of compromise will vary with the context in which ldns is used, and could present either a local or remote attack vector. The old stable distribution (etch) is not affected by this issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1993 otrs2 -- sql injection
Debian GNU/Linux 5.0
otrs2
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2. The oldstable distribution is not affected.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1785 wireshark -- several vulnerabilities
Debian GNU/Linux 5.0
wireshark
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: A format string vulnerability was discovered in the PROFINET dissector. The dissector for the Check Point High-Availability Protocol could be forced to crash. Malformed Tektronix files could lead to a crash. The old stable distribution (etch), is only affected by the CPHAP crash, which doesn't warrant an update on its own. The fix will be queued up for an upcoming security update or a point release.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1868 kde4libs -- several vulnerabilities
Debian GNU/Linux 5.0
kde4libs
Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. The oldstable distribution (etch) does not contain kde4libs.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1835 tiff -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
tiff
Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1945 gforge -- symlink attack
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gforge
Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. The oldstable distribution (etch), this problem has been fixed in version 4.5.14-22etch13.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2037 kdebase -- race condition
Debian GNU/Linux 5.0
kdebase
Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment's KDM display manager, allow a local user to elevate privileges to root.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2004 samba -- several vulnerabilities
Debian GNU/Linux 5.0
samba
Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points. Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1888 openssl, openssl097 -- cryptographic weakness
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openssl
openssl097
Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they're no longer considered cryptographically secure.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1974 gzip -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gzip
Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems: Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version. Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1889 icu -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
icu
It was discovered that the ICU unicode library performed incorrect processing of invalid multibyte sequences, resulting in potential bypass of security mechanisms.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1903 graphicsmagick -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
graphicsmagick
Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1958 libtool -- privilege escalation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libtool
It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1996 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Joseph Malicki reported that the dbg_lvl sysfs attribute for the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings. Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service on a system connected to the same wireless network. Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service or obtain elevated privileges. Gleb Natapov discovered issues in the KVM subsystem where missing permission checks permit a user in a guest system to denial of service a guest or gain escalated privileges with the guest. Mathias Krause reported an issue with the load_elf_binary code on the amd64 flavor kernels that allows local users to cause a denial of service. Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service of the host system. Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service. Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service or gain access to sensitive kernel memory.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1726 python-crypto -- buffer overflow
Debian GNU/Linux 5.0
python-crypto
Mike Wiacek discovered that a buffer overflow in the ARC2 implementation of Python Crypto, a collection of cryptographic algorithms and protocols for Python allows denial of service and potentially the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1999 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2020 ikiwiki -- insufficient input sanitisation
Debian GNU/Linux 5.0
ikiwiki
Ivan Shmakov discovered that the htmlscrubber component of ikwiki, a wiki compiler, performs insufficient input sanitisation on data:image/svg+xml URIs. As these can contain script code this can be used by an attacker to conduct cross-site scripting attacks.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1839 gst-plugins-good0.10 -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gst-plugins-good0.10
It has been discovered that gst-plugins-good0.10, the GStreamer plugins from the "good" set, are prone to an integer overflow, when processing a large PNG file. This could lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1969 krb5 -- integer underflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
krb5
It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2022 mediawiki -- several vulnerabilities
Debian GNU/Linux 5.0
mediawiki
Several vulnerabilities have been discovered in mediawiki, a web-based wiki engine. The following issues have been identified: Insufficient input sanitisation in the CSS validation code allows editors to display external images in wiki pages. This can be a privacy concern on public wikis as it allows attackers to gather IP addresses and other information by linking these images to a web server under their control. Insufficient permission checks have been found in thump.php which can lead to disclosure of image files that are restricted to certain users .
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2002 polipo -- denial of service
Debian GNU/Linux 5.0
polipo
Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: A malicous remote sever could cause polipo to crash by sending an invalid Cache-Control header. A malicous client could cause polipo to crash by sending a large Content-Length value. This upgrade also fixes some other bugs that could lead to a daemon crash or an infinite loop and may be triggerable remotely.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1863 zope2.10/zope2.9 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
zope2.10/zope2.9
Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identified the following problems: Due to a programming error an authorisation method in the StorageServer component of ZEO was not used as an internal method. This allows a malicious client to bypass authentication when connecting to a ZEO server by simply calling this authorisation method. The ZEO server doesn't restrict the callables when unpickling data received from a malicious client which can be used by an attacker to execute arbitrary python code on the server by sending certain exception pickles. This also allows an attacker to import any importable module as ZEO is importing the module containing a callable specified in a pickle to test for a certain flag. The update also limits the number of new object ids a client can request to 100 as it would be possible to consume huge amounts of resources by requesting a big batch of new object ids. No CVE id has been assigned to this. The oldstable distribution (etch), this problem has been fixed in version 2.9.6-4etch2 of zope2.9.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2027 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code. It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code. Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation. It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1788 quagga -- improper assertion
Debian GNU/Linux 5.0
quagga
It was discovered that Quagga, an IP routing daemon, could no longer process the Internet routing table due to broken handling of multiple 4-byte AS numbers in an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure, leading to a denial of service. The old stable distribution (etch) is not affected by this issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1745 lcms -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
lcms
Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. Chris Evans discovered the lack of upper-bounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2043 vlc -- integer overflow
Debian GNU/Linux 5.0
vlc
tixxDZ discovered a vulnerability in vlc, the multimedia player and streamer. Missing data validation in vlc's real data transport implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code. No Common Vulnerabilities and Exposures project identifier is available for this issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2036 jasper -- programming error
Debian GNU/Linux 5.0
jasper
It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption. Besides addressing this vulnerability, this updates also addresses a regression introduced in the security fix for CVE-2008-3521, applied before Debian Lenny's release, that could cause errors when reading some JPEG input files.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1730 proftpd-dfsg -- SQL injection vulnerabilities
Debian GNU/Linux 5.0
proftpd-dfsg
The security update for proftpd-dfsg in DSA-1727-1 caused a regression with the postgresql backend. This update corrects the flaw. Also it was discovered that the oldstable distribution (etch) is not affected by the security issues. For reference the original advisory follows. Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures project identifies the following problems: Shino discovered that proftpd is prone to an SQL injection vulnerability via the use of certain characters in the username. TJ Saunders discovered that proftpd is prone to an SQL injection vulnerability due to insufficient escaping mechanisms, when multybite character encodings are used. The oldstable distribution (etch) is not affected by these problems.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Jerome Athias
INTERIM
Sergey Artykhov
ACCEPTED
ACCEPTED
DSA-1948 ntp -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ntp
Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets. An unexpected NTP mode 7 packet with spoofed IP data can lead ntpd to reply with a mode 7 response to the spoofed address. This may result in the service playing packet ping-pong with other ntp servers or even itself which causes CPU usage and excessive disk use due to logging. An attacker can use this to conduct denial of service attacks.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2001 php5 -- multiple vulnerabilities
Debian GNU/Linux 5.0
php5
Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: The htmlspecialchars function does not properly handle invalid multi-byte sequences. Memory corruption via session interruption. In the stable distribution , this update also includes bug fixes that were to be included in a stable point release as version 5.2.6.dfsg.1-1+lenny5.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1754 roundup -- insufficient access checks
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
roundup
It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorised ways, including granting themselves admin rights. This update introduces stricter access checks, actually enforcing the configured permissions and roles. This means that the configuration may need updating. In addition, user registration via the web interface has been disabled; use the program "roundup-admin" from the command line instead.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1941 poppler -- several vulnerabilities
Debian GNU/Linux 5.0
poppler
Several integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document. An update for the old stable distribution (etch) will be issued soon as version 0.4.5-5.1etch4.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1939 libvorbis -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libvorbis
Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1930 drupal6 -- several vulnerabilities
Debian GNU/Linux 5.0
drupal6
Several vulnerabilities have been found in drupal6, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: Gerhard Killesreiter discovered a flaw in the way user signatures are handled. It is possible for a user to inject arbitrary code via a crafted user signature. (SA-CORE-2009-007) Mark Piper, Sven Herrmann and Brandon Knight discovered a cross-site scripting issue in the forum module, which could be exploited via the tid parameter. (SA-CORE-2009-007) Sumit Datta discovered that certain drupal6 pages leak sensitive information such as user credentials. (SA-CORE-2009-007) Several design flaws in the OpenID module have been fixed, which could lead to cross-site request forgeries or privilege escalations. Also, the file upload function does not process all extensions properly leading to the possible execution of arbitrary code. (SA-CORE-2009-008) The oldstable distribution (etch) does not contain drupal6.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1961 bind9 -- DNS cache poisoning
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
bind9
Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Note that this update contains an internal ABI change, which means that all BIND-related packages must be updated at the same time. In the unlikely event that you have compiled your own software against libdns, you must recompile this programs, too.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1960 acpid -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
acpid
It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution creates its log file with weak permissions, which might expose sensitive information or might be abused by a local user to consume all free disk space on the same partition of the file.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1991 squid/squid3 -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
squid/squid3
Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: Bastian Blank discovered that it is possible to cause a denial of service via a crafted auth header with certain comma delimiters. Tomas Hoger discovered that it is possible to cause a denial of service via invalid DNS header-only packets.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1992 chrony -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
chrony
Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563. The Common Vulnerabilities and Exposures project identifies the following problems: chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorised hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions. The client logging facility of chronyd doesn’t limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion. chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorised hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2012 linux-2.6 -- privilege escalation/denial of service
Debian GNU/Linux 5.0
linux-2.6
Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets. This allows local users to manipulate settings for uvesafb devices which are normally reserved for privileged users. Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service. This update also includes fixes for regressions introduced by previous updates. See the referenced Debian bug pages for details.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1984 libxerces2-java -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libxerces2-java
It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1778 mahara -- insufficient input sanitization
Debian GNU/Linux 5.0
mahara
It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting (XSS) attacks because of missing input sanitization of the introduction text field in user profiles and any text field in a user view. The oldstable distribution (etch) does not contain mahara.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-2015 drbd8 -- privilege escalation
Debian GNU/Linux 5.0
drbd8
A local vulnerability has been discovered in drbd8. Philipp Reisner fixed an issue in the drbd kernel module that allows local users to send netlink packets to perform actions that should be restricted to users with CAP_SYS_ADMIN privileges. This is a similar issue to those described by CVE-2009-3725. This update also fixes an ABI compatibility issue which was introduced by linux-2.6. The prebuilt drbd module packages listed in this advisory require a linux-image package version 2.6.26-21lenny3 or greater.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2034 phpmyadmin -- several vulnerabilities
Debian GNU/Linux 5.0
phpmyadmin
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, with insecure filesystem permissions. phpMyAdmin uses predictable filenames for temporary files, which may lead to a local denial of service attack or privilege escalation. The setup.php script shipped with phpMyAdmin may unserialize untrusted data, allowing for cross site request forgery.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1869 curl -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
curl
It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1816 apache2 -- insufficient security check
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apache2
It was discovered that the Apache web server did not properly handle the "Options=" parameter to the AllowOverride directive: In the stable distribution (lenny), local users could (via .htaccess) enable script execution in Server Side Includes even in configurations where the AllowOverride directive contained only Options=IncludesNoEXEC. In the oldstable distribution (etch), local users could (via .htaccess) enable script execution in Server Side Includes and CGI script execution in configurations where the AllowOverride directive contained any "Options=" value. The oldstable distribution (etch), this problem has been fixed in version 2.2.3-4+etch8.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2041 mediawiki -- Cross-Site Request Forgery
Debian GNU/Linux 5.0
mediawiki
It was discovered that mediawiki, a website engine for collaborative work, is vulnerable to a Cross-Site Request Forgery login attack, which could be used to conduct phishing or similar attacks to users via affected mediawiki installations. Note that the fix used breaks the login API and may require clients using it to be updated.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1846 kvm -- denial of service
Debian GNU/Linux 5.0
kvm
Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1982 hybserv -- denial of service
Debian GNU/Linux 5.0
hybserv
Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1878 devscripts -- missing input sanitation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
devscripts
Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1798 pango1.0 -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
pango1.0
Will Drewry discovered that pango, a system for layout and rendering of internationalised text, is prone to an integer overflow via long glyphstrings. This could cause the execution of arbitrary code when displaying crafted data through an application using the pango library.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1950 webkit -- several vulnerabilities
Debian GNU/Linux 5.0
webkit
Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document that triggers write access to an "offset of a NULL pointer." Use-after-free vulnerability in WebKit, allows remote attackers to execute arbitrary code or cause a denial of service by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." WebKit does not initialise a pointer during handling of a Cascading Style Sheets attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. WebKit does not properly initialise memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. Cross-site scripting vulnerability in Web Inspector in WebKit allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. Cross-site scripting vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. WebKit allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." WebKit does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." WebKit does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. Cross-site scripting vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. WebKit allows remote attackers to cause a denial of service via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2009 tdiary -- insufficient input sanitising
Debian GNU/Linux 5.0
tdiary
It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitising in the TrackBack transmission plugin.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2007 cups -- format string vulnerability
Debian GNU/Linux 5.0
cups
Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf. This works as the lppasswd binary happens to be installed with setuid 0 permissions.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1881 cyrus-imapd-2.2 -- buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
cyrus-imapd-2.2
It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1947 shibboleth-sp, shibboleth-sp2, opensaml2 -- missing input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
shibboleth-sp
shibboleth-sp2
opensaml2
Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1990 trac-git -- shell command injection
Debian GNU/Linux 5.0
trac-git
Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. The old stable distribution does not contain a trac-git package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1949 php-net-ping -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
php-net-ping
It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments or execute arbitrary commands on a system that uses php-net-ping.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2035 apache2 -- multiple issues
Debian GNU/Linux 5.0
apache2
Two issues have been found in the Apache HTTPD web server: mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. A flaw in the core subrequest process code was found, which could lead to a daemon crash or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1968 pdns-recursor -- several vulnerabilities
Debian GNU/Linux 5.0
pdns-recursor
It was discovered that pdns-recursor, the PowerDNS recursive name server, contains several vulnerabilities: A buffer overflow can be exploited to crash the daemon, or potentially execute arbitrary code. A cache poisoning vulnerability may allow attackers to trick the server into serving incorrect DNS data.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1977 python2.4 python2.5 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
python2.4 python2.5
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2010 kvm -- privilege escalation/denial of service
Debian GNU/Linux 5.0
kvm
Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: Gleb Natapov discovered issues in the KVM subsystem where missing permission checks permit a user in a guest system to denial of service a guest or gain escalated privileges with the guest. Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service of the host system. Paolo Bonzini found a bug in KVM that can be used to bypass proper permission checking while loading segment selectors. This potentially allows privileged guest users to execute privileged instructions on the host system.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1987 lighttpd -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
lighttpd
Li Ming discovered that lighttpd, a small and fast webserver with minimal memory footprint, is vulnerable to a denial of service attack due to bad memory handling. Slowly sending very small chunks of request data causes lighttpd to allocate new buffers for each read instead of appending to old ones. An attacker can abuse this behaviour to cause denial of service conditions due to memory exhaustion.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2008 typo3-src -- several vulnerabilities
Debian GNU/Linux 5.0
typo3-src
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. More details can be found in the Typo3 security advisory.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1965 phpldapadmin -- missing input sanitising
Debian GNU/Linux 5.0
phpldapadmin
It was discovered that phpLDAPadmin, a web based interface for administering LDAP servers, doesn’t sanitise an internal variable, which allows remote attackers to include and execute arbitrary local files. The oldstable distribution is not affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1980 ircd-hybrid/ircd-ratbox -- integer underflow/denial of service
Debian GNU/Linux 5.0
ircd-hybrid/ircd-ratbox
David Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code. This issue affects both, ircd-hybrid and ircd-ratbox. It was discovered that the ratbox IRC server is prone to a denial of service attack via the HELP command. The ircd-hybrid package is not vulnerable to this issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2032 libpng -- several vulnerabilities
Debian GNU/Linux 5.0
libpng
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialised bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service via a crafted PNG file
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2030 mahara -- sql injection
Debian GNU/Linux 5.0
mahara
It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-2024 moin -- insufficient input sanitising
Debian GNU/Linux 5.0
moin
Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitise the page name in "Despam" action, allowing remote attackers to perform cross-site scripting attacks. In addition, this update fixes a minor issue in the "textcha" protection, it could be trivially bypassed by blanking the "textcha-question" and "textcha-answer" form fields.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2016 drupal6 -- several vulnerabilities
Debian GNU/Linux 5.0
drupal6
Several vulnerabilities have been discovered in drupal6, a fully-featured content management framework. A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed. The API function drupal_goto is susceptible to a phishing attack. An attacker could formulate a redirect in a way that gets the Drupal site to send the user to an arbitrarily provided URL. No user submitted data will be sent to that URL. Locale module and dependent contributed modules do not sanitise the display of language codes, native and English language names properly. While these usually come from a preselected list, arbitrary administrator input is allowed. This vulnerability is mitigated by the fact that the attacker must have a role with the "administer languages" permission. Under certain circumstances, a user with an open session that is blocked can maintain his/her session on the Drupal site, despite being blocked.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1983 wireshark -- several vulnerabilities
Debian GNU/Linux 5.0
wireshark
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: A NULL pointer dereference was found in the SMB/SMB2 dissectors. Several buffer overflows were found in the LWRES dissector.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1966 horde3 -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
horde3
Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file. It has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. This issue can only be exploited by authenticated administrators. It has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1967 transmission -- directory traversal
Debian GNU/Linux 5.0
transmission
Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol, performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1905 python-django -- insufficient input validation
Debian GNU/Linux 5.0
python-django
The forms library of python-django, a high-level Python web development framework, is using a badly chosen regular expression when validating email addresses and URLs. An attacker can use this to perform denial of service attacks (100% CPU consumption) due to bad backtracking via a specially crafted email address or URL which is validated by the django forms library. python-django in the oldstable distribution (etch), is not affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1956 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: David James discovered that the window.opener property allows Chrome privilege escalation. Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. Takehiro Takahashi discovered that the NTLM implementation is vulnerable to reflection attacks. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1845 linux-2.6 -- denial of service, privilege escalation
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Julien Tinnes and Tavis Ormandy reported an issue in the Linux personality code. Local users can take advantage of a setuid binary that can either be made to dereference a NULL pointer or drop privileges and return control to the user. This allows a user to bypass mmap_min_addr restrictions which can be exploited to execute arbitrary code. Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call. Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility. A local user with permissions to perform an eCryptfs mount may modify the contents of a eCryptfs file, overflowing the stack and potentially gaining elevated privileges.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1957 aria2 -- buffer overflow
Debian GNU/Linux 5.0
aria2
It was discovered that aria2, a high speed download utility, is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code. The oldstable distribution is not affected by this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2000 ffmpeg-debian -- several vulnerabilities
Debian GNU/Linux 5.0
ffmpeg-debian
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer: Various programming errors in container and codec implementations may lead to denial of service or the execution of arbitrary code if the user is tricked into opening a malformed media file or stream. The implementations of the following affected codecs and container formats have been updated:
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1979 lintian -- multiple vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
lintian
Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems" control files were not sanitised before using them in certain operations that could lead to directory traversals. An attacker could exploit these vulnerabilities to overwrite arbitrary files or disclose system information. Multiple check scripts and the Lintian::Schedule module were using user-provided input as part of the sprintf/printf format string. File names were not properly escaped when passing them as arguments to certain commands, allowing the execution of other commands as pipes or as a set of shell commands.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1972 audiofile -- buffer overflow
Debian GNU/Linux 5.0
audiofile
Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile. This flaw could result in a denial of service or possibly execution of arbitrary code via a crafted WAV file. The old stable distribution, this problem will be fixed in version 0.2.6-6+etch1. The packages for the oldstable distribution are not included in this advisory. An update will be released soon.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2018 php5 -- DoS (crash)
Debian GNU/Linux 5.0
php5
Auke van Slooten discovered that PHP 5, an hypertext preprocessor, crashes when processing invalid XML-RPC requests.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2028 xpdf -- multiple vulnerabilities
Debian GNU/Linux 5.0
xpdf
Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format files. The Common Vulnerabilities and Exposures project identifies the following problems: Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document. NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document. Integer overflow in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document. Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1954 cacti -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
cacti
Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that cacti is prone to a denial of service via the graph_height, graph_width, graph_start and graph_end parameters. This issue only affects the oldstable version of cacti. It was discovered that cacti is prone to several cross-site scripting attacks via different vectors. It has been discovered that cacti allows authenticated administrator users to gain access to the host system by executing arbitrary commands via the "Data Input Method" for the "Linux - Get Memory Usage" setting. There is no fix for this issue at this stage. Upstream will implement a whitelist policy to only allow certain "safe" commands. For the moment, we recommend that such access is only given to trusted users and that the options "Data Input" and "User Administration" are otherwise deactivated.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1962 kvm -- several vulnerabilities
Debian GNU/Linux 5.0
kvm
Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered an Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function. This allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function. It was discovered that the handle_dr function in the KVM subsystem does not properly verify the Current Privilege Level before accessing a debug register, which allows guest OS users to cause a denial of service on the host OS via a crafted application. It was discovered that the do_insn_fetch function in the x86 emulator in the KVM subsystem tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service on the host OS via unspecified manipulations related to SMP support.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1951 firefox-sage -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
firefox-sage
It was discovered that firefox-sage, a lightweight RSS and Atom feed reader for Firefox, does not sanitise the RSS feed information correctly, which makes it prone to a cross-site scripting and a cross-domain scripting attack.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2040 squidguard -- buffer overflow
Debian GNU/Linux 5.0
squidguard
It was discovered that in squidguard, a URL redirector/filter/ACL plugin for squid, several problems in src/sgLog.c and src/sgDiv.c allow remote users to either:
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1970 openssl -- denial of service
Debian GNU/Linux 5.0
openssl
It was discovered that a significant memory leak could occur in OpenSSL, related to the reinitialisation of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded. The old stable distribution is not affected by this issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1952 asterisk -- several vulnerabilities, end-of-life announcement in oldstable
Debian GNU/Linux 5.0
asterisk
Several vulnerabilities have been discovered in asterisk, an Open Source PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: It is possible to determine valid login names via probing, due to the IAX2 response from asterisk. It is possible to determine a valid SIP username, when Digest authentication and authalwaysreject are enabled. It is possible to determine a valid SIP username via multiple crafted REGISTER messages. It was discovered that asterisk contains an obsolete copy of the Prototype JavaScript framework, which is vulnerable to several security issues. This copy is unused and now removed from asterisk. It was discovered that it is possible to perform a denial of service attack via RTP comfort noise payload with a long data length. The current version in oldstable is not supported by upstream anymore and is affected by several security issues. Backporting fixes for these and any future issues has become unfeasible and therefore we need to drop our security support for the version in oldstable. We recommend that all asterisk users upgrade to the stable distribution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1988 qt4-x11 -- several vulnerabilities
Debian GNU/Linux 5.0
qt4-x11
Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems: Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document that triggers write access to an "offset of a NULL pointer. Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs. WebKit in qt4-x11 does not initialise a pointer during handling of a Cascading Style Sheets attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD. WebKit in qt4-x11 does not properly initialise memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. WebKit in qt4-x11 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones. WebKit in qt4-x11 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. qt4-x11 does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The oldstable distribution is not affected by these problems.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1797 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks. Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Daniel Veditz discovered that the Content-Disposition: header is ignored within the jar: URI scheme. Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions. Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings. "moz_bug_r_a4" discovered bypasses of the same-origin policy in the XMLHttpRequest Javascript API and the XPCNativeWrapper. Paolo Amadini discovered that incorrect handling of POST data when saving a web site with an embedded frame may lead to information disclosure. It was discovered that Iceweasel allows Refresh: headers to redirect to Javascript URIs, resulting in cross-site scripting.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2011 dpkg -- path traversal
Debian GNU/Linux 5.0
dpkg
William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1995 openoffice.org -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openoffice.org
Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that macro security settings were insufficiently enforced for VBA macros. It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library. Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2017 pulseaudio -- insecure temporary directory
Debian GNU/Linux 5.0
pulseaudio
Dan Rosenberg discovered that the PulseAudio sound server creates a temporary directory with a predictable name. This allows a local attacker to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2039 cacti -- missing input sanitising
Debian GNU/Linux 5.0
cacti
It was discovered that Cacti, a frontend to rrdtool for monitoring systems and services missed input sanitising, making an SQL injection attack possible.
SecPod Team
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1981 maildrop -- privilege escalation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
maildrop
Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2013 egroupware -- several vulnerabilities
Debian GNU/Linux 5.0
egroupware
Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1989 fuse -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
fuse
Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1964 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
postgresql-7.4
postgresql-8.1
postgresql-8.3
Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name. Authenticated database users could elevate their privileges by creating specially-crafted index functions. The following matrix shows fixed source package versions for the respective distributions. In addition to these security fixes, the updates contain reliability improvements and fix other defects. We recommend that you upgrade your PostgreSQL packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1959 ganeti -- missing input sanitation
Debian GNU/Linux 5.0
ganeti
It was discovered that ganeti, a virtual server cluster manager, does not validate the path of scripts passed as arguments to certain commands, which allows local or remote users to execute arbitrary commands on a host acting as a cluster master. The oldstable distribution does not include ganeti.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2026 netpbm-free -- stack-based buffer overflow
Debian GNU/Linux 5.0
netpbm-free
Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities. An attacker could cause a denial of service or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1994 ajaxterm -- weak session IDs
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ajaxterm
It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1998 kdelibs -- buffer overflow
Debian GNU/Linux 5.0
kdelibs
Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2046 phpgroupware -- several vulnerabilities
Debian GNU/Linux 5.0
phpgroupware
Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: A local file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files. Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1997 mysql-dfsg-5.0 -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
mysql-dfsg-5.0
Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service via a crafted statement. Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory. Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow remote attackers to execute arbitrary code or cause a denial of service by establishing an SSL connection and sending an X.509 client certificate with a crafted name field.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1971 libthai -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libthai
Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2044 mplayer -- integer overflow
Debian GNU/Linux 5.0
mplayer
tixxDZ discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer’s real data transport implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code. No Common Vulnerabilities and Exposures project identifier is available for this issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1953 expat -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
expat
Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1973 glibc, eglibc -- information disclosure
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
glibc
eglibc
Christoph Pleger has discovered that the GNU C Library and its derivatives add information from the passwd.adjunct.byname map to entries in the passwd map, which allows local users to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1976 dokuwiki -- several vulnerabilities
Debian GNU/Linux 5.0
dokuwiki
Several vulnerabilities have been discovered in dokuwiki, a standards compliant simple to use wiki. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that an internal variable is not properly sanitised before being used to list directories. This can be exploited to list contents of arbitrary directories. It was discovered that the ACL Manager plugin doesn’t properly check the administrator permissions. This allow an attacker to introduce arbitrary ACL rules and thus gaining access to a closed Wiki. It was discovered that the ACL Manager plugin doesn’t have protections against cross-site request forgeries. This can be exploited to change the access control rules by tricking a logged in administrator into visiting a malicious web site. The oldstable distribution is not affected by these problems.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2029 imlib2 -- several vulnerabilities
Debian GNU/Linux 5.0
imlib2
It was discovered that imlib2, a library to load and process several image formats, did not properly process various image file types. Several heap and stack based buffer overflows - partly due to integer overflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can lead to the execution of arbitrary code via crafted image files.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2031 krb5 -- use-after-free
Debian GNU/Linux 5.0
krb5
Sol Jerome discovered that kadmind service in krb5, a system for authenticating users and services on a network, allows remote authenticated users to cause a denial of service via a request from a kadmin client that sends an invalid API version number.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2021 spamass-milter -- missing input sanitisation
Debian GNU/Linux 5.0
spamass-milter
A missing input sanitisation in spamass-milter, a milter used to filter mail through spamassassin, was discovered. This allows a remote attacker to inject and execute arbitrary shell commands.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1985 sendmail -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
sendmail
It was discovered that sendmail, a Mail Transport Agent, does not properly handle a "\0" character in a Common Name field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2042 iscsitarget -- format string
Debian GNU/Linux 5.0
iscsitarget
Florent Daigniere discovered multiple format string vulnerabilities in Linux SCSI target framework allow remote attackers to cause a denial of service in the ietd daemon. The flaw could be trigger by sending a carefully-crafted Internet Storage Name Service request.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2023 curl -- buffer overflow
Debian GNU/Linux 5.0
curl
Wesley Miaw discovered that libcurl, a multi-protocol file transfer library, is prone to a buffer overflow via the callback function when an application relies on libcurl to automatically uncompress data. Note that this only affects applications that trust libcurl’s maximum limit for a fixed buffer size and do not perform any sanity checks themselves.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2025 icedove -- several vulnerabilities
Debian GNU/Linux 5.0
icedove
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a "\0" character in a domain name in the subject's Common Name field of an X.509 certificate. Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. monarch2020 discovered an integer overflow in a base64 decoding function. Josh Soref discovered a crash in the BinHex decoder. Carsten Book reported a crash in the JavaScript engine. Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1978 phpgroupware -- several vulnerabilities
Debian GNU/Linux 5.0
phpgroupware
Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: An SQL injection vulnerability was found in the authentication module. Multiple directory traversal vulnerabilities were found in the addressbook module. The authentication module is affected by cross-site scripting.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1986 moodle -- several vulnerabilities
Debian GNU/Linux 5.0
moodle
Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple cross-site request forgery vulnerabilities have been discovered. It has been discovered that the LAMS module is prone to the disclosure of user account information. The Glossary module has an insufficient access control mechanism. Moodle does not properly check permissions when the MNET service is enabled, which allows remote authenticated servers to execute arbitrary MNET functions. The login/index_form.html page links to an HTTP page instead of using an SSL secured connection. Moodle stores sensitive data in backup files, which might make it possible for attackers to obtain them. It has been discovered that the SCORM module is prone to an SQL injection. Additionally, an SQL injection in the update_record function, a problem with symbolic links and a verification problem with Glossary, database and forum ratings have been fixed.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2045 libtheora -- integer overflow
Debian GNU/Linux 5.0
libtheora
Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service, and possibly arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2038 pidgin -- several vulnerabilities
Debian GNU/Linux 5.0
pidgin
Several remote vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems: Crafted nicknames in the XMPP protocol can crash Pidgin remotely. Remote contacts may send too many custom smilies, crashing Pidgin. Since a few months, Microsoft’s servers for MSN have changed the protocol, making Pidgin non-functional for use with MSN. It is not feasible to port these changes to the version of Pidgin in Debian Lenny. This update formalises that situation by disabling the protocol in the client. Users of the MSN protocol are advised to use the version of Pidgin in the repositories of www.backports.org.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1750 libpng -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libpng
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1976-1 dokuwiki - several vulnerabilities
Debian GNU/Linux 5.0
dokuwiki
Several vulnerabilities have been discovered in dokuwiki, a standards compliant simple to use wiki.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2031-1 krb5 - denial of service
Debian GNU/Linux 5.0
krb5
Sol Jerome discovered that kadmind service in krb5, a system for authenticating users and services on a network, allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1795-1 ldns - arbitrary code execution
Debian GNU/Linux 5.0
ldns
Stefan Kaltenbrunner discovered that ldns, a library and set of utilities to facilitate DNS programming, did not correctly implement a buffer boundary check in its RR DNS record parser. This weakness could enable overflow of a heap buffer if a maliciously-crafted record is parsed, potentially allowing the execution of arbitrary code. The scope of compromise will vary with the context in which ldns is used, and could present either a local or remote attack vector.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1751-1 xulrunner - several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2016-1 drupal6 - several vulnerabilities
Debian GNU/Linux 5.0
drupal6
Several vulnerabilities (SA-CORE-2010-001) have been discovered in drupal6, a fully-featured content management framework.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1985-1 sendmail - insufficient input validation
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
sendmail
It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2135-1 xpdf - several vulnerabilities
Debian GNU/Linux 5.0
xpdf
Joel Voss of Leviathan Security Group discovered two vulnerabilities in xpdf rendering engine, which may lead to the execution of arbitrary code if a malformed PDF file is opened.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1943-1 openldap openldap2.3 - SSL certificate
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
openldap2.3
openldap
It was discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2119-1 poppler - several vulnerabilities
Debian GNU/Linux 5.0
poppler
Joel Voss of Leviathan Security Group discovered two vulnerabilities in the Poppler PDF rendering library, which may lead to the execution of arbitrary code if a malformed PDF file is opened.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
mysql-dfsg-5.0
Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1893-1 cyrus-imapd-2.2 kolab-cyrus-imapd - arbitrary code execution
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
cyrus-imapd-2.2
kolab-cyrus-imapd
It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by <a href="../../security/2009/dsa-1881">DSA 1881-1</a> was incomplete and the issue has been given an additional CVE id due to its complexity.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1935-1 gnutls13 gnutls26 - SSL certificate
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
gnutls13
gnutls26
Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a '\0' character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. (<a href="http://security-tracker.debian.org/tracker/CVE-2009-2730">CVE-2009-2730</a>)
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2019-1 pango1.0 - denial of service
Debian GNU/Linux 5.0
pango1.0
Marc Schoenefeld discovered an improper input sanitisation in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service (application crash).
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2139-1 phpmyadmin - several
Debian GNU/Linux 5.0
phpmyadmin
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2076-1 gnupg2 - execution of arbitrary code
Debian GNU/Linux 5.0
gnupg2
It was discovered that GnuPG 2 uses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1997-1 mysql-dfsg-5.0 - several vulnerabilities
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
mysql-dfsg-5.0
Several vulnerabilities have been discovered in the MySQL database server.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2017-1 pulseaudio - insecure temporary directory
Debian GNU/Linux 5.0
pulseaudio
Dan Rosenberg discovered that the PulseAudio sound server creates a temporary directory with a predictable name. This allows a local attacker to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2021-1 spamass-milter - remote command execution
Debian GNU/Linux 5.0
spamass-milter
A missing input sanitisation in spamass-milter, a milter used to filter mail through spamassassin, was discovered. This allows a remote attacker to inject and execute arbitrary shell commands.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1906-1 clamav - end-of-life announcement
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
clamav
Security support for clamav, an anti-virus utility for Unix, has been discontinued for the stable distribution (lenny) and the oldstable distribution (etch). Clamav Upstream has stopped supporting the releases in etch and lenny. Also, it is not easily possible to receive signature updates for the virus scanner with our released versions anymore.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1984-1 libxerces2-java - denial of service
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
libxerces2-java
It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1903-1 graphicsmagick - several
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
graphicsmagick
Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1988-1 qt4-x11 - several vulnerabilities
Debian GNU/Linux 5.0
qt4-x11
Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1834-1 apache2 apache2-mpm-itk - denial of service
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
apache2
A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch".
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2137-1 libxml2 - several vulnerabilities
Debian GNU/Linux 5.0
libxml2
Yang Dingning discovered a double free in libxml's Xpath processing, which might allow the execution of arbitrary code.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
ACCEPTED
DSA-1811-1 cups cupsys - denial of service
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
cupsys
cups
Anibal Sacco discovered that cups, a general printing system for UNIX systems, suffers from null pointer dereference because of its handling of two consecutive IPP packets with certain tag attributes that are treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers to perform denial of service attacks by crashing the cups daemon.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2010-1 kvm - several vulnerabilities
Debian GNU/Linux 5.0
kvm
Several local vulnerabilities have been discovered in kvm, a full virtualization system.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1892-1 dovecot - arbitrary code execution
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
dovecot
It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2136-1 tor - potential code execution
Debian GNU/Linux 5.0
tor
Willem Pinckaers discovered that Tor, a tool to enable online anonymity, does not correctly handle all data read from the network. By supplying specially crafted packets a remote attacker can cause Tor to overflow its heap, crashing the process. Arbitrary code execution has not been confirmed but there is a potential risk.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2263-2 movabletype-opensource - several
Debian GNU/Linux 5.0
movabletype-opensource
It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities:
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1890-1 wxwidgets2.6 wxwidgets2.8 wxwindows2.4 - arbitrary code execution
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
wxwidgets2.6
wxwindows2.4
wxwidgets2.8
Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2138-1 wordpress - SQL injection
Debian GNU/Linux 5.0
wordpress
Vladimir Kolesnikov discovered a SQL injection vulnerability in WordPress, a weblog manager. An authenticated user could execute arbitrary SQL commands via the Send Trackbacks field.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2014-1 moin - several vulnerabilities
Debian GNU/Linux 5.0
moin
Several vulnerabilities have been discovered in moin, a python clone of WikiWiki.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1962-1 kvm - several vulnerabilities
Debian GNU/Linux 5.0
kvm
Several vulnerabilities have been discovered in kvm, a full virtualization system.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1989-1 fuse - denial of service
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
fuse
Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1920-1 nginx – denial of service
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
nginx
A denial of service vulnerability has been found in nginx, a small and efficient web server.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2026-1 netpbm-free - buffer overflow
Debian GNU/Linux 5.0
netpbm-free
Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities. An attacker could cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1950-1 webkit - several vulnerabilities
Debian GNU/Linux 5.0
webkit
Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1965-1 phpldapadmin - remote file inclusion
Debian GNU/Linux 5.0
phpldapadmin
It was discovered that phpLDAPadmin, a web based interface for administering LDAP servers, doesn't sanitise an internal variable, which allows remote attackers to include and execute arbitrary local files.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2015-1 drbd8 linux-modules-extra-2.6 - privilege escalation
Debian GNU/Linux 5.0
drbd8
linux-modules-extra-2.6
A local vulnerability has been discovered in drbd8.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1971-1 libthai - arbitrary code execution
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
libthai
Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2024-1 moin - cross-site scripting
Debian GNU/Linux 5.0
moin
Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitise the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1898-1 openswan - denial of service
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
openswan
It was discovered that the pluto daemon in openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2006-1 sudo - several vulnerabilities
Debian GNU/Linux 5.0
sudo
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2021-2 spamass-milter - regression fix
Debian GNU/Linux 5.0
spamass-milter
A missing input sanitisation in spamass-milter, a milter used to filter mail through spamassassin, was discovered. This allows a remote attacker to inject and execute arbitrary shell commands.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1977-1 python - several vulnerabilities
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
python2.4
python2.5
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. (<a href="http://security-tracker.debian.org/tracker/CVE-2009-3560">CVE-2009-3560</a> <a href="http://security-tracker.debian.org/tracker/CVE-2009-3720">CVE-2009-3720</a>) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2079-1 mapserver - arbitrary code execution
Debian GNU/Linux 5.0
mapserver
Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1938-1 php-mail - insufficient input sanitising
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
php-mail
It was discovered that php-mail, a PHP PEAR module for sending email, has insufficient input sanitising, which might be used to obtain sensitive data from the system that uses php-mail.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1948-1 ntp - denial of service
Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
ntp
Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets.
Sergey Artykhov
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2403-2 php5 -- code injection
Debian GNU/Linux 5.0
php5
Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. This update adds packages
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2384-2 cacti -- several
Debian GNU/Linux 5.0
cacti
It was discovered that the last security update for cacti, DSA-2384-1, introduced a regression in lenny.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2358-1 openjdk-6 -- several
Debian GNU/Linux 5.0
openjdk-6
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code could access information about network interfaces which was not intended to be public. CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code to crash the virtual machine. CVE-2011-0869 Untrusted code could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code could elevate its privileges through the Swing MediaTracker code. CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code to elevate its privileges. CVE-2011-3547 The skip method in java.io.InputStream uses a shared buffer, allowing untrusted Java code to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory method, allowing untrusted Java code to bypass security policy restrictions.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2346-2 proftpd-dfsg -- several
Debian GNU/Linux 5.0
proftpd-dfsg
The ProFTPD security update, DSA-2346-1, introduced a regression, preventing successful TLS connections. This regression does not affected the stable distribution, nor the testing and unstable distributions.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2320-1 dokuwiki -- regression fix
Debian GNU/Linux 5.0
dokuwiki
The dokuwiki update included in Debian Lenny 5.0.9 to address a cross site scripting issue had a regression rendering links to external websites broken. This update corrects that regression.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2313-1 iceweasel -- several
Debian GNU/Linux 5.0
iceweasel
Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2365-1 dtc -- several
Debian GNU/Linux 5.0
dtc
Ansgar Burchardt, Mike O"Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services: CVE-2011-3195. A possible shell insertion has been found in the mailing list handling. CVE-2011-3196 Unix rights for the apache2.conf were set incorrectly. CVE-2011-3197 Incorrect input sanitising for the $_SERVER["addrlink"] parameter could lead to SQL insertion. CVE-2011-3198 DTC was using the -b option of htpasswd, possibly revealing password in clear text using ps or reading /proc. CVE-2011-3199 A possible HTML/javascript insertion vulnerability has been found in the DNS & MX section of the user panel. This update also fixes several vulnerabilities, for which no CVE ID has been assigned: It has been discovered that DTC performs insufficient input sanitising in the package installer, leading to possible unwanted destination directory for installed packages if some DTC application packages are installed. DTC was setting-up /etc/sudoers with permissive sudo rights to chrootuid. Incorrect input sanitising in the package installer could lead to SQL insertion. A malicious user could enter a specially crafted support ticket subject leading to an SQL injection in the draw_user_admin.php.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2357-1 evince -- several
Debian GNU/Linux 5.0
evince
Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer: CVE-2010-2640 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2641 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2642 Insuficient bounds checks in the AFM fonts parser when writing data to a memory buffer allocated on heap could lead to arbitrary memory overwrite and arbitrary code execution. CVE-2010-2643 Insuficient check on an integer used as a size for memory allocation can lead to arbitrary write outside the allocated range and cause arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2310-1 linux-2.6 -- privilege escalation/denial of service/information leak
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo system call on the alpha architecture. Local users could obtain access to sensitive kernel memory. CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4 system call on the alpha architecture permitting local users to gain elevated privileges. CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion. CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialised struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process" proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service by sending a specially crafted netlink message. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System. A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1855-1 subversion -- heap overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
subversion
Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases. For the old stable distribution, this problem has been fixed in version 1.4.2dfsg1-3. For the stable distribution , this problem has been fixed in version 1.5.1dfsg1-4. For the unstable distribution, this problem has been fixed in version 1.6.4dfsg-1. We recommend that you upgrade your Subversion packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1848-1 znc -- directory traversal
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
znc
It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files. For the old stable distribution, this problem has been fixed in version 0.045-3+etch3. For the stable distribution, this problem has been fixed in version 0.058-2+lenny3. For the unstable distribution, this problem has been fixed in version 0.074-1. We recommend that you upgrade your znc package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1755-1 systemtap -- race condition
Debian GNU/Linux 5.0
systemtap
Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an instrumentation system for Linux 2.6, allows local privilege escalation for members of the stapusr group. The old stable distribution isn’t affected. For the stable distribution, this problem has been fixed in version 0.0.20080705-1+lenny1. For the unstable distribution, this problem has been fixed in version 0.0.20090314-2. We recommend that you upgrade your systemtap package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1849-1 xml-security-c -- design flaw
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
xml-security-c
It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater. For the old stable distribution, this problem has been fixed in version 1.2.1-3+etch1. For the stable distribution, this problem has been fixed in version 1.4.0-3+lenny2. For the unstable distribution, this problem has been fixed in version 1.4.0-4. We recommend that you upgrade your xml-security-c packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1923-1 libhtml-parser-perl -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libhtml-parser-perl
A denial of service vulnerability has been found in libhtml-parser-perl, a collection of modules to parse HTML in text documents which is used by several other projects like e.g. SpamAssassin. Mark Martinec discovered that the decode_entities function will get stuck in an infinite loop when parsing certain HTML entities with invalid UTF-8 characters. An attacker can use this to perform denial of service attacks by submitting crafted HTML to an application using this functionality. For the oldstable distribution, this problem has been fixed in version 3.55-1+etch1. For the stable distribution, this problem has been fixed in version 3.56-1+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your libhtml-parser-perl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1821-1 amule -- insufficient input sanitising
Debian GNU/Linux 5.0
amule
Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player. For the stable distribution, this problem has been fixed in version 2.2.1-1+lenny2. The oldstable distribution is not affected by this issue. For the testing distribution this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.2.5-1.1. We recommend that you upgrade your amule packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1840-1 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2462 Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake Kaplan disocvered several issues in the browser engine that could potentially lead to the execution of arbitrary code. CVE-2009-2463 monarch2020 reported an integer overflow in a base64 decoding function. CVE-2009-2464 Christophe Charron reported a possibly exploitable crash occuring when multiple RDF files were loaded in a XUL tree element. CVE-2009-2465 Yongqian Li reported that an unsafe memory condition could be created by specially crafted document. CVE-2009-2466 Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book discovered several issues in the JavaScript engine that could possibly lead to the execution of arbitrary JavaScript. CVE-2009-2467 Attila Suszter discovered an issue related to a specially crafted Flash object, which could be used to run arbitrary code. CVE-2009-2469 PenPal discovered that it is possible to execute arbitrary code via a specially crafted SVG element. CVE-2009-2471 Blake Kaplan discovered a flaw in the JavaScript engine that might allow an attacker to execute arbitrary JavaScript with chrome privileges. CVE-2009-2472 moz_bug_r_a4 discovered an issue in the JavaScript engine that could be used to perform cross-site scripting attacks. For the stable distribution, these problems have been fixed in version 1.9.0.12-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 1.9.0.12-1. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1960-1 acpid -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
acpid
It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution creates its log file with weak permissions, which might expose sensible information or might be abused by a local user to consume all free disk space on the same partition of the file. For the oldstable distribution, this problem has been fixed in version 1.0.4-5etch2. The stable distribution in version 1.0.8-1lenny2 and the unstable distribution in version 1.0.10-5, have been updated to fix the weak file permissions of the log file created by older versions. We recommend that you upgrade your acpid packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1816-1 apache2 -- insufficient security check
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apache2
It was discovered that the Apache web server did not properly handle the "Options=" parameter to the AllowOverride directive: In the stable distribution , local users could enable script execution in Server Side Includes even in configurations where the AllowOverride directive contained only Options=IncludesNoEXEC. In the oldstable distribution , local users could enable script execution in Server Side Includes and CGI script execution in configurations where the AllowOverride directive contained any "Options=" value. For the stable distribution, this problem has been fixed in version 2.2.9-10+lenny3. The oldstable distribution, this problem has been fixed in version 2.2.3-4+etch8. For the testing distribution and the unstable distribution, this problem will be fixed in version 2.2.11-6. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. We recommend that you upgrade your apache2 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1740-1 yaws -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
yaws
It was discovered that yaws, a high performance HTTP 1.1 webserver, is prone to a denial of service attack via a request with a large HTTP header. For the stable distribution, this problem has been fixed in version 1.77-3+lenny1. For the oldstable distribution, this problem has been fixed in version 1.65-4etch1. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.80-1. We recommend that you upgrade your yaws package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1887-1 rails -- missing input sanitising
Debian GNU/Linux 5.0
rails
Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper. For the stable distribution , this problem has been fixed in version 2.1.0-7. For the oldstable distribution security support has been discontinued. It has been reported that rails in oldstable is unusable and several features that are affected by security issues are broken due to programming issues. It is highly recommended to upgrade to the version in stable. For the testing distribution and the unstable distribution , this problem has been fixed in version 2.2.3-1. We recommend that you upgrade your rails packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1847-1 bind9 -- improper assert
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
bind9
It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed. For the old stable distribution, this problem has been fixed in version 9.3.4-2etch5. For the stable distribution, this problem has been fixed in version 9.5.1.dfsg.P3-1. For the unstable distribution, this problem has been fixed in version 1:9.6.1.dfsg.P1-1. We recommend that you upgrade your bind9 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1785-1 wireshark -- several
Debian GNU/Linux 5.0
wireshark
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1210 A format string vulnerability was discovered in the PROFINET dissector. CVE-2009-1268 The dissector for the Check Point High-Availability Protocol could be forced to crash. CVE-2009-1269 Malformed Tektronix files could lead to a crash. The old stable distribution is only affected by the CPHAP crash, which doesn’t warrant an update on its own. The fix will be queued up for an upcoming security update or a point release. For the stable distribution, these problems have been fixed in version 1.0.2-3+lenny5. For the unstable distribution, these problems have been fixed in version 1.0.7-1. We recommend that you upgrade your wireshark packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1763-1 openssl -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openssl
It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch5 of the openssl package and in version 0.9.7k-3.1etch3 of the openssl097 package. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny1. For the unstable distribution, this problem has been fixed in version 0.9.8g-16. We recommend that you upgrade your openssl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1800-1 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a sensitive memory leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. CVE-2009-0835 Roland McGrath discovered an issue on amd64 kernels with CONFIG_SECCOMP enabled. By making a specially crafted syscall, local users can bypass access restrictions. CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. CVE-2009-1046 Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters. CVE-2009-1072 Igor Zhbanov reported that nfsd was not properly dropping CAP_MKNOD, allowing users to create device nodes on file systems exported with root_squash. CVE-2009-1184 Dan Carpenter reported a coding issue in the selinux subsystem that allows local users to bypass certain networking checks when running with compat_net=1. CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialised memory. CVE-2009-1242 Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops. CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialised kernel memory that may contain sensitive data. CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. CVE-2009-1338 Daniel Hokka Zakrisson discovered that a kill is permitted to reach processes outside of the current process namespace. CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount. For the stable distribution, these problems have been fixed in version 2.6.26-15lenny2. For the oldstable distribution, these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1895-2 opensaml2, shibboleth-sp2 -- interpretation conflict
Debian GNU/Linux 5.0
opensaml2
shibboleth-sp2
In DSA-1895-1, the xmltooling package was updated to address several security issues. It turns out that the change related to SAML metadata processing for key constraints caused problems when applied without the matching changes in the opensaml2 and shibboleth-sp2 packages. For the stable distribution, this problem has been fixed in version 2.0-2+lenny1 of the opensaml2 packages, and version 2.0.dfsg1-4+lenny1 of the shibboleth-sp2 packages. We recommend that you upgrade your opensaml2 and shibboleth-sp2 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1745-1 lcms -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
lcms
Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny1. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch2. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1912-1 camlimages -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
camlimages
It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. It also expands the patch for CVE-2009-2660 to cover another potential overflow in the processing of JPEG images. For the oldstable distribution, this problem has been fixed in version 2.20-8+etch3. For the stable distribution, this problem has been fixed in version 1:2.2.0-4+lenny3. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your camlimages package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1918-1 phpmyadmin -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
phpmyadmin
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3696 Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. CVE-2009-3697 SQL injection vulnerability in the PDF schema generator functionality allows remote attackers to execute arbitrary SQL commands. This issue does not apply to the version in Debian 4.0 Etch. Additionally, extra fortification has been added for the web based setup.php script. Although the shipped web server configuration should ensure that this script is protected, in practice this turned out not always to be the case. The config.inc.php file is not writable anymore by the webserver user anymore. See README.Debian for details on how to enable the setup.php script if and when you need it. For the old stable distribution, these problems have been fixed in version 4:2.9.1.1-13. For the stable distribution, these problems have been fixed in version 4:2.11.8.1-5+lenny3. For the unstable distribution, these problems have been fixed in version 3.2.2.1-1. We recommend that you upgrade your phpmyadmin package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1804-1 ipsec-tools -- null pointer dereference, memory leaks
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ipsec-tools
Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the following problems: Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets that contain no payload. This results in the daemon crashing which can be used for denial of service attacks. Various memory leaks in the X.509 certificate authentication handling and the NAT-Traversal keepalive implementation can result in memory exhaustion and thus denial of service. For the oldstable distribution, this problem has been fixed in version 1:0.6.6-3.1etch3. For the stable distribution, this problem has been fixed in version 1:0.7.1-1.3+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1:0.7.1-1.5. We recommend that you upgrade your ipsec-tools packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1874-1 nss -- several
Debian GNU/Linux 5.0
nss
Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they’re no longer considered cryptographically secure. The old stable distribution doesn’t contain nss. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny1. For the unstable distribution, these problems have been fixed in version 3.12.3.1-1. We recommend that you upgrade your nss packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1726-1 python-crypto -- buffer overflow
Debian GNU/Linux 5.0
python-crypto
Mike Wiacek discovered that a buffer overflow in the ARC2 implementation of Python Crypto, a collection of cryptographic algorithms and protocols for Python allows denial of service and potentially the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 2.0.1+dfsg1-2.3+lenny0. Due to a technical limitation in the Debian archive management scripts the update for the old stable distribution cannot be released synchronously. It will be fixed in version 2.0.1+dfsg1-1.2+etch0 soon. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your python-crypto package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1839-1 gst-plugins-good0.10 -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gst-plugins-good0.10
It has been discovered that gst-plugins-good0.10, the GStreamer plugins from the "good" set, are prone to an integer overflow, when processing a large PNG file. This could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 0.10.8-4.1~lenny2. For the oldstable distribution, this problem has been fixed in version 0.10.4-4+etch1. Packages for the s390 and hppa architectures will be released once they are available. For the testing distribution and the unstable distribution, this problem has been fixed in version 0.10.15-2. We recommend that you upgrade your gst-plugins-good0.10 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1961-1 bind9 -- DNS cache poisoning
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
bind9
Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Note that this update contains an internal ABI change, which means that all BIND-related packages must be updated at the same time. In the unlikely event that you have compiled your own software against libdns, you must recompile this program, too. For the old stable distribution, this problem has been fixed in version 1:9.3.4-2etch6. For the stable distribution, this problem has been fixed in version 1:9.5.1.dfsg.P3-1+lenny1. For the unstable distribution and the testing distribution, this problem has been fixed in version 9.6.1.dfsg.P2-1. We recommend that you upgrade your bind9 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1952-1 asterisk -- several vulnerabilities
Debian GNU/Linux 5.0
asterisk
Several vulnerabilities have been discovered in asterisk, an Open Source PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0041 It is possible to determine valid login names via probing, due to the IAX2 response from asterisk. CVE-2008-3903 It is possible to determine a valid SIP username, when Digest authentication and authalwaysreject are enabled. CVE-2009-3727 It is possible to determine a valid SIP username via multiple crafted REGISTER messages. CVE-2008-7220 CVE-2007-2383 It was discovered that asterisk contains an obsolete copy of the Prototype JavaScript framework, which is vulnerable to several security issues. This copy is unused and now removed from asterisk. CVE-2009-4055 It was discovered that it is possible to perform a denial of service attack via RTP comfort noise payload with a long data length. For the stable distribution, these problems have been fixed in version 1:1.4.21.2~dfsg-3+lenny1. The security support for asterisk in the oldstable distribution has been discontinued before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable. For the testing distribution and the unstable distribution , these problems have been fixed in version 1:1.6.2.0~rc7-1. We recommend that you upgrade your asterisk packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1817-1 ctorrent -- stack-based buffer overflow
Debian GNU/Linux 5.0
ctorrent
Michael Brooks discovered that ctorrent, a text-mode bittorrent client, does not verify the length of file paths in torrent files. An attacker can exploit this via a crafted torrent that contains a long file path to execute arbitrary code with the rights of the user opening the file. The oldstable distribution does not contain ctorrent. For the stable distribution, this problem has been fixed in version 1.3.4-dnh3.2-1+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.3.4-dnh3.2-1.1. We recommend that you upgrade your ctorrent packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1888-1 openssl, openssl097 -- cryptographic weakness
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openssl
openssl097
Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they’re no longer considered cryptographically secure. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny5. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for openssl097. The OpenSSL 0.9.8 update for oldstable also provides updated packages for multiple denial of service vulnerabilities in the Datagram Transport Layer Security implementation. These fixes were already provided for Debian stable in a previous point update. The OpenSSL 0.9.7 package from oldstable is not affected. For the unstable distribution, this problem has been fixed in version 0.9.8k-5. We recommend that you upgrade your openssl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1876-1 dnsmasq -- buffer overflow
Debian GNU/Linux 5.0
dnsmasq
Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2957 A buffer overflow in TFTP processing may enable arbitrary code execution to attackers which are permitted to use the TFTP service. CVE-2009-2958 Malicious TFTP clients may crash dnsmasq, leading to denial of service. The old stable distribution is not affected by these problems. For the stable distribution, these problems have been fixed in version 2.45-1+lenny1. For the unstable distribution, these problems have been fixed in version 2.50-1. We recommend that you upgrade your dnsmasq packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1833-2 dhcp3 -- several
Debian GNU/Linux 5.0
dhcp3
The previous dhcp3 update did not properly apply the required changes to the stable version. The old stable version is not affected by this problem. The original advisory description follows. Several remote vulnerabilities have been discovered in ISC's DHCP implementation: It was discovered that dhclient does not properly handle overlong subnet mask options, leading to a stack-based buffer overflow and possible arbitrary code execution. Christoph Biedl discovered that the DHCP server may terminate when receiving certain well-formed DHCP requests, provided that the server configuration mixes host definitions using "dhcp-client-identifier" and "hardware ethernet". This vulnerability only affects the lenny versions of dhcp3-server and dhcp3-server-ldap. For the stable distribution, this problem has been fixed in version 3.1.1-6+lenny3. We recommend that you upgrade your dhcp3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1824-1 phpmyadmin -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
phpmyadmin
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1150 Cross site scripting vulnerability in the export page allow for an attacker that can place crafted cookies with the user to inject arbitrary web script or HTML. CVE-2009-1151 Static code injection allows for a remote attacker to inject arbitrary code into phpMyAdmin via the setup.php script. This script is in Debian under normal circumstances protected via Apache authentication. However, because of a recent worm based on this exploit, we are patching it regardless, to also protect installations that somehow still expose the setup.php script. For the old stable distribution, these problems have been fixed in version 4:2.9.1.1-11. For the stable distribution, these problems have been fixed in version 4:2.11.8.1-5+lenny1. For the unstable distribution, these problems have been fixed in version 3.1.3.1-1. We recommend that you upgrade your phpmyadmin package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1897-1 horde3 -- insufficient input sanitisation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
horde3
Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver. For the oldstable distribution, this problem has been fixed in version 3.1.3-4etch6. For the stable distribution, this problem has been fixed in version 3.2.2+debian0-2+lenny1. For the testing distribution, this problem has been fixed in version 3.3.5+debian0-1. For the unstable distribution, this problem has been fixed in version 3.3.5+debian0-1. We recommend that you upgrade your horde3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1754-1 roundup -- insufficient access checks
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
roundup
It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorised ways, including granting themselves admin rights. This update introduces stricter access checks, actually enforcing the configured permissions and roles. This means that the configuration may need updating. In addition, user registration via the web interface has been disabled; use the program "roundup-admin" from the command line instead. For the old stable distribution, this problem has been fixed in version 1.2.1-10+etch1. For the stable distribution, this problem has been fixed in version 1.4.4-4+lenny1. We recommend that you upgrade your roundup package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1900-1 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
postgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4
Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3229 Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. CVE-2009-3230 Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. CVE-2009-3231 If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. In addition, this update contains reliability improvements which do not target security issues. For the old stable distribution, these problems have been fixed in version 1:7.4.26-0etch1 of the postgresql-7.4 source package, and version 8.1.18-0etch1 of the postgresql-8.1 source package. For the stable distribution, these problems have been fixed in version 8.3.8-0lenny1 of the postgresql-8.3 source package. For the unstable distribution, these problems have been fixed in version 8.3.8-1 of the postgresql-8.3 source package, and version 8.4.1-1 of the postgresql-8.4 source package. We recommend that you upgrade your PostgreSQL packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1761-1 moodle -- missing input sanitisation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
moodle
Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn’t check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn’t affect installations that only use the mimetex environment. For the oldstable distribution, this problem has been fixed in version 1.6.3-2+etch3. For the stable distribution, this problem has been fixed in version 1.8.2.dfsg-3+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.8.2.dfsg-5. We recommend that you upgrade your moodle packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1836-1 fckeditor -- missing input sanitising
Debian GNU/Linux 5.0
fckeditor
Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code. The old stable distribution doesn’t contain fckeditor. For the stable distribution, this problem has been fixed in version 1:2.6.2-1lenny1. For the unstable distribution, this problem has been fixed in version 1:2.6.4.1-1. We recommend that you upgrade your fckeditor package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1789-1 php5 -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
php5
Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems. The following four vulnerabilities have already been fixed in the stable version of php5 prior to the release of lenny. This update now addresses them for etch aswell: CVE-2008-2107 / CVE-2008-2108 The GENERATE_SEED macro has several problems that make predicting generated random numbers easier, facilitating attacks against measures that use rand or mt_rand as part of a protection. CVE-2008-5557 A buffer overflow in the mbstring extension allows attackers to execute arbitrary code via a crafted string containing an HTML entity. CVE-2008-5624 The page_uid and page_gid variables are not correctly set, allowing use of some functionality intended to be restricted to root. CVE-2008-5658 Directory traversal vulnerability in the ZipArchive::extractTo function allows attackers to write arbitrary files via a ZIP file with a file whose name contains sequences. This update also addresses the following three vulnerabilities for both oldstable and stable: CVE-2008-5814 Cross-site scripting vulnerability, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML. CVE-2009-0754 When running on Apache, PHP allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. CVE-2009-1271 the JSON_parser function allows a denial of service via a malformed string to the json_decode API function. Furthermore, two updates originally scheduled for the next point update for oldstable are included in the etch package: * Let PHP use the system timezone database instead of the embedded timezone database which is out of date. * From the source tarball, the unused "dbase" module has been removed which contained licensing problems. For the old stable distribution, these problems have been fixed in version 5.2.0+dfsg-8+etch15. For the stable distribution, these problems have been fixed in version 5.2.6.dfsg.1-1+lenny3. For the unstable distribution, these problems have been fixed in version 5.2.9.dfsg.1-1. We recommend that you upgrade your php5 package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1831-1 djbdns -- programming error
Debian GNU/Linux 5.0
djbdns
Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain Name System server, does not constrain offsets in the required manner, which allows remote attackers with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain. The old stable distribution does not contain djbdns. For the stable distribution, this problem has been fixed in version 1.05-4+lenny1. For the unstable distribution, this problem has been fixed in version 1.05-5. We recommend that you upgrade your djbdns package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1941-1 poppler -- several
Debian GNU/Linux 5.0
poppler
Several integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document. For the stable distribution, these problems have been fixed in version 0.8.7-3. An update for the old stable distribution will be issued soon as version 0.4.5-5.1etch4. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your poppler packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1957-1 aria2 -- buffer overflow
Debian GNU/Linux 5.0
aria2
It was discovered that aria2, a high speed download utility, is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 0.14.0-1+lenny1. Binaries for powerpc, arm, ia64 and hppa will be provided once they are available. The oldstable distribution is not affected by this problem. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.2.0-1. We recommend that you upgrade your aria2 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1856-1 mantis -- information leak
Debian GNU/Linux 5.0
mantis
It was discovered that the Debian Mantis package, a web based bug tracking system, installed the database credentials in a file with world-readable permissions onto the local filesystem. This allows local users to acquire the credentials used to control the Mantis database. This updated package corrects this problem for new installations and will carefully try to update existing ones. Administrators can check the permissions of the file /etc/mantis/config_db.php to see if they are safe for their environment. The old stable distribution does not contain a mantis package. For the stable distribution, this problem has been fixed in version 1.1.6+dfsg-2lenny1. For the unstable distribution, this problem has been fixed in version 1.1.8+dfsg-2. We recommend that you upgrade your mantis package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1859-1 libxml2 -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libxml2
Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. For the oldstable distribution, this problem has been fixed in version 2.6.27.dfsg-6+etch1. For the stable distribution, this problem has been fixed in version 2.6.32.dfsg-5+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your libxml2 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1873-1 xulrunner -- programming error
Debian GNU/Linux 5.0
xulrunner
Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. Xulrunner is no longer supported for the old stable distribution. For the stable distribution, this problem has been fixed in version 1.9.0.13-0lenny1. For the unstable distribution, this problem has been fixed in version 1.9.0.13-1. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1807-1 cyrus-sasl2, cyrus-sasl2-heimdal -- buffer overflow
Debian GNU/Linux 5.0
cyrus-sasl2
cyrus-sasl2-heimdal
James Ralston discovered that the sasl_encode64 function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution. Important notice : While this patch will fix currently vulnerable code, it can cause non-vulnerable existing code to break. Here’s a function prototype from include/saslutil.h to clarify my explanation: /* base64 encode * in -- input data * inlen -- input data length * out -- output buffer * outmax -- max size of output buffer * result: * outlen -- gets actual length of output buffer * * Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ LIBSASL_API int sasl_encode64; Assume a scenario where calling code has been written in such a way that it calculates the exact size required for base64 encoding in advance, then allocates a buffer of that exact size, passing a pointer to the buffer into sasl_encode64 as *out. As long as this code does not anticipate that the buffer is NUL-terminated the code will work and it will not be vulnerable. Once this patch is applied, that same code will break because sasl_encode64 will begin to return SASL_BUFOVER. For the oldstable distribution, this problem will be fixed soon. For the stable distribution, this problem has been fixed in version 2.1.22.dfsg1-23+lenny1 of cyrus-sasl2 and cyrus-sasl2-heimdal. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.1.23.dfsg1-1 of cyrus-sasl2 and cyrus-sasl2-heimdal. We recommend that you upgrade your cyrus-sasl2/cyrus-sasl2-heimdal packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1781-1 ffmpeg-debian -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ffmpeg-debian
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0385 It was discovered that watching a malformed 4X movie file could lead to the execution of arbitrary code. CVE-2008-3162 It was discovered that using a crafted STR file can lead to the execution of arbitrary code. For the oldstable distribution, these problems have been fixed in version 0.cvs20060823-8+etch1. For the stable distribution, these problems have been fixed in version 0.svn20080206-17+lenny1. For the testing distribution and the unstable distribution , these problems have been fixed in version 0.svn20080206-16. We recommend that you upgrade your ffmpeg-debian packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1910-1 mysql-ocaml -- missing escape function
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
mysql-ocaml
It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string. This is needed, because mysql_real_escape_string honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape and takes the established database connection as a first argument. The old escape_string was kept for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function. For the stable distribution, this problem has been fixed in version 1.0.4-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.0.4-2+etch1. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your mysql-ocaml packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1875-1 ikiwiki -- missing input sanitising
Debian GNU/Linux 5.0
ikiwiki
Josh Triplett discovered that the blacklist for potentially harmful TeX code of the teximg module of the Ikiwiki wiki compiler was incomplete, resulting in information disclosure. The old stable distribution is not affected. For the stable distribution, this problem has been fixed in version 2.53.4. For the unstable distribution, this problem has been fixed in version 3.1415926. We recommend that you upgrade your ikiwiki package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1913-1 bugzilla -- SQL injection vulnerability
Debian GNU/Linux 5.0
bugzilla
Max Kanat-Alexander, Bradley Baetz, and Frédéric Buclin discovered an SQL injection vulnerability in the Bug.create WebService function in Bugzilla, a web-based bug tracking system, which allows remote attackers to execute arbitrary SQL commands. For the stable distribution, this problem has been fixed in version 3.0.4.1-2+lenny2. The oldstable distribution isn’t affected by this problem. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your bugzilla packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1956-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3986: David James discovered that the window.opener property allows Chrome privilege escalation. CVE-2009-3985: Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. CVE-2009-3984: Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. CVE-2009-3983: Takehiro Takahashi discovered that the NTLM implementaion is vulnerable to reflection attacks. CVE-2009-3981: Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3979: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.16-1. For the unstable distribution, these problems have been fixed in version 1.9.1.6-1. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1959-1 ganeti -- missing input sanitation
Debian GNU/Linux 5.0
ganeti
It was discovered that ganeti, a virtual server cluster manager, does not validate the path of scripts passed as arguments to certain commands, which allows local or remote users to execute arbitrary commands on a host acting as a cluster master. For the stable distribution, this problem has been fixed in version 1.2.6-3+lenny2. For the testing distribution, this problem will be fixed in version 2.0.5-1. For the unstable distribution, this problem has been fixed in version 2.0.5-1. The oldstable distribution does not include ganeti. We recommend that you upgrade your ganeti packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1955-1 network-manager/network-manager-applet -- information disclosure
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
network-manager/network-manager-applet
It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information. If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf file, then please make sure that you merge the changes from this fix when asked during upgrade. For the stable distribution, this problem has been fixed in version 0.6.6-4+lenny1 of network-manager-applet. For the oldstable distribution, this problem has been fixed in version 0.6.4-6+etch1 of network-manager. For the testing distribution and the unstable distribution, this problem has been fixed in version 0.7.0.99-1 of network-manager-applet. We recommend that you upgrade your network-manager and network-manager-applet packages accordingly.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1930-1 drupal6 -- several vulnerabilities
Debian GNU/Linux 5.0
drupal6
Several vulnerabilities have been found in drupal6, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2372 Gerhard Killesreiter discovered a flaw in the way user signatures are handled. It is possible for a user to inject arbitrary code via a crafted user signature. CVE-2009-2373 Mark Piper, Sven Herrmann and Brandon Knight discovered a cross-site scripting issue in the forum module, which could be exploited via the tid parameter. CVE-2009-2374 Sumit Datta discovered that certain drupal6 pages leak sensible information such as user credentials. Several design flaws in the OpenID module have been fixed, which could lead to cross-site request forgeries or privilege escalations. Also, the file upload function does not process all extensions properly leading to the possible execution of arbitrary code. For the stable distribution, these problems have been fixed in version 6.6-3lenny3. The oldstable distribution does not contain drupal6. For the testing distribution and the unstable distribution, these problems have been fixed in version 6.14-1. We recommend that you upgrade your drupal6 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1829-2 sork-passwd-h3 -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
sork-passwd-h3
The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. For reference the original advisory text is below. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter. For the oldstable distribution, this problem has been fixed in version 3.0-2+etch2. For the stable distribution, this problem has been fixed in version 3.0-2+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.1-1.2. We recommend that you upgrade your sork-passwd-h3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1953-1 expat -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
expat
Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch2. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny2. For the testing distribution and the unstable distribution , this problem will be in version 2.0.1-6. The builds for the mipsel architecture for the old stable distribution are not included yet. They will be released when they become available. We recommend that you upgrade your expat packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1757-1 auth2db -- SQL injection
Debian GNU/Linux 5.0
auth2db
It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to a SQL injection vulnerability, when used with multibyte character encodings. For the stable distribution, this problem has been fixed in version 0.2.5-2+dfsg-1+lenny1. The oldstable distribution doesn’t contain auth2db. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.2.5-2+dfsg-1.1. We recommend that you upgrade your auth2db packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1747-1 glib2.0 -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
glib2.0
Diego Petten discovered that glib2.0, the GLib library of C routines, handles large strings insecurely via its Base64 encoding functions. This could possible lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 2.16.6-1+lenny1. For the oldstable distribution, this problem has been fixed in version 2.12.4-2+etch1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.20.0-1. We recommend that you upgrade your glib2.0 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1806-1 cscope -- buffer overflows
Debian GNU/Linux 5.0
cscope
Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files. For the stable distribution, this problem has been fixed in version 15.6-6+lenny1. Due to a technical limitation in the Debian archive management scripts the update for the old stable distribution cannot be released synchronously. It will be fixed in version 15.6-2+etch1 soon. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your cscope package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1835-1 tiff -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
tiff
Several vulnerabilities have been discovered in the library for the Tag Image File Format. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools. For the old stable distribution, these problems have been fixed in version 3.8.2-7+etch3. For the stable distribution, these problems have been fixed in version 3.8.2-11.2. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your tiff packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2051-1 postgresql-8.3 -- several
Debian GNU/Linux 5.0
postgresql-8.3
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1169 Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. CVE-2010-1170 Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. CVE-2010-1975 It was discovered that an unprivileged user could reset superuser-only parameter settings. For the stable distribution, these problems have been fixed in version 8.3.11-0lenny1. This update also introduces a fix for CVE-2010-0442, which was originally scheduled for the next Lenny point update. For the unstable distribution, these problems have been fixed in version 8.4.4-1 of postgresql-8.4. We recommend that you upgrade your postgresql-8.3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1994-1 ajaxterm -- weak session IDs
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ajaxterm
It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm. For the oldstable distribution, the problem has been fixed in version 0.9-2+etch1. For the stable distribution, the problem has been fixed in version 0.10-2+lenny1. For the unstable distribution, the problem has been fixed in version 0.10-5. We recommend that you upgrade your ajaxterm package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1878-1 devscripts -- missing input sanitation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
devscripts
Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible. For the old stable distribution, this problem has been fixed in version 2.9.26etch4. For the stable distribution, this problem has been fixed in version 2.10.35lenny6. For the unstable distribution, this problem will be fixed in version 2.10.54. We recommend that you upgrade your devscripts package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1719-2 gnutls13, gnutls26 -- design flaw
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gnutls13
gnutls26
Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as CA root certificates by default, as originally described in the documentation. However, it turned out that there is still significant use of historic X.509v1 CA root certificates, so this constitutes an unacceptable regression. This update reverses this part of the changes in DSA-1719-1. Note that the X.509v1 certificate format does not distinguish between server and CA certificates, which means that an X.509v1 server certificates is implicitly converted into a CA certificate when added to the trust store. The current stable distribution was released with the changes in DSA-1719-1 already applied, and this update reverses the changes concerning X.509v1 CA certificates for this distribution, too. For the old stable distribution, this problem has been fixed in version 1.4.4-3+etch4. For the stable distribution, this problem has been fixed in version 2.4.2-6+lenny1. We recommend that you upgrade your GNUTLS packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1993-1 otrs2 -- sql injection
Debian GNU/Linux 5.0
otrs2
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2. The oldstable distribution is not affected. For the stable distribution, the problem has been fixed in version 2.2.7-2lenny3. For the testing distribution, the problem will be fixed soon. For the unstable distribution, the problem has been fixed in version 2.4.7-1. We recommend that you upgrade your otrs2 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1778-1 mahara -- insufficient input sanitisation
Debian GNU/Linux 5.0
mahara
It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting attacks because of missing input sanitisation of the introduction text field in user profiles and any text field in a user view. The oldstable distribution does not contain mahara. For the stable distribution, this problem has been fixed in version 1.0.4-4+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.1.3-1. We recommend that you upgrade your mahara packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1791-1 moin -- insufficient input sanitising
Debian GNU/Linux 5.0
moin
It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks when renaming attachements or performing other sub-actions. For the stable distribution, this problem has been fixed in version 1.7.1-3+lenny2. The oldstable distribution is not vulnerable. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your moin packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1934-1 apache2 -- multiple issues
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apache2
A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations: - - The "SSLVerifyClient" directive is used in a Directory or Location context. - - The "SSLCipherSuite" directive is used in a Directory or Location context. As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: CVE-2009-3094: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service via a malformed reply to an EPSV command. CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. For the stable distribution, these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release. The oldstable distribution, these problems have been fixed in version 2.2.3-4+etch11. For the testing distribution and the unstable distribution, these problems will be fixed in version 2.2.14-2. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. Updated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available. We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2062-1 sudo -- missing input sanitisation
Debian GNU/Linux 5.0
sudo
Anders Kaseorg and Evan Broder discovered vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. For the stable distribution, this problem has been fixed in version 1.6.9p17-3 For the unstable distribution , this problem has been fixed in version 1.7.2p7-1, and will migrate to the testing distribution shortly. We recommend that you upgrade your sudo package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1743-1 libtk-img -- buffer overflows
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libtk-img
Two buffer overflows have been found in the GIF image parsing code of Tk, a cross-platform graphical toolkit, which could lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5137 It was discovered that libtk-img is prone to a buffer overflow via specially crafted multi-frame interlaced GIF files. CVE-2007-5378 It was discovered that libtk-img is prone to a buffer overflow via specially crafted GIF files with certain subimage sizes. For the stable distribution, these problems have been fixed in version 1:1.3-release-7+lenny1. For the oldstable distribution, these problems have been fixed in version 1:1.3-15etch3. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.3-release-8. We recommend that you upgrade your libtk-img packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1967-1 transmission -- directory traversal
Debian GNU/Linux 5.0
transmission
Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file. For the stable distribution, this problem has been fixed in version 1.22-1+lenny2. For the unstable distribution, this problem has been fixed in version 1.77-1. We recommend that you upgrade your transmission packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1805-1 pidgin -- several
Debian GNU/Linux 5.0
pidgin
Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1373 A buffer overflow in the Jabber file transfer code may lead to denial of service or the execution of arbitrary code. CVE-2009-1375 Memory corruption in an internal library may lead to denial of service. CVE-2009-1376 The patch provided for the security issue tracked as CVE-2008-2927 - integer overflows in the MSN protocol handler - was found to be incomplete. The old stable distribution is affected under the source package name gaim. However, due to build problems the updated packages couldn't be released along with the stable version. It will be released once the build problem is resolved. For the stable distribution, these problems have been fixed in version 2.4.3-4lenny2. For the unstable distribution, these problems have been fixed in version 2.5.6-1. We recommend that you upgrade your pidgin packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1772-1 udev -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
udev
Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon. CVE-2009-1185 udev does not check the origin of NETLINK messages, allowing local users to gain root privileges. CVE-2009-1186 udev suffers from a buffer overflow condition in path encoding, potentially allowing arbitrary code execution. For the old stable distribution, these problems have been fixed in version 0.105-4etch1. For the stable distribution, these problems have been fixed in version 0.125-7+lenny1. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your udev package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1779-1 apt -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apt
Two vulnerabilities have been discovered in APT, the well-known dpkg frontend. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1300 In time zones where daylight savings time occurs at midnight, the apt cron.daily script fails, stopping new security updates from being applied automatically. CVE-2009-1358 A repository that has been signed with an expired or revoked OpenPGP key would still be considered valid by APT. For the old stable distribution, these problems have been fixed in version 0.6.46.4-0.1+etch1. For the stable distribution, these problems have been fixed in version 0.7.20.2+lenny1. For the unstable distribution, these problems have been fixed in version 0.7.21. We recommend that you upgrade your apt package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1979-1 lintian -- multiple
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
lintian
Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems" control files were not sanitised before using them in certain operations that could lead to directory traversals. An attacker could exploit these vulnerabilities to overwrite arbitrary files or disclose system information. CVE-2009-4014: format string vulnerabilities Multiple check scripts and the Lintian::Schedule module were using user-provided input as part of the sprintf/printf format string. CVE-2009-4015: arbitrary command execution File names were not properly escaped when passing them as arguments to certain commands, allowing the execution of other commands as pipes or as a set of shell commands. For the oldstable distribution, these problems have been fixed in version 1.23.28+etch1. For the stable distribution, these problems have been fixed in version 1.24.2.1+lenny1. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.3.2 We recommend that you upgrade your lintian packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1788-1 quagga -- improper assertion
Debian GNU/Linux 5.0
quagga
It was discovered that Quagga, an IP routing daemon, could no longer process the Internet routing table due to broken handling of multiple 4-byte AS numbers in an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure, leading to a denial of service. The old stable distribution is not affected by this issue. For the stable distribution, this problem has been fixed in version 0.99.10-1lenny2. For the unstable distribution, this problem has been fixed in version 0.99.11-2. We recommend that you upgrade your quagga package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1750-1 libpng -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libpng
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. For the old stable distribution, these problems have been fixed in version1.2.15~beta5-1+etch2. For the stable distribution, these problems have been fixed in version 1.2.27-2+lenny2. For the unstable distribution, these problems have been fixed in version 1.2.35-1. We recommend that you upgrade your libpng packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1771-1 clamav -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
clamav
Several vulnerabilities have been discovered in the ClamAV anti-virus toolkit: CVE-2008-6680 Attackers can cayse a denial of service via a crafted EXE file that triggers a divide-by-zero error. CVE-2009-1270 Attackers can cause a denial of service via a crafted tar file that causes clamd and clamscan to hang. Attackers can cause a denial of service via a crafted EXE file that crashes the UPack unpacker. For the old stable distribution, these problems have been fixed in version 0.90.1dfsg-4etch19. For the stable distribution, these problems have been fixed in version 0.94.dfsg.2-1lenny2. For the unstable distribution, these problems have been fixed in version 0.95.1+dfsg-1. We recommend that you upgrade your clamav packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1885-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3070 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3071 Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3072 Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3074 Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-3075 Carsten Book and "Taral" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3076 Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn’t informative enough, which might allow social engineering attacks. CVE-2009-3077 It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. CVE-2009-3078 Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. For the stable distribution, these problems have been fixed in version 1.9.0.14-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.14-1. For the experimental distribution, these problems have been fixed in version 1.9.1.3-1. We recommend that you upgrade your xulrunner package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1741-1 psi -- integer overflow
Debian GNU/Linux 5.0
psi
Jesus Olmos Gonzalez discovered that an integer overflow in the PSI Jabber client may lead to remote denial of service. The old stable distribution is not affected. For the stable distribution, this problem has been fixed in version 0.11-9. For the unstable distribution, this problem has been fixed in version 0.12.1-1. We recommend that you upgrade your psi package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1879-1 silc-client/silc-toolkit -- several
Debian GNU/Linux 5.0
silc-client/silc-toolkit
Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services. The Common Vulnerabilities and Exposures project identifies the following problems: An incorrect format string in sscanf used in the ASN1 encoder to scan an OID value could overwrite a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. On 64-bit architectures this could result in unexpected application behaviour or even code execution in some cases. Various format string vulnerabilities when handling parsed SILC messages allow an attacker to execute arbitrary code with the rights of the victim running the SILC client via crafted nick names or channel names containing format strings. An incorrect format string in a sscanf call used in the HTTP server component of silcd could result in overwriting a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. An attacker could exploit this by using crafted Content-Length header values resulting in unexpected application behaviour or even code execution in some cases. Silc-server doesn’t need an update as it uses the shared library provided by silc-toolkit. Silc-client/silc-toolkit in the oldstable distribution is not affected by this problem. For the stable distribution, this problem has been fixed in version 1.1.7-2+lenny1 of silc-toolkit and in version 1.1.4-1+lenny1 of silc-client. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.1.10-1 of silc-toolkit and version 1.1-2 of silc-client. We recommend that you upgrade your silc-toolkit/silc-client packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1895-1 xmltooling -- several
Debian GNU/Linux 5.0
xmltooling
Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth: Chris Ries discovered that decoding a crafted URL leads to a crash. Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignores key usage constraints. This minor issue also needs a correction in the opensaml2 packages, which will be provided in an upcoming stable point release. For the stable distribution, these problems have been fixed in version 1.0-2+lenny1. For the unstable distribution, these problems have been fixed in version 1.2.2-1. We recommend that you upgrade your xmltooling packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1886-1 iceweasel -- several
Debian GNU/Linux 5.0
iceweasel
Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3079 "moz_bug_r_a4" discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. CVE-2009-1310 Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface. For the stable distribution, these problems have been fixed in version 3.0.6-3. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 3.0.14-1. For the experimental distribution, these problems have been fixed in version 3.5.3-1. We recommend that you upgrade your iceweasel packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1878-2 devscripts -- missing input sanitation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
devscripts
This update corrects regressions introduced by the devscripts security update, DSA-1878-1. The original announcement was: Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible. For the old stable distribution, this problem has been fixed in version 2.9.26etch5. For the stable distribution, this problem has been fixed in version 2.10.35lenny7. For the unstable distribution, this problem will be fixed in version 2.10.55. We recommend that you upgrade your devscripts package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1931-1 nspr -- several
Debian GNU/Linux 5.0
nspr
Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1563 A programming error in the string handling code may lead to the execution of arbitrary code. CVE-2009-2463 An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. The old stable distribution doesn’t contain nspr. For the stable distribution, these problems have been fixed in version 4.7.1-5. For the unstable distribution these problems have been fixed in version 4.8.2-1. We recommend that you upgrade your NSPR packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1866-1 kdegraphics -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
kdegraphics
Two security issues have been discovered in kdegraphics, the graphics apps from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0945 It was discovered that the KSVG animation element implementation suffers from a null pointer dereference flaw, which could lead to the execution of arbitrary code. CVE-2009-1709 It was discovered that the KSVG animation element implementation is prone to a use-after-free flaw, which could lead to the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 4:3.5.9-3+lenny2. For the oldstable distribution, these problems have been fixed in version 4:3.5.5-3etch4. For the testing distribution and the unstable distribution , these problems have been fixed in version 4:4.0. We recommend that you upgrade your kdegraphics packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1803-1 nsd, nsd3 -- buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
nsd
nsd3
Ilja van Sprundel discovered that a buffer overflow in NSD, an authoritative name service daemon, allowed to crash the server by sending a crafted packet, creating a denial of service. For the old stable distribution, this problem has been fixed in version 2.3.6-1+etch1 of the nsd package. For the stable distribution, this problem has been fixed in version 2.3.7-1.1+lenny1 of the nsd package and version 3.0.7-3.lenny2 of the nsd3 package. For the unstable distribution, this problem has been fixed in version 2.3.7-3 for nsd; nsd3 will be fixed soon. We recommend that you upgrade your nsd or nsd3 package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1745-2 lcms -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
lcms
This update fixes a possible regression introduced in DSA-1745-1 and also enhances the security patch. For reference the original advisory text is below. Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities andi Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny2. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch3. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2038-3 pidgin -- several
Debian GNU/Linux 5.0
pidgin
The packages for Pidgin released as DSA 2038-2 had a regression, as they unintentionally disabled the Silc, Simple, and Yahoo instant messaging protocols. This update restores that functionality. For reference the original advisory text below. Several remote vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0420 Crafted nicknames in the XMPP protocol can crash Pidgin remotely. CVE-2010-0423 Remote contacts may send too many custom smilies, crashing Pidgin. Since a few months, Microsoft’s servers for MSN have changed the protocol, making Pidgin non-functional for use with MSN. It is not feasible to port these changes to the version of Pidgin in Debian Lenny. This update formalises that situation by disabling the protocol in the client. Users of the MSN protocol are advised to use the version of Pidgin in the repositories of www.backports.org. For the stable distribution, these problems have been fixed in version 2.4.3-4lenny8. For the unstable distribution, these problems have been fixed in version 2.6.6-1. We recommend that you upgrade your pidgin package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1915-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2053-1 linux-2.6 -- privilege escalation/denial of service/information leak
Debian GNU/Linux 5.0
linux-2.6
CVE-2009-4537 Fabian Yamaguchi reported a missing check for Ethernet frames larger than the MTU in the r8169 driver. This may allow users on the local network to crash a system, resulting in a denial of service. CVE-2010-0727 Sachin Prabhu reported an issue in the GFS2 filesystem. Local users can trigger a BUG altering the permissions on a locked file, resulting in a denial of service. CVE-2010-1083 Linus Torvalds reported an issue in the USB subsystem, which may allow local users to obtain portions of sensitive kernel memory. CVE-2010-1084 Neil Brown reported an issue in the Bluetooth subsystem that may permit remote attackers to overwrite memory through the creation of large numbers of sockets, resulting in a denial of service. CVE-2010-1086 Ang Way Chuang reported an issue in the DVB subsystem for Digital TV adapters. By creating a specially-encoded MPEG2-TS frame, a remote attacker could cause the receiver to enter an endless loop, resulting in a denial of service. CVE-2010-1087 Trond Myklebust reported an issue in the NFS filesystem. A local user may cause an oops by sending a fatal signal during a file truncation operation, resulting in a denial of service. CVE-2010-1088 Al Viro reported an issue where automount symlinks may not be followed when LOOKUP_FOLLOW is not set. This has an unknown security impact. CVE-2010-1162 Catalin Marinas reported an issue in the tty subsystem that allows local attackers to cause a kernel memory leak, possibly resulting in a denial of service. CVE-2010-1173 Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from Codenomicon Ltd reported an issue in the SCTP subsystem that allows a remote attacker to cause a denial of service using a malformed init package. CVE-2010-1187 Neil Hormon reported an issue in the TIPC subsystem. Local users can cause a denial of service by way of a NULL pointer dereference by sending datagrams through AF_TIPC before entering network mode. CVE-2010-1437 Toshiyuki Okajima reported a race condition in the keyring subsystem. Local users can cause memory corruption via keyctl commands that access a keyring in the process of being deleted, resulting in a denial of service. CVE-2010-1446 Wufei reported an issue with kgdb on the PowerPC architecture, allowing local users to write to kernel memory. Note: this issue does not affect binary kernels provided by Debian. The fix is provided for the benefit of users who build their own kernels from Debian source. CVE-2010-1451 Brad Spengler reported an issue on the SPARC architecture that allows local users to execute non-executable pages. This update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details. For the stable distribution, these problems have been fixed in version 2.6.26-22lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+22lenny1
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1937-1 gforge -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gforge
It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. For the stable distribution, these problem have been fixed in version 4.7~rc2-7lenny2. The oldstable distribution, these problems have been fixed in version 4.5.14-22etch12. For the testing distribution and the unstable distribution, these problems have been fixed in version 4.8.1-3. We recommend that you upgrade your gforge packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1851-1 gst-plugins-bad0.10 -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gst-plugins-bad0.10
It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name. For the stable distribution, this problem has been fixed in version 0.10.7-2+lenny2. For the oldstable distribution, this problem has been fixed in version 0.10.3-3.1+etch3. For the testing distribution and the unstable distribution , gst-plugins-bad0.10 links against libmodplug. We recommend that you upgrade your gst-plugins-bad0.10 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2074-1 ncompress -- integer underflow
Debian GNU/Linux 5.0
ncompress
Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution, this problem has been fixed in version 4.2.4.2-1+lenny1. For the testing and unstable distribution, this problem has been fixed in version 4.2.4.3-1. We recommend that you upgrade your ncompress package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1904-1 wget -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
wget
Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using http and ftp, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field. For the oldstable distribution, this problem has been fixed in version 1.10.2-2+etch1. For the stable distribution, this problem has been fixed in version 1.11.4-2+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.12-1. We recommend that you upgrade your wget packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1738-1 curl -- arbitrary file access
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
curl
David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to expose local files, overwrite local files or even execute arbitrary code via a malicious URL redirect. This update introduces a new option called CURLOPT_REDIR_PROTOCOLS which by default does not include the scp and file protocol handlers. For the oldstable distribution this problem has been fixed in version 7.15.5-1etch2. For the stable distribution this problem has been fixed in version 7.18.2-8lenny2. For the unstable distribution this problem has been fixed in version 7.18.2-8.1. We recommend that you upgrade your curl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1899-1 strongswan -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
strongswan
Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1957 CVE-2009-1958 The charon daemon can crash when processing certain crafted IKEv2 packets. CVE-2009-2185 CVE-2009-2661 The pluto daemon could crash when processing a crafted X.509 certificate. For the old stable distribution, these problems have been fixed in version 2.8.0+dfsg-1+etch2. For the stable distribution, these problems have been fixed in version 4.2.4-5+lenny3. For the unstable distribution, these problems have been fixed in version 4.3.2-1.1. We recommend that you upgrade your strongswan packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1758-1 nss-ldapd -- insecure config file creation
Debian GNU/Linux 5.0
nss-ldapd
Leigh James that discovered that nss-ldapd, an NSS module for using LDAP as a naming service, by default creates the configuration file /etc/nss-ldapd.conf world-readable which could leak the configured LDAP password if one is used for connecting to the LDAP server. The old stable distribution doesn’t contain nss-ldapd. For the stable distribution this problem has been fixed in version 0.6.7.1. For the unstable distribution this problem has been fixed in version 0.6.8. We recommend that you upgrade your nss-ldapd package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1969-1 krb5 -- integer underflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
krb5
It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution. For the old stable distribution, this problem has been fixed in version 1.4.4-7etch8. For the stable distribution, this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.8+dfsg~alpha1-1. We recommend that you upgrade your krb5 package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1802-2 squirrelmail -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
squirrelmail
Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete. This update corrects the fix for that function. For the old stable distribution, this problem has been fixed in version 1.4.9a-5. For the stable distribution, this problem has been fixed in version 1.4.15-4+lenny2. For the unstable distribution, this problem has been fixed in version 1.4.19-1 We recommend that you upgrade your squirrelmail package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2030-1 mahara -- sql injection
Debian GNU/Linux 5.0
mahara
It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names. For the stable distribution, this problem has been fixed in version 1.0.4-4+lenny5. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.2.4-1. We recommend that you upgrade your mahara packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1914-1 mapserver -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
mapserver
Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0843 Missing input validation on a user supplied map queryfile name can be used by an attacker to check for the existence of a specific file by using the queryfile GET parameter and checking for differences in error messages. CVE-2009-0842 A lack of file type verification when parsing a map file can lead to partial disclosure of content from arbitrary files through parser error messages. CVE-2009-0841 Due to missing input validation when saving map files under certain conditions it is possible to perform directory traversal attacks and to create arbitrary files. NOTE: Unless the attacker is able to create directories in the image path or there is already a readable directory this doesn’t affect installations on Linux as the fopen syscall will fail in case a sub path is not readable. CVE-2009-0839 It was discovered that mapserver is vulnerable to a stack-based buffer overflow when processing certain GET parameters. An attacker can use this to execute arbitrary code on the server via crafted id parameters. CVE-2009-0840 An integer overflow leading to a heap-based buffer overflow when processing the Content-Length header of an HTTP request can be used by an attacker to execute arbitrary code via crafted POST requests containing negative Content-Length values. CVE-2009-2281 An integer overflow when processing HTTP requests can lead to a heap-based buffer overflow. An attacker can use this to execute arbitrary code either via crafted Content-Length values or large HTTP request. This is partly because of an incomplete fix for CVE-2009-0840. For the oldstable distribution, this problem has been fixed in version 4.10.0-5.1+etch4. For the stable distribution, this problem has been fixed in version 5.0.3-3+lenny4. For the testing distribution, this problem has been fixed in version 5.4.2-1. For the unstable distribution, this problem has been fixed in version 5.4.2-1. We recommend that you upgrade your mapserver packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1815-1 libtorrent-rasterbar -- programming error
Debian GNU/Linux 5.0
libtorrent-rasterbar
It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files. The old stable distribution doesn’t include libtorrent-rasterbar. For the stable distribution, this problem has been fixed in version 0.13.1-2+lenny1. For the unstable distribution, this problem has been fixed in version 0.14.4-1. We recommend that you upgrade your libtorrent-rasterbar package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2069-1 znc -- denial of service
Debian GNU/Linux 5.0
znc
It was discovered that znc, an IRC bouncer, is vulnerable to denial of service attacks via a NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection. For the stable distribution, the problem has been fixed in version 0.058-2+lenny4. For the testing distribution and the unstable distribution, the problem has been fixed in version 0.090-2. We recommend that you upgrade your znc packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1777-1 git-core -- file permission error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
git-core
Peter Palfrader discovered that in the Git revision control system, on some architectures files under /usr/share/git-core/templates/ were owned by a non-root user. This allows a user with that uid on the local system to write to these files and possibly escalate their privileges. This issue only affects the DEC Alpha and MIPS architectures. For the old stable distribution, this problem has been fixed in version 1.4.4.4-4+etch2. For the stable distribution, this problem has been fixed in version 1.5.6.5-3+lenny1. For the unstable distribution, this problem has been fixed in version 1.6.2.1-1. We recommend that you upgrade your git-core package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1862-1 linux-2.6 -- privilege escalation
Debian GNU/Linux 5.0
linux-2.6
A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem: CVE-2009-2692 Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialised in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges. For the stable distribution, this problem has been fixed in version 2.6.26-17lenny2. For the oldstable distribution, this problem will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1919-2 smarty -- several
Debian GNU/Linux 5.0
smarty
A regression was found in the patch applied in DSA 1919-1 to smarty, which caused compilation failures on some specific templates. This update corrects the fix. For reference, the full advisory text below. Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. CVE-2009-1669 The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. For the stable distribution, this problem has been fixed in version 2.6.20-1.3. The testing and unstable distribution are not affected by this regression. We recommend that you upgrade your smarty package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2033-1 ejabberd -- heap overflow
Debian GNU/Linux 5.0
ejabberd
It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2s.erl allows remote authenticated users to cause a denial of service by sending a large number of c2s messages; that triggers an overload of the queue, which in turn causes a crash of the ejabberd daemon. For the stable distribution, this problem has been fixed in version 2.0.1-6+lenny2. For the testing distribution, this problem has been fixed in version 2.1.2-2. For the testing distribution, this problem has been fixed in version 2.1.2-2. We recommend that you upgrade your ejabberd packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2002-1 polipo -- denial of service
Debian GNU/Linux 5.0
polipo
Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3305 A malicious remote sever could cause polipo to crash by sending an invalid Cache-Control header. CVE-2009-4143 A malicious client could cause polipo to crash by sending a large Content-Length value. This upgrade also fixes some other bugs that could lead to a daemon crash or an infinite loop and may be triggerable remotely. For the stable distribution, these problems have been fixed in version 1.0.4-1+lenny1. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.0.4-3. We recommend that you upgrade your polipo packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1951-1 firefox-sage -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
firefox-sage
It was discovered that firefox-sage, a lightweight RSS and Atom feed reader for Firefox, does not sanitise the RSS feed information correctly, which makes it prone to a cross-site scripting and a cross-domain scripting attack. For the stable distribution, this problem has been fixed in version 1.4.2-0.1+lenny1. For the oldstable distribution, this problem has been fixed in version 1.3.6-4etch1. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.4.3-3. We recommend that you upgrade your firefox-sage packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2063-1 pmount -- insecure temporary file
Debian GNU/Linux 5.0
pmount
Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack. For the stable distribution, this problem has been fixed in version 0.9.18-2+lenny1 For the unstable distribution, this problem has been fixed in version 0.9.23-1, and will migrate to the testing distribution shortly. We recommend that you upgrade your pmount package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1760-1 openswan -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openswan
Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4190 Dmitry E. Oboukhov discovered that the livetest tool is using temporary files insecurely, which could lead to a denial of service attack. CVE-2009-0790 Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone to a denial of service attack via a malicious packet. For the stable distribution, this problem has been fixed in version 1:2.4.12+dfsg-1.3+lenny1. For the oldstable distribution, this problem has been fixed in version 1:2.4.6+dfsg.2-1.1+etch1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your openswan packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1792-1 drupal6 -- multiple
Debian GNU/Linux 5.0
drupal6
Multiple vulnerabilities have been discovered in drupal, a web content management system. pod.Edge discovered a cross-site scripting vulnerability due that can be triggered when some browsers interpret UTF-8 strings as UTF-7 if they appear before the generated HTML document defines its Content-Type. This allows a malicious user to execute arbitrary javascript in the context of the web site if they’re allowed to post content. Moritz Naumann discovered an information disclosure vulnerability. If a user is tricked into visiting the site via a specially crafted URL and then submits a form from that page, the information in their form submission may be directed to a third-party site determined by the URL and thus disclosed to the third party. The third party site may then execute a cross-site request forgery attack against the submitted form. For the stable distribution, these problems have been fixed in version 6.6-3lenny1. The old stable distribution does not contain drupal and is not affected. For the unstable distribution, these problems have been fixed in version 6.11-1 We recommend that you upgrade your drupal6 package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1843-1 squid3 -- several
Debian GNU/Linux 5.0
squid3
It was discovered that squid3, a high-performance proxy caching server for web clients, is prone to several denial of service attacks. Due to incorrect bounds checking and insufficient validation while processing response and request data an attacker is able to crash the squid daemon via crafted requests or responses. The squid package in the oldstable distribution is not affected by this problem. For the stable distribution, this problem has been fixed in version 3.0.STABLE8-3+lenny1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your squid3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1860-1 ruby1.8, ruby1.9 -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ruby1.8
ruby1.9
Several vulnerabilities have been discovered in Ruby. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0642 The return value from the OCSP_basic_verify function was not checked properly, allowing continued use of a revoked certificate. CVE-2009-1904 An issue in parsing BigDecimal numbers can result in a denial-of-service condition. The following matrix identifies fixed versions: ruby1.8 ruby1.9 oldstable 1.8.5-4etch5 1.9.0+20060609-1etch5 stable 1.8.7.72-3lenny1 1.9.0.2-9lenny1 unstable 1.8.7.173-1 We recommend that you upgrade your Ruby packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1814-1 libsndfile -- heap-based buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libsndfile
Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data. The Common Vulnerabilities and Exposures project identified the following problems: Tobias Klein discovered that the VOC parsing routines suffer of a heap-based buffer overflow which can be triggered by an attacker via a crafted VOC header. The vendor discovered that the AIFF parsing routines suffer of a heap-based buffer overflow similar to CVE-2009-1788 which can be triggered by an attacker via a crafted AIFF header. In both cases the overflowing data is not completely attacker controlled but still leads to application crashes or under some circumstances might still lead to arbitrary code execution. For the oldstable distribution, this problem has been fixed in version 1.0.16-2+etch2. For the stable distribution, this problem has been fixed in version 1.0.17-4+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.0.20-1. We recommend that you upgrade your libsndfile packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1845-1 linux-2.6 -- denial of service, privilege escalation
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1895 Julien Tinnes and Tavis Ormandy reported an issue in the Linux personality code. Local users can take advantage of a setuid binary that can either be made to dereference a NULL pointer or drop privileges and return control to the user. This allows a user to bypass mmap_min_addr restrictions which can be exploited to execute arbitrary code. CVE-2009-2287 Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service by providing an invalid cr3 value to the KVM_SET_SREGS call. CVE-2009-2406 CVE-2009-2407 Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility. A local user with permissions to perform an eCryptfs mount may modify the contents of a eCryptfs file, overflowing the stack and potentially gaining elevated privileges. For the stable distribution, these problems have been fixed in version 2.6.26-17lenny1. For the oldstable distribution, these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2058-1 glibc, eglibc -- multiple
Debian GNU/Linux 5.0
glibc
eglibc
Several vulnerabilities have been discovered in the GNU C Library and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. For the stable distribution, these problems have been fixed in version 2.7-18lenny4 of the glibc package. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.1.11-1 of the eglibc package. We recommend that you upgrade your glibc or eglibc packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2045-1 libtheora -- integer overflow
Debian GNU/Linux 5.0
libtheora
Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service, and possibly arbitrary code execution. For the stable distribution, this problem has been fixed in version 1.0~beta3-1+lenny1. For the testing distribution, this problem has been fixed in version 1.1.0-1. For the testing distribution, this problem has been fixed in version 1.1.0-1. We recommend that you upgrade your libtheora packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1728-1 dkim-milter -- improper assertion
Debian GNU/Linux 5.0
dkim-milter
It was discovered that dkim-milter, an implementation of the DomainKeys Identified Mail protocol, may crash during DKIM verification if it encounters a specially-crafted or revoked public key record in DNS. The old stable distribution does not contain dkim-milter packages. For the stable distribution, this problem has been fixed in version 2.6.0.dfsg-1+lenny1. For the unstable distribution, this problem has been fixed in version 2.6.0.dfsg-2. We recommend that you upgrade your dkim-milter packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1933-1 cups -- missing input sanitising
Debian GNU/Linux 5.0
cups
Aaron Siegel discovered that the web interface of cups, the Common UNIX Printing System, is prone to cross-site scripting attacks. For the stable distribution, this problem has been fixed in version 1.3.8-1+lenny7. For the oldstable distribution, this problem has been fixed in version 1.2.7-4+etch9. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your cups packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1798-1 pango1.0 -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
pango1.0
Will Drewry discovered that pango, a system for layout and rendering of internationalised text, is prone to an integer overflow via long glyphstrings. This could cause the execution of arbitrary code when displaying crafted data through an application using the pango library. For the stable distribution, this problem has been fixed in version 1.20.5-3+lenny1. For the oldstable distribution, this problem has been fixed in version 1.14.8-5+etch1. For the testing distribution and the unstable distribution , this problem has been fixed in version 1.24-1. We recommend that you upgrade your pango1.0 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1940-1 php5 -- multiple issues
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
php5
Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: The following issues have been fixed in both the stable and the oldstable distributions: CVE-2009-2687 CVE-2009-3292 The exif module did not properly handle malformed jpeg files, allowing an attacker to cause a segfault, resulting in a denial of service. CVE-2009-3291 The php_openssl_apply_verification_policy function did not properly perform certificate validation. No CVE id yet Bogdan Calin discovered that a remote attacker could cause a denial of service by uploading a large number of files in using multipart/ form-data requests, causing the creation of a large number of temporary files. To address this issue, the max_file_uploads option introduced in PHP 5.3.1 has been backported. This option limits the maximum number of files uploaded per request. The default value for this new option is 50. See NEWS.Debian for more information. The following issue has been fixed in the stable distribution: CVE-2009-2626 A flaw in the ini_restore function could lead to a memory disclosure, possibly leading to the disclosure of sensitive data. In the oldstable distribution, this update also fixes a regression introduced by the fix for CVE-2008-5658 in DSA-1789-1. For the stable distribution, these problems have been fixed in version 5.2.6.dfsg.1-1+lenny4. The oldstable distribution, these problems have been fixed in version 5.2.0+dfsg-8+etch16. For the testing distribution and the unstable distribution , these problems will be fixed in version 5.2.11.dfsg.1-2. We recommend that you upgrade your php5 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2027-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0174 Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-0175 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0176 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0177 It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code. CVE-2010-0178 Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation. CVE-2010-0179 It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.19-1. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1725-1 websvn -- programming error
Debian GNU/Linux 5.0
websvn
Bas van Schaik discovered that WebSVN, a tool to view Subversion repositories over the web, did not properly restrict access to private repositories, allowing a remote attacker to read significant parts of their content. The old stable distribution is not affected by this problem. For the stable distribution, this problem has been fixed in version 2.0-4+lenny1. For the unstable distribution, this problem has also been fixed in version 2.0-4+lenny1. We recommend that you upgrade your websvn package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1954-1 cacti -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
cacti
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1773-1 cups -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
cups
It was discovered that the imagetops filter in cups, the Common UNIX Printing System, is prone to an integer overflow when reading malicious TIFF images. For the stable distribution, this problem has been fixed in version 1.3.8-1lenny5. For the oldstable distribution, this problem has been fixed in version 1.2.7-4etch7. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your cups packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2032-1 libpng -- several
Debian GNU/Linux 5.0
libpng
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2042 libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialised bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. CVE-2010-0205 libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service via a crafted PNG file For the stable distribution, these problems have been fixed in version 1.2.27-2+lenny3. For the testing and unstable distribution, these problems have been fixed in version 1.2.43-1 We recommend that you upgrade your libpng package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2044-1 mplayer -- integer overflow
Debian GNU/Linux 5.0
mplayer
tixxDZ discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer’s real data transport implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code. No Common Vulnerabilities and Exposures project identifier is available for this issue. For the stable distribution , this problem has been fixed in version 1:1.0~rc2-17+lenny3.2. We recommend that you upgrade your mplayer packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1818-1 gforge -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gforge
Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to conduct cross-site scripting attacks. For the stable distribution, these problem have been fixed in version 4.7~rc2-7lenny1. The oldstable distribution, these problems have been fixed in version 4.5.14-22etch11. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 4.7.3-2. We recommend that you upgrade your gforge packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1749-1 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service. CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service by reading 0 byts from a sysfs entry. CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service during a resize operation. CVE-2009-0746 Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service when accessing a specially crafted corrupt filesystem. CVE-2009-0747 David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service when mounting a specially crafted corrupt filesystem. CVE-2009-0748 David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service when mounting a specially crafted corrupt filesystem. For the stable distribution, these problems have been fixed in version 2.6.26-13lenny2. For the oldstable distribution, these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1912-2 advi -- integer overflow
Debian GNU/Linux 5.0
advi
Due to the fact that advi, an active DVI previewer and presenter, statically links against camlimages it was neccessary to rebuilt it in order to incorporate the latest security fixes for camlimages, which could lead to integer overflows via specially crafted TIFF files or GIFF and JPEG images. For the stable distribution, these problems have been fixed in version 1.6.0-13+lenny2. Due to a bug in the archive system, the fix for the oldstable distribution cannot be released at the same time. These problems will be fixed in version 1.6.0-12+etch2, once it is available. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.6.0-14+b1. We recommend that you upgrade your advi package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1736-1 mahara -- insufficient input sanitising
Debian GNU/Linux 5.0
mahara
It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting attacks, which allows the injection of arbitrary Java or HTML code. For the stable distribution, this problem has been fixed in version 1.0.4-4+lenny1. The oldstable distribution does not contain mahara. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your mahara package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2038-2 pidgin -- several
Debian GNU/Linux 5.0
pidgin
The packages for Pidgin released as DSA 2038-1 had a regression, as they unintentionally disabled the Zephyr instant messaging protocol. This update restores Zephyr functionality. For reference the original advisory text below. Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0420 Crafted nicknames in the XMPP protocol can crash Pidgin remotely. CVE-2010-0423 Remote contacts may send too many custom smilies, crashing Pidgin. Since a few months, Microsoft’s servers for MSN have changed the protocol, making Pidgin non-functional for use with MSN. It is not feasible to port these changes to the version of Pidgin in Debian Lenny. This update formalises that situation by disabling the protocol in the client. Users of the MSN protocol are advised to use the version of Pidgin in the repositories of www.backports.org. For the stable distribution, these problems have been fixed in version 2.4.3-4lenny7. For the unstable distribution, these problems have been fixed in version 2.6.6-1. We recommend that you upgrade your pidgin package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2023-1 curl -- buffer overflow
Debian GNU/Linux 5.0
curl
Wesley Miaw discovered that libcurl, a multi-protocol file transfer library, is prone to a buffer overflow via the callback function when an application relies on libcurl to automatically uncompress data. Note that this only affects applications that trust libcurl’s maximum limit for a fixed buffer size and do not perform any sanity checks themselves. For the stable distribution, this problem has been fixed in version 7.18.2-8lenny4. Due to a problem with the archive software, we are unable to release all architectures simultaneously. Binaries for the hppa, ia64, mips, mipsel and s390 architectures will be provided once they are available. For the testing distribution and the unstable distribution, this problem has been fixed in version 7.20.0-1. We recommend that you upgrade your curl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2041-1 mediawiki -- CSRF
Debian GNU/Linux 5.0
mediawiki
It was discovered that mediawiki, a website engine for collaborative work, is vulnerable to a Cross-Site Request Forgery login attack, which could be used to conduct phishing or similar attacks to users via affected mediawiki installations. Note that the fix used breaks the login API and may require clients using it to be updated. For the stable distribution, this problem has been fixed in version 1:1.12.0-2lenny5. For the testing distribution and the unstable distribution , this problem has been fixed in version 1:1.15.3-1. We recommend that you upgrade your mediawiki packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1776-1 slurm-llnl -- programming error
Debian GNU/Linux 5.0
slurm-llnl
It was discovered that the Simple Linux Utility for Resource Management, a cluster job management and scheduling system, did not drop the supplemental groups. These groups may be system groups with elevated privileges, which may allow a valid SLURM user to gain elevated privileges. The old stable distribution does not contain a slurm-llnl package. For the stable distribution, this problem has been fixed in version 1.3.6-1lenny3. For the unstable distribution, this problem has been fixed in version 1.3.15-1. We recommend that you upgrade your slurm-llnl package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1869-1 curl -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
curl
It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field. For the oldstable distribution, this problem has been fixed in version 7.15.5-1etch3. For the stable distribution, this problem has been fixed in version 7.18.2-8lenny3. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your curl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2066-1 wireshark -- several
Debian GNU/Linux 5.0
wireshark
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer. It was discovered that null pointer dereferences, buffer overflows and infinite loops in the SMB, SMB PIPE, ASN1.1 and SigComp dissectors could lead to denial of service or the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.0.2-3+lenny9. For the upcoming stable distribution and the unstable distribution, these problems have been fixed in version 1.2.9-1. We recommend that you upgrade your wireshark packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1882-1 xapian-omega -- missing input sanitisation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
xapian-omega
It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website. For the oldstable distribution, this problem has been fixed in version 0.9.9-1+etch1. For the stable distribution, this problem has been fixed in version 1.0.7-3+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your xapian-omega packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1769-1 openjdk-6 -- several
Debian GNU/Linux 5.0
openjdk-6
Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition, heap-based buffer overflows, potentially allowing arbitrary code execution, and a null-pointer dereference, leading to denial of service. The LDAP server implementation did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless. For the stable distribution, these problems have been fixed in version 9.1+lenny2. We recommend that you upgrade your openjdk-6 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1921-1 expat -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
expat
Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch1. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your expat packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2037-1 kdm (kdebase) -- race condition
Debian GNU/Linux 5.0
kdm (kdebase)
Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment’s KDM display manager, allow a local user to elevate privileges to root. For the stable distribution, this problem has been fixed in version 4:3.5.9.dfsg.1-6+lenny1. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your kdm package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1801-1 ntp -- buffer overflows
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ntp
Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0159 A buffer overflow in ntpq allow a remote NTP server to create a denial of service attack or to execute arbitrary code via a crafted response. CVE-2009-1252 A buffer overflow in ntpd allows a remote attacker to create a denial of service attack or to execute arbitrary code when the autokey functionality is enabled. For the old stable distribution, these problems have been fixed in version 4.2.2.p4+dfsg-2etch3. For the stable distribution, these problems have been fixed in version 4.2.4p4+dfsg-8lenny2. The unstable distribution will be fixed soon. We recommend that you upgrade your ntp package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2001-1 php5 -- multiple
Debian GNU/Linux 5.0
php5
Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4142 The htmlspecialchars function does not properly handle invalid multi-byte sequences. CVE-2009-4143 Memory corruption via session interruption. In the stable distribution, this update also includes bug fixes that were to be included in a stable point release as version 5.2.6.dfsg.1-1+lenny5. For the stable distribution, these problems have been fixed in version 5.2.6.dfsg.1-1+lenny6. For the testing distribution and the unstable distribution, these problems have been fixed in version 5.2.12.dfsg.1-1. We recommend that you upgrade your php5 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2073-1 mlmmj -- insufficient input sanitising
Debian GNU/Linux 5.0
mlmmj
Florian Streibelt reported a a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users" requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and / or delete arbitrary files. For the stable distribution, these problems have been fixed in version 1.2.15-1.1+lenny1. For the unstable distribution, these problems have been fixed in version 1.2.17-1.1. We recommend that you upgrade your mlmmj package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1796-1 libwmf -- pointer use-after-free
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libwmf
Tavis Ormandy discovered that the embedded GD library copy in libwmf, a library to parse windows metafiles, makes use of a pointer after it was already freed. An attacker using a crafted WMF file can cause a denial of service or possibly the execute arbitrary code via applications using this library. For the oldstable distribution, this problem has been fixed in version 0.2.8.4-2+etch1. For the stable distribution, this problem has been fixed in version 0.2.8.4-6+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.2.8.4-6.1. We recommend that you upgrade your libwmf packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1739-1 mldonkey -- path traversal
Debian GNU/Linux 5.0
mldonkey
It has been discovered that mldonkey, a client for several P2P networks, allows attackers to download arbitrary files using crafted requests to the HTTP console. For the stable distribution, this problem has been fixed in version 2.9.5-2+lenny1. For the unstable distribution, this problem will be fixed soon. The old stable distribution is not affected by this problem. We recommend that you upgrade your mldonkey packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1837-1 dbus -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
dbus
It was discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for DSA-1658-1. For the stable distribution, this problem has been fixed in version 1.2.1-5+lenny1. For the oldstable distribution, this problem has been fixed in version 1.0.2-1+etch3. Packages for ia64 and s390 will be released once they are available. For the testing distribution and the unstable distribution , this problem has been fixed in version 1.2.14-1. We recommend that you upgrade your dbus packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2008-1 typo3-src -- several
Debian GNU/Linux 5.0
typo3-src
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. For the upcoming stable distribution and the unstable distribution , these problems have been fixed in version 4.3.2-1. We recommend that you upgrade your typo3-src package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1924-1 mahara -- several vulnerabilities
Debian GNU/Linux 5.0
mahara
Two vulnerabilities have been discovered in, an electronic portfolio, weblog, and resume builder. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3298 Ruslan Kabalin discovered a issue with resetting passwords, which could lead to a privilege escalation of an institutional administrator account. CVE-2009-3299 Sven Vetsch discovered a cross-site scripting vulnerability via the resume fields. For the stable distribution, these problems have been fixed in version 1.0.4-4+lenny4. The oldstable distribution does not contain mahara. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your mahara packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1932-1 pidgin -- programming error
Debian GNU/Linux 5.0
pidgin
It was discovered that incorrect pointer handling in the purple library, an internal component of the multi-protocol instant messaging client Pidgin, could lead to denial of service or the execution of arbitrary code through malformed contact requests. For the stable distribution, this problem has been fixed in version 2.4.3-4lenny5. For the unstable distribution, this problem has been fixed in version 2.6.3-1. We recommend that you upgrade your pidgin package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1863-1 zope2.10/zope2.9 -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
zope2.10/zope2.9
Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identified the following problems: Due to a programming error an authorisation method in the StorageServer component of ZEO was not used as an internal method. This allows a malicious client to bypass authentication when connecting to a ZEO server by simply calling this authorisation method. The ZEO server doesn’t restrict the callables when unpickling data received from a malicious client which can be used by an attacker to execute arbitrary python code on the server by sending certain exception pickles. This also allows an attacker to import any importable module as ZEO is importing the module containing a callable specified in a pickle to test for a certain flag. The update also limits the number of new object ids a client can request to 100 as it would be possible to consume huge amounts of resources by requesting a big batch of new object ids. No CVE id has been assigned to this. The oldstable distribution, this problem has been fixed in version 2.9.6-4etch2 of zope2.9. For the stable distribution, this problem has been fixed in version 2.10.6-1+lenny1 of zope2.10. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.10.9-1 of zope2.10. We recommend that you upgrade your zope2.10/zope2.9 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1987-1 lighttpd -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
lighttpd
Li Ming discovered that lighttpd, a small and fast webserver with minimal memory footprint, is vulnerable to a denial of service attack due to bad memory handling. Slowly sending very small chunks of request data causes lighttpd to allocate new buffers for each read instead of appending to old ones. An attacker can abuse this behaviour to cause denial of service conditions due to memory exhaustion. For the oldstable distribution, this problem has been fixed in version 1.4.13-4etch12. For the stable distribution, this problem has been fixed in version 1.4.19-5+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your lighttpd packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1823-1 samba -- several
Debian GNU/Linux 5.0
samba
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1886 The smbclient utility contains a format string vulnerability where commands dealing with file names treat user input as format strings to asprintf. CVE-2009-1888 In the smbd daemon, if a user is trying to modify an access control list and is denied permission, this deny may be overridden if the parameter "dos filemode" is set to "yes" in the smb.conf and the user already has write access to the file. The old stable distribution is not affected by these problems. For the stable distribution, these problems have been fixed in version 2:3.2.5-4lenny6. The unstable distribution, which is only affected by CVE-2009-1888, will be fixed soon. We recommend that you upgrade your samba package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1797-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0652 Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks. CVE-2009-1302 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the in the layout engine, which might allow the execution of arbitrary code. CVE-2009-1303 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the in the layout engine, which might allow the execution of arbitrary code. CVE-2009-1304 Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-1305 Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-1306 Daniel Veditz discovered that the Content-Disposition: header is ignored within the jar: URI scheme. CVE-2009-1307 Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions. CVE-2009-1308 Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings. CVE-2009-1309 "moz_bug_r_a4" discovered bypasses of the same-origin policy in the XMLHttpRequest Javascript API and the XPCNativeWrapper. CVE-2009-1311 Paolo Amadini discovered that incorrect handling of POST data when saving a web site with an embedded frame may lead to information disclosure. CVE-2009-1312 It was discovered that Iceweasel allows Refresh: headers to redirect to Javascript URIs, resulting in cross-site scripting. For the stable distribution, these problems have been fixed in version 1.9.0.9-0lenny2. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.9-1. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1927-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3228 Eric Dumazet reported an instance of uninitialised kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. CVE-2009-3238 Linus Torvalds provided a change to the get_random_int function to increase its randomness. CVE-2009-3547 Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. CVE-2009-3612 Jiri Pirko discovered a typo in the initialisation of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. CVE-2009-3620 Ben Hutchings discovered an issue in the DRM manager for ATI Rage 128 graphics adapters. Local users may be able to exploit this vulnerability to cause a denial of service. CVE-2009-3621 Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service. CVE-2009-3638 David Wagner reported an overflow in the KVM subsystem on i386 systems. This issue is exploitable by local users with access to the /dev/kvm device file. For the stable distribution, this problem has been fixed in version 2.6.26-19lenny2. For the oldstable distribution, these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+19lenny2
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1767-1 multipath-tools -- insecure file permissions
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
multipath-tools
It was discovered that multipathd of multipath-tools, a tool-chain to manage disk multipath device maps, uses insecure permissions on its unix domain control socket which enables local attackers to issue commands to multipathd prevent access to storage devices or corrupt file system data. For the oldstable distribution, this problem has been fixed in version 0.4.7-1.1etch2. For the stable distribution, this problem has been fixed in version 0.4.8-14+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.4.8-15. We recommend that you upgrade your multipath-tools packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1820-1 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1392 Several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. CVE-2009-1832 It is possible to execute arbitrary code via vectors involving "double frame construction." CVE-2009-1833 Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. CVE-2009-1834 Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. CVE-2009-1835 Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. CVE-2009-1837 Jakob Balle and Carsten Eiram reported a race condition in the NPObjWrapper_NewResolve function that can be used to execute arbitrary code. CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. CVE-2009-1839 Adam Barth and Collin Jackson reported a potential privilege escalation when loading a file::resource via the location bar. CVE-2009-1840 Wladimir Palant discovered that it is possible to bypass access restrictions due to a lack of content policy check, when loading a script file into a XUL document. CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object’s chrome privileges. For the stable distribution, these problems have been fixed in version 1.9.0.11-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 1.9.0.11-1. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1981-2 maildrop -- privilege escalation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
maildrop
The latest DSA for maildrop introduced two regressions. The maildrop program stopped working when invoked as a non-root user, such as with postfix. Also, the lenny version dropped a dependency on the courier-authlib package. For the stable distribution, this problem has been fixed in version 2.0.4-3+lenny3. For the oldstable distribution, this problem has been fixed in version 2.0.2-11+etch2. For the testing distribution this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.2.0-3.1. For reference, the original advisory text is below. Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. We recommend that you upgrade your maildrop packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1953-2 expat -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
expat
The expat updates released in DSA-1953-1 caused a regression: In some cases, expat would abort with the message "error in processing external entity reference". For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch3. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny3. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your expat packages. For reference, the original advisory text is provided below. Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1853-1 memcached -- heap-based buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
memcached
Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached. For the oldstable distribution, this problem has been fixed in version 1.1.12-1+etch1. For the stable distribution, this problem has been fixed in version 1.2.2-1+lenny1. For the testing and unstable distribution , this problem will be fixed soon. We recommend that you upgrade your memcached packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2011-1 dpkg -- path traversal
Debian GNU/Linux 5.0
dpkg
William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content. For the stable distribution, this problem has been fixed in version 1.14.29. For the testing and unstable distribution this problem will be fixed soon. We recommend that you upgrade your dpkg packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2029-1 imlib2 -- several
Debian GNU/Linux 5.0
imlib2
It was discovered that imlib2, a library to load and process several image formats, did not properly process various image file types. Several heap and stack based buffer overflows - partly due to integer overflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can lead to the execution of arbitrary code via crafted image files. For the stable distribution, this problem has been fixed in version 1.4.0-1.2+lenny1. For the testing distribution, this problem has been fixed in version 1.4.2-1. For the unstable distribution, this problem has been fixed in version 1.4.2-1.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1907-1 kvm -- several vulnerabilities
Debian GNU/Linux 5.0
kvm
Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5714 Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. CVE-2009-3290 It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service and read or write guest kernel memory. For the stable distribution, these problems have been fixed in version 72+dfsg-5~lenny3. The oldstable distribution does not contain kvm. For the testing distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 85+dfsg-4.1 We recommend that you upgrade your kvm packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1813-2 evolution-data-server -- Several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
evolution-data-server
The previous update introduced a regression that stopped encrypted and signed S/MIME messages to work properly. Also, there have been other regressions caused by the introduction of an undefined symbol. This update corrects these flaws. For reference the original advisory text is below. Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. CVE-2009-0547 Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. CVE-2009-0582 It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service. For the oldstable distribution, these problems have been fixed in version 1.6.3-5etch3. For the stable distribution, these problems have been fixed in version 2.22.3-1.1+lenny2. For the testing distribution and the unstable distribution , these problems have been fixed in version 2.26.1.1-1. We recommend that you upgrade your evolution-data-server packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2018-1 php5 -- DoS (crash)
Debian GNU/Linux 5.0
php5
Auke van Slooten discovered that PHP 5, an hypertext preprocessor, crashes when processing invalid XML-RPC requests. For the stable distribution, this problem has been fixed in version 5.2.6.dfsg.1-1+lenny8. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 5.3.2-1. We recommend that you upgrade your php5 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1843-2 squid3 -- several
Debian GNU/Linux 5.0
squid3
It was discovered that squid3, a high-performance proxy caching server for web clients, is prone to several denial of service attacks. Due to incorrect bounds checking and insufficient validation while processing response and request data an attacker is able to crash the squid daemon via crafted requests or responses. This update to DSA-1843-1 includes updated upstream patches which add checks for a corner-case in which an incomplete server reply could also lead to denial of service conditions as well as more debugging information. The squid package in the oldstable distribution is not affected by this problem. For the stable distribution, this problem has been fixed in version 3.0.STABLE8-3+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.0.STABLE18-1. We recommend that you upgrade your squid3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1996-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Debian GNU/Linux 5.0
linux-2.6
CVE-2009-3939 Joseph Malicki reported that the dbg_lvl sysfs attribute for the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings. CVE-2009-4027 Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service on a system connected to the same wireless network. CVE-2009-4536 & CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service or obtain elevated privileges. CVE-2010-0298 & CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks permit a user in a guest system to denial of service a guest or gain escalated privileges with the guest. CVE-2010-0307 Mathias Krause reported an issue with the load_elf_binary code on the amd64 flavor kernels that allows local users to cause a denial of service. CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service of the host system. CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service. CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service or gain access to sensitive kernel memory. For the stable distribution, this problem has been fixed in version 2.6.26-21lenny3. For the oldstable distribution, these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+21lenny3
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1734-1 opensc -- programming error
Debian GNU/Linux 5.0
opensc
b.badrignans discovered that OpenSC, a set of smart card utilities, could stores private data on a smart card without proper access restrictions. Only blank cards initialised with OpenSC are affected by this problem. This update only improves creating new private data objects, but cards already initialised with such private data objects need to be modified to repair the access control conditions on such cards. For the stable distribution, this problem has been fixed in version 0.11.4-5+lenny1. For the unstable distribution, this problem wil be fixed soon. We recommend that you upgrade your opensc package and recreate any private data objects stored on your smart cards.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1784-1 freetype -- integer overflows
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
freetype
Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file. For the oldstable distribution, this problem has been fixed in version 2.2.1-5+etch4. For the stable distribution, this problem has been fixed in version 2.3.7-2+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.3.9-4.1. We recommend that you upgrade your freetype packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1762-1 icu -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
icu
It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to cross- site scripting attacks. For the stable distribution, this problem has been fixed in version 3.8.1-3+lenny1. For the oldstable distribution, this problem has been fixed in version 3.6-2etch2. For the testing distribution and the unstable distribution, this problem has been fixed in version 4.0.1-1. We recommend that you upgrade your icu packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1841-1 git-core -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
git-core
It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions. For the oldstable distribution, this problem has been fixed in version 1:1.4.4.4-4+etch3. For the stable distribution, this problem has been fixed in version 1:1.5.6.5-3+lenny2. For the testing distribution, this problem has been fixed in version 1:1.6.3.3-1. For the unstable distribution, this problem has been fixed in version 1:1.6.3.3-1. We recommend that you upgrade your git-core packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2070-1 freetype -- several
Debian GNU/Linux 5.0
freetype
Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs. For the stable distribution, these problems have been fixed in version 2.3.7-2+lenny2. For the unstable distribution, these problems have been fixed in version 2.4.0-1. We recommend that you upgrade your freetype packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1825-1 nagios2, nagios3 -- insufficient input validation
Debian GNU/Linux 5.0
nagios2
nagios3
It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and trace route parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters. For the oldstable distribution, this problem has been fixed in version 2.6-2+etch3 of nagios2. For the stable distribution, this problem has been fixed in version 3.0.6-4~lenny2 of nagios3. For the testing distribution, this problem has been fixed in version 3.0.6-5 of nagios3. For the unstable distribution, this problem has been fixed in version 3.0.6-5 of nagios3. We recommend that you upgrade your nagios2/nagios3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2028-1 xpdf -- multiple
Debian GNU/Linux 5.0
xpdf
Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1188 and CVE-2009-3603 Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document. CVE-2009-3604 NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. CVE-2009-3606 Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document. CVE-2009-3608 Integer overflows in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document. CVE-2009-3609 Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document. For the stable distribution, this problem has been fixed in version 3.02-1.4+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.02-2.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2013-1 egroupware -- several
Debian GNU/Linux 5.0
egroupware
Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page. For the stable distribution, these problems have been fixed in version 1.4.004-2.dfsg-4.2. The upcoming stable distribution, no longer contains egroupware packages. We recommend that you upgrade your egroupware packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1830-1 icedove -- several vulnerabilities
Debian GNU/Linux 5.0
icedove
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0040 The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialised pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. CVE-2009-0352 It is possible to execute arbitrary code via vectors related to the layout engine. CVE-2009-0353 It is possible to execute arbitrary code via vectors related to the JavaScript engine. CVE-2009-0652 Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalised domain names. CVE-2009-0771 Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. CVE-2009-0772 The layout engine allows the execution of arbitrary code ia vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. CVE-2009-0773 The JavaScript engine is prone to the execution of arbitrary code via several vectors. CVE-2009-0774 The layout engine allows the execution of arbitrary code via vectors related to gczeal. CVE-2009-0776 Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. CVE-2009-1302 The browser engine is prone to a possible memory corruption via several vectors. CVE-2009-1303 The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. CVE-2009-1307 Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. CVE-2009-1832 The possible arbitrary execution of code was discovered via vectors involving "double frame construction." CVE-2009-1392 Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. No CVE id yet Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. For the stable distribution, these problems have been fixed in version 2.0.0.22-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported mail client. For the testing distribution these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.0.0.22-1. We recommend that you upgrade your icedove packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1905-1 python-django -- insufficient input validation
Debian GNU/Linux 5.0
python-django
The forms library of python-django, a high-level Python web development framework, is using a badly chosen regular expression when validating email addresses and URLs. An attacker can use this to perform denial of service attacks due to bad backtracking via a specially crafted email address or URL which is validated by the django forms library. python-django in the oldstable distribution, is not affected by this problem. For the stable distribution, this problem has been fixed in version 1.0.2-1+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.1.1-1. We recommend that you upgrade your python-django packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2020-1 ikiwiki -- insufficient input sanitisation
Debian GNU/Linux 5.0
ikiwiki
Ivan Shmakov discovered that the htmlscrubber component of ikwiki, a wiki compiler, performs insufficient input sanitisation on data:image/svg+xml URIs. As these can contain script code this can be used by an attacker to conduct cross-site scripting attacks. For the stable distribution, this problem has been fixed in version 2.53.5. For the testing distribution, this problem has been fixed in version 3.20100312. For the unstable distribution, this problem has been fixed in version 3.20100312.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1854-1 apr, apr-util -- heap buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apr
apr-util
Matt Lewis discovered that the memory management code in the Apache Portable Runtime library does not guard against a wrap-around during size computations. This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution. For the old stable distribution, this problem has been fixed in version 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of the apr-util package. For the stable distribution, this problem has been fixed in version 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1 of the apr-util package. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your APR packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1990-2 trac-git -- shell command injection
Debian GNU/Linux 5.0
trac-git
The trac-git package released in DSA-1990-1 had a wrong dependency that could not be satisfied in Debian stable. This update corrects this problem. For reference, the original advisory text is provided below. Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. The old stable distribution does not contain a trac-git package. For the stable distribution, this problem has been fixed in version 0.0.20080710-3+lenny2. For the unstable distribution and the testing distribution, this problem has been fixed in version 0.0.20090320-1.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1978-1 phpgroupware -- several
Debian GNU/Linux 5.0
phpgroupware
Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4414 An SQL injection vulnerability was found in the authentication module. CVE-2009-4415 Multiple directory traversal vulnerabilities were found in the addressbook module. CVE-2009-4416 The authentication module is affected by cross-site scripting. For the stable distribution these problems have been fixed in version 1:0.9.16.012+dfsg-8+lenny1. For the unstable distribution these problems have been fixed in version 0.9.16.012+dfsg-9. We recommend that you upgrade your phpgroupware packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1925-1 proftpd-dfsg -- insufficient input validation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
proftpd-dfsg
It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled. For the stable distribution, this problem has been fixed in version 1.3.1-17lenny4. For the oldstable distribution, this problem has been fixed in version 1.3.0-19etch3. Binaries for the amd64 architecture will be released once they are available. For the testing distribution and the unstable distribution , this problem has been fixed in version 1.3.2a-2. We recommend that you upgrade your proftpd-dfsg packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1828-1 ocsinventory-agent -- insecure module search path
Debian GNU/Linux 5.0
ocsinventory-agent
It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system. The oldstable distribution does not contain ocsinventory-agent. For the stable distribution, this problem has been fixed in version 1:0.0.9.2repack1-4lenny1. For the testing distribution, this problem has been fixed in version 1:0.0.9.2repack1-5 For the unstable distribution , this problem has been fixed in version 1:0.0.9.2repack1-5. We recommend that you upgrade your ocsinventory-agent packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1983-1 wireshark -- several
Debian GNU/Linux 5.0
wireshark
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4337 A NULL pointer dereference was found in the SMB/SMB2 dissectors. CVE-2010-0304 Several buffer overflows were found in the LWRES dissector. For the stable distribution, this problem has been fixed in version 1.0.2-3+lenny8. For the unstable distribution these problems have been fixed in version 1.2.6-1. We recommend that you upgrade your Wireshark packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1926-1 typo3-src -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
typo3-src
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3628 The Backend subcomponent allows remote authenticated users to determine an encryption key via crafted input to a form field. CVE-2009-3629 Multiple cross-site scripting vulnerabilities in the Backend subcomponent allow remote authenticated users to inject arbitrary web script or HTML. CVE-2009-3630 The Backend subcomponent allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters. CVE-2009-3631 The Backend subcomponent, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. CVE-2009-3632 SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent allows remote authenticated users to execute arbitrary SQL commands. CVE-2009-3633 Cross-site scripting vulnerability in allows remote attackers to inject arbitrary web script. CVE-2009-3634 Cross-site scripting vulnerability in the Frontend Login Box subcomponent allows remote attackers to inject arbitrary web script or HTML. CVE-2009-3635 The Install Tool subcomponent allows remote attackers to gain access by using only the password’s md5 hash as a credential. CVE-2009-3636 Cross-site scripting vulnerability in the Install Tool subcomponen allows remote attackers to inject arbitrary web script or HTML. For the old stable distribution, these problems have been fixed in version 4.0.2+debian-9. For the stable distribution, these problems have been fixed in version 4.2.5-1+lenny2. For the unstable distribution, these problems have been fixed in version 4.2.10-1. We recommend that you upgrade your typo3-src package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1756-1 xulrunner -- multiple
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1169 Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer. CVE-2009-1044 Security researcher Nils reported via TippingPoint’s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer. Note that after installing these updates, you will need to restart any packages using xulrunner, typically iceweasel or epiphany. For the stable distribution, these problems have been fixed in version 1.9.0.7-0lenny2. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.8-1 We recommend that you upgrade your xulrunner package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2060-1 cacti -- insufficient input sanitisation
Debian GNU/Linux 5.0
cacti
Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value. For the stable distribution, this problem has been fixed in version 0.8.7b-2.1+lenny3. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.8.7e-4. We recommend that you upgrade your cacti packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1768-1 openafs -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openafs
Two vulnerabilities were discovered in the client part of OpenAFS, a distributed file system. An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to avulnerability in XDR array decoding. An attacker with control of a file server or the ability to forge RX packets may crash OpenAFS clients because of wrongly handled error return codes in the kernel module. Note that in order to apply this security update, you must rebuild the OpenAFS kernel module. Be sure to also upgrade openafs-modules-source, build a new kernel module for your system following the instructions in /usr/share/doc/openafs-client/README.modules.gz, and then either stop and restart openafs-client or reboot the system to reload the kernel module. For the old stable distribution, these problems have been fixed in version 1.4.2-6etch2. For the stable distribution, these problems have been fixed in version 1.4.7.dfsg1-6+lenny1. For the unstable distribution, these problems have been fixed in version 1.4.10+dfsg1-1. We recommend that you upgrade your openafs packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1999-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. For the stable distribution, these problems have been fixed in version 1.9.0.18-1. For the unstable distribution, these problems have been fixed in version 1.9.1.8-1. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1986-1 moodle -- several vulnerabilities
Debian GNU/Linux 5.0
moodle
Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4297 Multiple cross-site request forgery vulnerabilities have been discovered. CVE-2009-4298 It has been discovered that the LAMS module is prone to the disclosure of user account information. CVE-2009-4299 The Glossary module has an insufficient access control mechanism. CVE-2009-4301 Moodle does not properly check permissions when the MNET service is enabled, which allows remote authenticated servers to execute arbitrary MNET functions. CVE-2009-4302 The login/index_form.html page links to an HTTP page instead of using an SSL secured connection. CVE-2009-4303 Moodle stores sensitive data in backup files, which might make it possible for attackers to obtain them. CVE-2009-4305 It has been discovered that the SCORM module is prone to an SQL injection. Additionally, an SQL injection in the update_record function, a problem with symbolic links and a verification problem with Glossary, database and forum ratings have been fixed. For the stable distribution, these problems have been fixed in version 1.8.2.dfsg-3+lenny3. For the oldstable distribution, there are no fixed packages available and it is too hard to backport many of the fixes. Therefore, we recommend to upgrade to the lenny version. For the testing distribution and the unstable distribution , these problems have been fixed in version 1.8.2.dfsg-6. We recommend that you upgrade your moodle packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1786-1 acpid -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
acpid
It was discovered that acpid, a daemon for delivering ACPI events, is prone to a denial of service attack by opening a large number of UNIX sockets, which are not closed properly. For the stable distribution, this problem has been fixed in version 1.0.8-1lenny1. For the oldstable distribution, this problem has been fixed in version 1.0.4-5etch1. For the testing distribution and the unstable distribution , this problem has been fixed in version 1.0.10-1. We recommend that you upgrade your acpid packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1846-1 kvm -- denial of service
Debian GNU/Linux 5.0
kvm
Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service by providing an invalid cr3 value to the KVM_SET_SREGS call. For the stable distribution, these problems have been fixed in version 72+dfsg-5~lenny2. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your kvm packages, and rebuild any kernel modules you have built from a kvm-source package version.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1808-1 drupal6 -- insufficient input sanitising
Debian GNU/Linux 5.0
drupal6
Markus Petrux discovered a cross-site scripting vulnerability in the taxonomy module of drupal6, a fully-featured content management framework. It is also possible that certain browsers using the UTF-7 encoding are vulnerable to a different cross-site scripting vulnerability. For the stable distribution, these problems have been fixed in version 6.6-3lenny2. The oldstable distribution does not contain drupal6. For the testing distribution and the unstable distribution, these problems have been fixed in version 6.11-1.1. We recommend that you upgrade your drupal6 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2072-1 libpng -- several
Debian GNU/Linux 5.0
libpng
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1205 It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. CVE-2010-2249 It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service via a PNG image containing malformed Physical Scale chunks For the stable distribution , these problems have been fixed in version 1.2.27-2+lenny4. For the testing and unstable distribution, these problems have been fixed in version 1.2.44-1 We recommend that you upgrade your libpng package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1880-1 openoffice.org -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openoffice.org
Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0200 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in an integer underflow that may lead to heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. CVE-2009-0201 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. CVE-2009-2139 A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo. This vulnerability does not exist in the packages for oldstable, testing and unstable. For the old stable distribution these problems have been fixed in version 2.0.4.dfsg.2-7etch7. For the stable distribution these problems have been fixed in version 1:2.4.1+dfsg-1+lenny3 and higher. For the unstable and testing distribution these problems have been fixed in version 3.1.1~ooo310m15-1. We recommend that you upgrade your Openoffice.org package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1764-1 tunapie -- several
Debian GNU/Linux 5.0
tunapie
Several vulnerabilities have been discovered in Tunapie, a GUI frontend to video and radio streams. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1253 Kees Cook discovered that insecure handling of temporary files may lead to local denial of service through symlink attacks. CVE-2009-1254 Mike Coleman discovered that insufficient escaping of stream URLs may lead to the execution of arbitrary commands if a user is tricked into opening a malformed stream URL. For the old stable distribution, these problems have been fixed in version 1.3.1-1+etch2. Due to a technical problem, this update cannot be released synchronously with the stable version, but will appear soon. For the stable distribution, these problems have been fixed in version 2.1.8-2. For the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your tunapie package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1990-1 trac-git -- shell command injection
Debian GNU/Linux 5.0
trac-git
Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. The old stable distribution does not contain a trac-git package. For the stable distribution, this problem has been fixed in version 0.0.20080710-3+lenny1. For the unstable distribution and the testing distribution , this problem has been fixed in version 0.0.20090320-1. We recommend that you upgrade your trac-git package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2064-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2036-1 jasper -- programming error
Debian GNU/Linux 5.0
jasper
It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption. Besides addressing this vulnerability, this updates also addresses a regression introduced in the security fix for CVE-2008-3521, applied before Debian Lenny’s release, that could cause errors when reading some JPEG input files. For the stable distribution, this problem has been fixed in version 1.900.1-5.1+lenny1. For the unstable distribution, this problem has been fixed in version 1.900.1-6. We recommend that you upgrade your jasper package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1973-1 glibc, eglibc -- information disclosure
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
glibc
eglibc
Christoph Pleger has discovered that the GNU C Library and its derivatives add information from the passwd.adjunct.byname map to entries in the passwd map, which allows local users to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. For the oldstable distribution, this problem has been fixed in version 2.3.6.ds1-13etch10 of the glibc package. For the stable distribution, this problem has been fixed in version 2.7-18lenny2 of the glibc package. For the unstable distribution this problem has been fixed in version 2.10.2-4 of the eglibc package. We recommend that you upgrade your glibc or eglibc package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2059-1 pcsc-lite -- buffer overflow
Debian GNU/Linux 5.0
pcsc-lite
It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root. For the stable distribution, this problem has been fixed in version 1.4.102-1+lenny1. For the unstable distribution, this problem has been fixed in version 1.5.4-1. We recommend that you upgrade your pcsc-lite package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1949-1 php-net-ping -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
php-net-ping
It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments or execute arbitrary commands on a system that uses php-net-ping. For the stable distribution, this problem has been fixed in version 2.4.2-1+lenny1. For the oldstable distribution, this problem has been fixed in version 2.4.2-1+etch1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.4.2-1.1. We recommend that you upgrade your php-net-ping packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1858-1 imagemagick -- multiple
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
imagemagick
Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution. CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution. CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution. CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution. CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution. CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution. CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable. CVE-2008-1097 Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable. CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. For the old stable distribution, these problems have been fixed in version 7:6.2.4.5.dfsg1-0.15+etch1. For the stable distribution, these problems have been fixed in version 7:6.3.7.9.dfsg2-1~lenny3. For the upcoming stable distribution and the unstable distribution, these problems have been fixed in version 7:6.5.1.0-1.1. We recommend that you upgrade your imagemagick packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1963-1 unbound -- cryptographic implementation error
Debian GNU/Linux 5.0
unbound
It was discovered that Unbound, a DNS resolver, does not properly check cryptographic signatures on NSEC3 records. As a result, zones signed with the NSEC3 variant of DNSSEC lose their cryptographic protection. The old stable distribution does not contain an unbound package. For the stable distribution, this problem has been fixed in version 1.0.2-1+lenny1. For the unstable distribution and the testing distribution, this problem has been fixed in version 1.3.4-1. We recommend that you upgrade your unbound package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1774-1 ejabberd -- insufficient input sanitising
Debian GNU/Linux 5.0
ejabberd
It was discovered that ejabberd, a distributed, fault-tolerant Jabber/XMPP server, does not sufficiently sanitise MUC logs, allowing remote attackers to perform cross-site scripting attacks. For the stable distribution, this problem has been fixed in version 2.0.1-6+lenny1. The oldstable distribution is not affected by this issue. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.0.5-1. We recommend that you upgrade your ejabberd packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1970-1 openssl -- denial of service
Debian GNU/Linux 5.0
openssl
It was discovered that a significant memory leak could occur in openssl, related to the reinitialisation of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded. The old stable distribution is not affected by this issue. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny6. The packages for the arm architecture are not included in this advisory. They will be released as soon as they become available. For the testing distribution and the unstable distribution, this problem will be fixed soon. The issue does not seem to be exploitable with the apache2 package contained in squeeze/sid. We recommend that you upgrade your openssl packages. You also need to restart your Apache httpd server to make sure it uses the updated libraries.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2071-1 libmikmod -- buffer overflows
Debian GNU/Linux 5.0
libmikmod
Dyon Balding discovered buffer overflows in the MikMod sound library, which could lead to the execution of arbitrary code if a user is tricked into opening malformed Impulse Tracker or Ultratracker sound files. For the stable distribution, these problems have been fixed in version 3.1.11-6+lenny1. For the unstable distribution, these problems have been fixed in version 3.1.11-6.2. We recommend that you upgrade your libmikmod packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2050-1 kdegraphics -- several
Debian GNU/Linux 5.0
kdegraphics
Several local vulnerabilities have been discovered in KPDF, a PDF viewer for KDE, which allow the execution of arbitrary code or denial of service if a user is tricked into opening a crafted PDF document. For the stable distribution, these problems have been fixed in version 4:3.5.9-3+lenny3. The unstable distribution no longer contains kpdf. It's replacement, Okular, links against the poppler PDF library. We recommend that you upgrade your kdegraphics packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2061-1 samba -- memory corruption
Debian GNU/Linux 5.0
samba
Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon. For the stable distribution, this problem has been fixed in version 2:3.2.5-4lenny12. This problem does not affect the versions in the testing and unstable distribution. We recommend that you upgrade your samba packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1867-1 kdelibs -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
kdelibs
Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the stable distribution, these problems have been fixed in version 4:3.5.10.dfsg.1-0lenny2. For the oldstable distribution, these problems have been fixed in version 4:3.5.5a.dfsg.1-8etch2. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your kdelibs packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1911-1 pygresql -- missing escape function
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
pygresql
It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn. This is needed, because PQescapeStringConn honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new function is called pg_escape_string, which takes the database connection as a first argument. The old function escape_string has been preserved as well for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function. For the stable distribution, this problem has been fixed in version 1:3.8.1-3+lenny1. For the oldstable distribution, this problem has been fixed in version 1:3.8.1-1etch2. For the testing distribution and the unstable distribution, this problem has been fixed in version 1:4.0-1. We recommend that you upgrade your pygresql packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2057-1 mysql-dfsg-5.0 -- several
Debian GNU/Linux 5.0
mysql-dfsg-5.0
Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1626 MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. CVE-2010-1848 MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. CVE-2010-1849 MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. CVE-2010-1850 MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. For the stable distribution, these problems have been fixed in version 5.0.51a-24+lenny4 The testing and unstable distribution do not contain mysql-dfsg-5.0 anymore. We recommend that you upgrade your mysql-dfsg-5.0 package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1942-1 wireshark -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
wireshark
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2560 A NULL pointer dereference was found in the RADIUS dissector. CVE-2009-3550 A NULL pointer dereference was found in the DCERP/NT dissector. CVE-2009-3829 An integer overflow was discovered in the ERF parser. This update also includes fixes for three minor issues, which were scheduled for the next stable point update. Also CVE-2009-1268 was fixed for Etch. Since this security update was issued prior to the release of the point update, the fixes were included. For the old stable distribution, this problem has been fixed in version 0.99.4-5.etch.4. For the stable distribution, this problem has been fixed in version 1.0.2-3+lenny7. For the unstable distribution these problems have been fixed in version 1.2.3-1. We recommend that you upgrade your Wireshark packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2022-1 mediawiki -- several
Debian GNU/Linux 5.0
mediawiki
Several vulnerabilities have been discovered in mediawiki, a web-based wiki engine. The following issues have been identified: Insufficient input sanitisation in the CSS validation code allows editors to display external images in wiki pages. This can be a privacy concern on public wikis as it allows attackers to gather IP addresses and other information by linking these images to a web server under their control. Insufficient permission checks have been found in thump.php which can lead to disclosure of image files that are restricted to certain users. For the stable distribution, this problem has been fixed in version 1:1.12.0-2lenny4. For the testing distribution, this problem has been fixed in version 1:1.15.2-1. For the unstable distribution, this problem has been fixed in version 1:1.15.2-1.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1889-1 icu -- programming error
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
icu
It was discovered that the ICU unicode library performed incorrect processing of invalid multibyte sequences, resulting in potential bypass of security mechanisms. For the old stable distribution, this problem has been fixed in version 3.6-2etch3. For the stable distribution, this problem has been fixed in version 3.8.1-3+lenny2. For the unstable distribution, this problem has been fixed in version 4.0.1-1. We recommend that you upgrade your icu packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1894-1 newt -- buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
newt
Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to a buffer overflow in the content processing code, which can lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 0.52.2-11.3+lenny1. For the oldstable distribution, this problem has been fixed in version 0.52.2-10+etch1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your newt packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1991-1 squid/squid3 -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
squid/squid3
Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2855 Bastian Blank discovered that it is possible to cause a denial of service via a crafted auth header with certain comma delimiters. CVE-2010-0308 Tomas Hoger discovered that it is possible to cause a denial of service via invalid DNS header-only packets. For the stable distribution, these problems have been fixed in version 2.7.STABLE3-4.1lenny1 of the squid package and version 3.0.STABLE8-3+lenny3 of the squid3 package. For the oldstable distribution, these problems have been fixed in version 2.6.5-6etch5 of the squid package and version 3.0.PRE5-5+etch2 of the squid3 package. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your squid/squid3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1809-1 linux-2.6 -- denial of service, privilege escalation
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1630 Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. CVE-2009-1633 Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. CVE-2009-1758 Jan Beulich discovered an issue in Xen where local guest users may cause a denial of service. This update also fixes a regression introduced by the fix for CVE-2009-1184 in 2.6.26-15lenny3. This prevents a boot time panic on systems with SELinux enabled. For the stable distribution, these problems have been fixed in version 2.6.26-15lenny3. For the oldstable distribution, these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2025-1 icedove -- several vulnerabilities
Debian GNU/Linux 5.0
icedove
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a "\0" character in a domain name in the subject's Common Name field of an X.509 certificate. CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. CVE-2009-2463 monarch2020 discovered an integer overflow n a base64 decoding function. CVE-2009-3072 Josh Soref discovered a crash in the BinHex decoder. CVE-2009-3075 Carsten Book reported a crash in the JavaScript engine. CVE-2010-0163 Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 2.0.0.24-0lenny1. Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available. For the testing distribution squeeze and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your icedove packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2056-1 zonecheck -- missing input sanitising
Debian GNU/Linux 5.0
zonecheck
It was discovered that in zonecheck, a tool to check DNS configurations, the CGI does not perform sufficient sanitation of user input; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. For the stable distribution, this problem has been fixed in version 2.0.4-13lenny1. For the testing distribution, this problem has been fixed in version 2.1.1-1. For the testing distribution, this problem has been fixed in version 2.1.1-1. We recommend that you upgrade your zonecheck packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1793-1 kdegraphics -- multiple
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
kdegraphics
kpdf, a Portable Document Format viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2SymbolDict::setBitmap and JBIG2Stream::readSymbolDictSeg. CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg, JBIG2Stream::readSymbolDictSeg, and JBIG2Stream::readGenericBitmap. CVE-2009-0165 Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to "g*allocn." CVE-2009-0166 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file that triggers a free of uninitialised memory. CVE-2009-0799 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0800 Multiple "input validation flaws" in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1180 The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1181 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1183 The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file. We recommend that you upgrade your kdegraphics packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2035-1 apache2 -- multiple issues
Debian GNU/Linux 5.0
apache2
Two issues have been found in the Apache HTTPD web server: CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. CVE-2010-0434 A flaw in the core subrequest process code was found, which could lead to a daemon crash or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers. For the stable distribution, these problems have been fixed in version 2.2.9-10+lenny7. For the testing distribution and the unstable distribution, these problems have been fixed in version 2.2.15-1. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2052-1 krb5 -- null pointer dereference
Debian GNU/Linux 5.0
krb5
Shawn Emery discovered that in MIT Kerberos 5 , a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field. For the stable distribution, this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny4. For the testing distribution, this problem has been fixed in version 1.8.1+dfsg-3. For the testing distribution, this problem has been fixed in version 1.8.1+dfsg-3. We recommend that you upgrade your krb5 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1981-1 maildrop -- privilege escalation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
maildrop
Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. For the stable distribution, this problem has been fixed in version 2.0.4-3+lenny1. For the oldstable distribution, this problem has been fixed in version 2.0.2-11+etch1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your maildrop packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1810-1 libapache-mod-jk -- information disclosure
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libapache-mod-jk
An information disclosure flaw was found in mod_jk, the Tomcat Connector module for Apache. If a buggy client included the "Content-Length" header without providing request body data, or if a client sent repeated equests very quickly, one client could obtain a response intended for another client. For the stable distribution, this problem has been fixed in version 1:1.2.26-2+lenny1. The oldstable distribution, this problem has been fixed in version 1:1.2.18-3etch2. For the testing distribution and the unstable distribution, this problem has been fixed in version 1:1.2.26-2.1. We recommend that you upgrade your libapache-mod-jk packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2039-1 cacti -- missing input sanitising
Debian GNU/Linux 5.0
cacti
It was discovered that Cacti, a frontend to rrdtool for monitoring systems and services missed input sanitising, making an SQL injection attack possible. For the stable distribution, this problem has been fixed in version 0.8.7b-2.1+lenny2. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your cacti package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1752-1 webcit -- format string vulnerability
Debian GNU/Linux 5.0
webcit
Wilfried Goesgens discovered that WebCit, the web-based user interface for the Citadel groupware system, contains a format string vulnerability in the mini_calendar component, possibly allowing arbitrary code execution. For the stable distribution, this problem has been fixed in version 7.37-dfsg-7. For the unstable distribution, this problem has been fixed in version 7.38b-dfsg-2. We recommend that you upgrade your webcit packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1980-1 ircd-hybrid/ircd-ratbox -- integer underflow/denial of service
Debian GNU/Linux 5.0
ircd-hybrid/ircd-ratbox
David Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code. This issue affects both, ircd-hybrid and ircd-ratbox. It was discovered that the ratbox IRC server is prone to a denial of service attack via the HELP command. The ircd-hybrid package is not vulnerable to this issue. For the stable distribution, this problem has been fixed in version 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in version 2.2.8.dfsg-2+lenny1 of ircd-ratbox. Due to a bug in the archive software it was not possible to release the fix for the oldstable distribution simultaneously. The packages will be released as version 7.2.2.dfsg.2-3+etch1 once they become available. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your ircd-hybrid/ircd-ratbox packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2054-1 bind9 -- DNS cache poisoning
Debian GNU/Linux 5.0
bind9
Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root, and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". For the stable distribution, these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny1. For the unstable distribution, these problems have been fixed in version 1:9.7.0.dfsg-1. We recommend that you upgrade your bind9 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2040-1 squidguard -- buffer overflow
Debian GNU/Linux 5.0
squidguard
It was discovered that in squidguard, a URL redirector/filter/ACL plugin for squid, several problems in src/sgLog.c and src/sgDiv.c allow remote users to either: * cause a denial of service, by requesting long URLs containing many slashes; this forces the daemon into emergency mode, where it does not process requests anymore. * bypass rules by requesting URLs whose length is close to predefined buffer limits, in this case 2048 for squidguard and 4096 or 8192 for squid. For the stable distribution, this problem has been fixed in version 1.2.0-8.4+lenny1. For the unstable distribution, this problem has been fixed in version 1.2.0-9. We recommend that you upgrade your squidguard package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1827-1 ipplan -- insufficient input sanitising
Debian GNU/Linux 5.0
ipplan
It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks. For the stable distribution, this problem has been fixed in version 4.86a-7+lenny1. The oldstable distribution does not contain ipplan. For the testing distribution this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 4.91a-1.1. We recommend that you upgrade your ipplan packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1766-1 krb5 -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
krb5
Several vulnerabilities have been found in the MIT reference implementation of Kerberos V5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identified the following problems: The Apple Product Security team discovered that the SPNEGO GSS-API mechanism suffers of a missing bounds check when reading a network input buffer which results in an invalid read crashing the application or possibly leaking information. Under certain conditions the SPNEGO GSS-API mechanism references a null pointer which crashes the application using the library. An incorrect length check inside the ASN.1 decoder of the MIT krb5 implementation allows an unauthenticated remote attacker to crash of the kinit or KDC program. Under certain conditions the the ASN.1 decoder of the MIT krb5 implementation frees an uninitialised pointer which could lead to denial of service and possibly arbitrary code execution. For the oldstable distribution, this problem has been fixed in version 1.4.4-7etch7. For the stable distribution, this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.6.dfsg.4~beta1-13. We recommend that you upgrade your krb5 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1868-1 kde4libs -- several vulnerabilities
Debian GNU/Linux 5.0
kde4libs
Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the stable distribution, these problems have been fixed in version 4:4.1.0-3+lenny1. The oldstable distribution does not contain kde4libs. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 4:4.3.0-1. We recommend that you upgrade your kde4libs packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1812-1 apr-util -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
apr-util
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2004-1 samba -- several
Debian GNU/Linux 5.0
samba
Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3297 Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points. CVE-2010-0547 Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab. For the stable distribution, these problems have been fixed in version 2:3.2.5-4lenny9. For the unstable distribution, these problems have been fixed in version 2:3.4.5~dfsg-2. We recommend that you upgrade your samba packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2034-1 phpmyadmin -- several
Debian GNU/Linux 5.0
phpmyadmin
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-7251 phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, with insecure filesystem permissions. CVE-2008-7252 phpMyAdmin uses predictable filenames for temporary files, which may lead to a local denial of service attack or privilege escalation. CVE-2009-4605 The setup.php script shipped with phpMyAdmin may unserialize untrusted data, allowing for cross site request forgery. For the stable distribution, these problems have been fixed in version phpmyadmin 4:2.11.8.1-5+lenny4. For the unstable distribution, these problems have been fixed in version 3.2.4-1. We recommend that you upgrade your phpmyadmin package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1922-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3380 Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2009-3382 Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3376 Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. CVE-2009-3375 Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection function. CVE-2009-3374 "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. CVE-2009-3373 "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. CVE-2009-3372 Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. CVE-2009-3274 Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. CVE-2009-3370 Paul Stone discovered that history information from web forms could be stolen. For the stable distribution, these problems have been fixed in version 1.9.0.15-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.1.4-1. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1947-1 shibboleth-sp, shibboleth-sp2, opensaml2 -- missing input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
shibboleth-sp
shibboleth-sp2
opensaml2
Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs. For the stable distribution, this problem has been fixed in version 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2 of shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2. For the unstable distribution, this problem has been fixed in version 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and version 1.3.1-1 of xmltooling. We recommend that you upgrade your Shibboleth packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1884-1 nginx -- buffer underflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
nginx
Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request. For the oldstable distribution, this problem has been fixed in version 0.4.13-2+etch2. For the stable distribution, this problem has been fixed in version 0.6.32-3+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.7.61-3. We recommend that you upgrade your nginx packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2075-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2065-1 kvirc -- several
Debian GNU/Linux 5.0
kvirc
Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack. For the stable distribution, these problems have been fixed in version 2:3.4.0-5. For the unstable distribution, these problems have been fixed in version 4.0.0~svn4340+rc3-1. We recommend that you upgrade your kvirc packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-1822-1 mahara -- insufficient input sanitisation
Debian GNU/Linux 5.0
mahara
It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users. The oldstable distribution does not contain mahara. For the stable distribution, this problem has been fixed in version 1.0.4-4+lenny3. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.1.5-1. We recommend that you upgrade your mahara packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2012-1 linux-2.6 -- privilege escalation/denial of service
Debian GNU/Linux 5.0
linux-2.6
CVE-2009-3725 Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets. This allows local users to manipulate settings for uvesafb devices which are normally reserved for privileged users. CVE-2010-0622 Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service. This update also includes fixes for regressions introduced by previous updates. See the referenced Debian bug pages for details. For the stable distribution, this problem has been fixed in version 2.6.26-21lenny4. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+21lenny4
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1746-1 ghostscript -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ghostscript
Two security issues have been discovered in ghostscript, the GPL Ghostscript PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0583 Jan Lieskovsky discovered multiple integer overflows in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images. CVE-2009-0584 Jan Lieskovsky discovered insufficient upper-bounds checks on certain variable sizes in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images. For the stable distribution, these problems have been fixed in version 8.62.dfsg.1-3.2lenny1. For the oldstable distribution, these problems have been fixed in version 8.54.dfsg.1-5etch2. Please note that the package in oldstable is called gs-gpl. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your ghostscript/gs-gpl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1790-1 xpdf -- multiple
Debian GNU/Linux 5.0
xpdf
Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2SymbolDict::setBitmap and JBIG2Stream::readSymbolDictSeg. CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg, JBIG2Stream::readSymbolDictSeg, and JBIG2Stream::readGenericBitmap. CVE-2009-0165 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." CVE-2009-0166 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers a free of uninitialised memory. CVE-2009-0799 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0800 Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1180 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1181 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1183 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file. For the old stable distribution, these problems have been fixed in version 3.01-9.1+etch6. For the stable distribution, these problems have been fixed in version 3.02-1.4+lenny1. For the unstable distribution, these problems will be fixed in a forthcoming version. We recommend that you upgrade your xpdf packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1883-2 nagios2 -- missing input sanitising
Debian GNU/Linux 5.0
nagios2
The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the "host" variable. This update fixes the problem. For reference the original advisory text follows. Several vulnerabilities have been found in nagios2, ahost/service/network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems: Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing attackers to inject arbitrary HTML code. In order to cover the different attack vectors, these issues have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360. For the oldstable distribution, these problems have been fixed in version 2.6-2+etch5. The stable distribution does not include nagios2 and nagios3 is not affected by these problems. The testing distribution and the unstable distribution do not contain nagios2 and nagios3 is not affected by these problems. We recommend that you upgrade your nagios2 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1841-2 git-core -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
git-core
A bug in git-core caused the security update in DSA 1841 to fail to build on a number of architectures Debian supports. This update corrects the bug and releases builds for all supported architectures. The original advisory is quoted in full below for reference. It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions. For the oldstable distribution, this problem has been fixed in version 1.4.4.4-4+etch4. For the stable distribution, this problem has been fixed in version 1.5.6.5-3+lenny3. For the testing distribution, this problem has been fixed in version 1:1.6.3.3-1. For the unstable distribution, this problem has been fixed in version 1:1.6.3.3-1. We recommend that you upgrade your git-core packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2054-2 bind9 -- DNS cache poisoning
Debian GNU/Linux 5.0
bind9
This update restores the PID file location for bind to the location before the last security update. For reference, here is the original advisory text that explains the security problems fixed: Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root, and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". For the stable distribution, these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny2. The unstable distribution is not affected by the wrong PID file location. We recommend that you upgrade your bind9 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2000-1 ffmpeg-debian -- several
Debian GNU/Linux 5.0
ffmpeg-debian
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer: Various programming errors in container and codec implementations may lead to denial of service or the execution of arbitrary code if the user is tricked into opening a malformed media file or stream. Affected and updated have been the implementations of the following codecs and container formats: - - the Vorbis audio codec - - the Ogg container implementation - - the FF Video 1 codec - - the MPEG audio codec - - the H264 video codec - - the MOV container implementation - - the Oggedc container implementation For the stable distribution, these problems have been fixed in version 0.svn20080206-18+lenny1. For the unstable distribution, these problems have been fixed in version 4:0.5+svn20090706-5. We recommend that you upgrade your ffmpeg packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1919-1 smarty -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
smarty
Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. CVE-2009-1669 The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. For the old stable distribution, these problems have been fixed in version 2.6.14-1etch2. For the stable distribution, these problems have been fixed in version 2.6.20-1.2. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your smarty package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2067-1 mahara -- several
Debian GNU/Linux 5.0
mahara
Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-1667 Multiple pages performed insufficient input sanitising, making them vulnerable to cross-site scripting attacks. CVE-2010-1668 Multiple forms lacked protection against cross-site request forgery attacks, therefore making them vulnerable. CVE-2010-1670 Gregor Anzelj discovered that it was possible to accidentally configure an installation of mahara that allows access to another user's account without a password. CVE-2010-2479 Certain Internet Explorer-specific cross-site scripting vulnerabilities were discovered in HTML Purifier, of which a copy is included in the mahara package. For the stable distribution, the problems have been fixed in version 1.0.4-4+lenny6. For the testing distribution, the problems will be fixed soon. For the unstable distribution, the problems have been fixed in version 1.2.5. We recommend that you upgrade your mahara packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1936-1 libgd2 -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libgd2
Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0455 Kees Cook discovered a buffer overflow in libgd2's font renderer. An attacker could cause denial of service and possibly execute arbitrary code via a crafted string with a JIS encoded font. This issue only affects the oldstable distribution. CVE-2009-3546 Tomas Hoger discovered a boundary error in the "_gdGetColors" function. An attacker could conduct a buffer overflow or buffer over-read attacks via a crafted GD file. For the oldstable distribution, these problems have been fixed in version 2.0.33-5.2etch2. For the stable distribution, these problems have been fixed in version 2.0.36~rc1~dfsg-3+lenny1. For the upcoming stable distribution and the unstable distribution ion, these problems have been fixed in version 2.0.36~rc1~dfsg-3.1. We recommend that you upgrade your libgd2 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2038-1 pidgin -- several
Debian GNU/Linux 5.0
pidgin
Several remote vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0420 Crafted nicknames in the XMPP protocol can crash Pidgin remotely. CVE-2010-0423 Remote contacts may send too many custom smilies, crashing Pidgin. Since a few months, Microsoft's servers for MSN have changed the protocol, making Pidgin non-functional for use with MSN. It is not feasible to port these changes to the version of Pidgin in Debian Lenny. This update formalises that situation by disabling the protocol in the client. Users of the MSN protocol are advised to use the version of Pidgin in the repositories of www.backports.org. For the stable distribution, these problems have been fixed in version 2.4.3-4lenny6. For the unstable distribution, these problems have been fixed in version 2.6.6-1. We recommend that you upgrade your pidgin package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1871-1 wordpress -- several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
wordpress
Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-6762 It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks. CVE-2008-6767 It was discovered that remote attackers had the ability to trigger an application upgrade, which could lead to a denial of service attack. CVE-2009-2334 It was discovered that wordpress lacks authentication checks in the plugin configuration, which might leak sensitive information. CVE-2009-2854 It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions. CVE-2009-2851 It was discovered that the administrator interface is prone to a cross-site scripting attack. CVE-2009-2853 It was discovered that remote attackers can gain privileges via certain direct requests. CVE-2008-1502 It was discovered that the _bad_protocol_once function in KSES, as used by wordpress, allows remote attackers to perform cross-site scripting attacks. CVE-2008-4106 It was discovered that wordpress lacks certain checks around user information, which could be used by attackers to change the password of a user. CVE-2008-4769 It was discovered that the get_category_template function is prone to a directory traversal vulnerability, which could lead to the execution of arbitrary code. CVE-2008-4796 It was discovered that the _httpsrequest function in the embedded snoopy version is prone to the execution of arbitrary commands via shell metacharacters in https URLs. CVE-2008-5113 It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies. For the stable distribution, these problems have been fixed in version 2.5.1-11+lenny1. For the oldstable distribution, these problems have been fixed in version 2.0.10-1etch4. For the testing distribution and the unstable distribution, these problems have been fixed in version 2.8.3-1. We recommend that you upgrade your wordpress packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2007-1 cups -- format string vulnerability
Debian GNU/Linux 5.0
cups
Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf. This works as the lppasswd binary happens to be installed with setuid 0 permissions. For the stable distribution, this problem has been fixed in version 1.3.8-1+lenny8. For the testing distribution this problem will be fixed soon. For the unstable distribution this problem has been fixed in version 1.4.2-9.1. We recommend that you upgrade your cups packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2253-1 fontforge -- buffer overflow
Debian GNU/Linux 5.0
fontforge
Ulrik Persson reported a stack-based buffer overflow flaw in FontForge, a font editor. When processed a crafted Bitmap Distribution Format FontForge could crash or execute arbitrary code with the privileges of the user running FontForge.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1909-1 postgresql-ocaml -- missing escape function
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
postgresql-ocaml
It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's libpq, was missing a function to call PQescapeStringConn. This is needed, because PQescapeStringConn honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called escape_string_conn and takes the established database connection as a first argument. The old escape_string was kept for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function. For the stable distribution, this problem has been fixed in version 1.7.0-3+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.4-2+etch1. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.12.1-1. We recommend that you upgrade your postgresql-ocaml packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1908-1 ntp -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
ntp
Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets. An unexpected NTP mode 7 packets with spoofed IP data can lead ntpd to reply with a mode 7 response to the spoofed address. This may result in the service playing packet ping-pong with other ntp servers or even itself which causes CPU usage and excessive disk use due to logging. An attacker can use this to conduct denial of service attacks. For the oldstable distribution, this problem has been fixed in version 1:4.2.2.p4+dfsg-2etch4. For the stable distribution, this problem has been fixed in version 1:4.2.4p4+dfsg-8lenny3. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your ntp packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2059-2 pcsc-lite -- buffer overflow
Debian GNU/Linux 5.0
pcsc-lite
The update for PCSCD caused a regression with some card readers. This update corrects that regression. The full advisory is below for completeness. It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root. For the stable distribution, this problem has been fixed in version 1.4.102-1+lenny3. For the unstable distribution, this problem has been fixed in version 1.5.4-1. We recommend that you upgrade your pcsc-lite package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1826-1 eggdrop -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
eggdrop
Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2807 It was discovered that eggdrop is vulnerable to a buffer overflow, which could result in a remote user executing arbitrary code. The previous DSA did not fix the issue correctly. CVE-2009-1789 It was discovered that eggdrop is vulnerable to a denial of service attack, that allows remote attackers to cause a crash via a crafted PRIVMSG. For the stable distribution, these problems have been fixed in version 1.6.19-1.1+lenny1. For the old stable distribution, these problems have been fixed in version 1.6.18-1etch2. For the unstable distribution, this problem has been fixed in version 1.6.19-1.2 We recommend that you upgrade your eggdrop package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2042-1 iscsitarget -- format string
Debian GNU/Linux 5.0
iscsitarget
Florent Daigniere discovered multiple format string vulnerabilities in Linux SCSI target framework allow remote attackers to cause a denial of service in the ietd daemon. The flaw could be trigger by sending a carefully-crafted Internet Storage Name Service request. For the stable distribution, this problem has been fixed in version 0.4.16+svn162-3.1+lenny1. For the testing distribution, this problem has been fixed in version 0.4.17+svn229-1.4. For the unstable distribution, this problem has been fixed in version 0.4.17+svn229-1.4.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2055-1 openoffice.org -- macro execution
Debian GNU/Linux 5.0
openoffice.org
It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in certain use cases of the python macro viewer component. For the stable distribution, this problem has been fixed in version 1:2.4.1+dfsg-1+lenny7. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1:3.2.1-1. We recommend that you upgrade your openoffice.org packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1982-1 hybserv -- denial of service
Debian GNU/Linux 5.0
hybserv
Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option. For the stable distribution, this problem has been fixed in version 1.9.2-4+lenny2. Due to a bug in the archive system, it is not possible to release the fix for the oldstable distribution simultaneously. Therefore, etch will be fixed in version 1.9.2-4+etch1 as soon as it becomes available. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.9.2-4.1. We recommend that you upgrade your hybserv packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1881-1 cyrus-imapd-2.2 -- buffer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
cyrus-imapd-2.2
It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof operator an attacker is able to pass a negative length to snprintf calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. For the oldstable distribution, this problem has been fixed in version 2.2.13-10+etch2. For the stable distribution, this problem has been fixed in version 2.2.13-14+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your cyrus-imapd-2.2 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1829-1 sork-passwd-h3 -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
sork-passwd-h3
It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter. For the oldstable distribution, this problem has been fixed in version 3.0-2+etch1. For the stable distribution, this problem has been fixed in version 3.0-2+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.1-1.1. We recommend that you upgrade your sork-passwd-h3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1974-1 gzip -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gzip
Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version. CVE-2010-0001 Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution, these problems have been fixed in version 1.3.12-6+lenny1. For the oldstable distribution, these problems have been fixed in version 1.3.5-15+etch1. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your gzip packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1964-1 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
postgresql-7.4
postgresql-8.1
postgresql-8.3
Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name. Authenticated database users could elevate their privileges by creating specially-crafted index functions. The following table shows fixed source package versions for the respective distributions. oldstable/etch stable/lenny testing/unstable postgresql-7.4 1:7.4.27-0etch1 postgresql-8.1 8.1.19-0etch1 postgresql-8.3 8.3.9-0lenny1 8.3.9-1 postgresql-8.4 8.4.2-1 In addition to these security fixes, the updates contain reliability improvements and fix other defects. We recommend that you upgrade your PostgreSQL packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2264-1 linux-2.6 -- privilege escalation/denial of service/information leak
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2524 David Howells reported an issue in the Common Internet File System. Local users could cause arbitrary CIFS shares to be mounted by introducing malicious redirects. CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. CVE-2010-4075 Dan Rosenberg reported an issue in the tty layer that may allow local users to obtain access to sensitive kernel memory. CVE-2010-4655 Kees Cook discovered several issues in the ethtool interface which may allow local users with the CAP_NET_ADMIN capability to obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service. CVE-2011-0710 Al Viro reported an issue in the /proc/<pid>/status interface on the s390 architecture. Local users could gain access to sensitive memory in processes they do not own via the task_show_regs entry. CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory. CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization. CVE-2011-1010 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service by adding a storage device with a malicious map_count value. CVE-2011-1012 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service by adding a storage device with a malicious map_count value. CVE-2011-1017 Timo Warns reported an issue in the Linux support for LDM partition tables. Users with physical access can gain access to sensitive kernel memory or gain elevated privileges by adding a storage device with a specially crafted LDM partition. CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1090 Neil Horman discovered a memory leak in the setacl call on NFSv4 filesystems. Local users can exploit this to cause a denial of service. CVE-2011-1093 Johan Hovold reported an issue in the Datagram Congestion Control Protocol implementation. Remote users could cause a denial of service by sending data after closing a socket. CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition. CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware. CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges. CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP protocol. A remote user can cause a denial of service by providing specially crafted facilities fields. CVE-2011-1577 Timo Warns reported an issue in the Linux support for GPT partition tables. Local users with physical access could cause a denial of service by adding a storage device with a malicious partition table header. CVE-2011-1593 Robert Swiecki reported a signednes issue in the next_pidmap function, which can be exploited my local users to cause a denial of service. CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call. CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialisation. CVE-2011-1768 Alexecy Dobriyan reported an issue in the IP tunnels implementation. Remote users can cause a denial of service by sending a packet during module initialisation. CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-2182 Ben Hutchings reported an issue with the fix for CVE-2011-1017 that made it insufficient to resolve the issue.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1838-1 pulseaudio -- privilege escalation
Debian GNU/Linux 5.0
pulseaudio
Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges. The old stable distribution is not affected by this issue. For the stable distribution, this problem has been fixed in version 0.9.10-3+lenny1. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your pulseaudio packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2046-1 phpgroupware -- several
Debian GNU/Linux 5.0
phpgroupware
Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0403 A local file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files. CVE-2010-0404 Multiple SQL injection vulnerabilities allows remote attackers to execute arbitrary SQL commands. For the stable distribution, these problems have been fixed in version 1:0.9.16.012+dfsg-8+lenny2 For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your phpgroupware package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2207-1 tomcat5.5 -- several
Debian GNU/Linux 5.0
tomcat5.5
Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2047-1 aria2 -- insufficient input sanitising
Debian GNU/Linux 5.0
aria2
A vulnerability was discovered in aria2, a download client. The "name" attribute of the "file" element of metalink files is not properly sanitised before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory. For the stable distribution, this problem has been fixed in version 0.14.0-1+lenny2. For the unstable distribution, this problem has been fixed in version 1.9.3-1. We recommend that you upgrade your aria2 package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2165-1 ffmpeg-debian -- buffer overflow
Debian GNU/Linux 5.0
ffmpeg-debian
Several vulnerabilities have been discovered in FFmpeg coders, which are used by by MPlayer and other applications. CVE-2010-3429 Cesar Bernardini and Felipe Andres Manzano reported an arbitrary offset dereference vulnerability in the libavcodec, in particular in the flic file format parser. A specific flic file may exploit this vulnerability and execute arbitrary code. Mplayer is also affected by this problem, as well as other software that use this library. CVE-2010-4704 Greg Maxwell discovered an integer overflow the Vorbis decoder in FFmpeg. A specific ogg file may exploit this vulnerability and execute arbitrary code. CVE-2010-4705 A potential integer overflow has been discovered in the Vorbis decoder in FFmpeg. This upload also fixes an incomplete patch from DSA-2000-1. Michael Gilbert noticed that there was remaining vulnerabilities, which may cause a denial of service and potentially execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2176-1 cups -- several
Debian GNU/Linux 5.0
cups
Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2276-2 asterisk -- multiple denial of service
Debian GNU/Linux 5.0
asterisk
DSA 2276-1 for Asterisk in the oldstable distribution introduced a functionality bug which invokes an undefined symbol.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2154-1 exim4 -- privilege escalation
Debian GNU/Linux 5.0
exim4
A design flaw in exim4 allowed the loal Debian-exim user to obtain root privileges by specifying an alternate configuration file using the -C option or by using the macro override facility. Unfortunately, fixing this vulnerability is not possible without some changes in exim4's behvaviour. If you use the -C or -D options or use the system filter facility, you should evaluate the changes carefully and adjust your configuration accordingly. The Debian default configuration is not affected by the changes. The detailed list of changes is described in the NEWS. Debian file in the packages. The relevant sections are also reproduced below. In addition to that, missing error handling for the setuid/setgid system calls allowed the Debian-exim user to cause root to append log data to arbitrary files.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2049-1 barnowl -- buffer overflow
Debian GNU/Linux 5.0
barnowl
It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM and Zephyr client, is prone to a buffer overflow via its "CC:" handling, which could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 1.0.1-4+lenny1. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.5.1-1. We recommend that you upgrade your barnowl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1891-1 changetrack -- shell command execution
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
changetrack
Marek Grzybowski discovered that changetrack, a program to monitor changes to files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters. For the stable distribution, this problem has been fixed in version 4.3-3+lenny1. For the oldstable distribution, this problem has been fixed in version 4.3-3+etch1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 4.5-2. We recommend that you upgrade your changetrack packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1998-1 kdelibs -- buffer overflow
Debian GNU/Linux 5.0
kdelibs
Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-0lenny4. For the unstable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-3. We recommend that you upgrade your kdelibs packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2147-1 pimd -- insecure temporary files
Debian GNU/Linux 5.0
pimd
Vincent Bernat discovered that pimd, a multicast routing daemon, creates files with predictable names upon the receipt of particular signals.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2142-1 dpkg -- directory traversal
Debian GNU/Linux 5.0
dpkg
Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian package management system, doesn't correctly handle paths in patches of source packages, which could make it traverse directories. Raphaël Hertzog additionally discovered that symbolic links in the .pc directory are followed, which could make it traverse directories too. Both issues only affect source packages using the "3.0 quilt" format at unpack-time.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1939-1 libvorbis -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libvorbis
Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service or possibly execute arbitrary code via a crafted .ogg file. For the oldstable distribution, these problems have been fixed in version 1.1.2.dfsg-1.4+etch1. For the stable distribution, these problems have been fixed in version 1.2.0.dfsg-3.1+lenny1. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.2.3-1 We recommend that you upgrade your libvorbis packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1968-1 pdns-recursor -- several
Debian GNU/Linux 5.0
pdns-recursor
It was discovered that pdns-recursor, the PowerDNS recursive name server, contains several vulnerabilities: A buffer overflow can be exploited to crash the daemon, or potentially execute arbitrary code. A cache poisoning vulnerability may allow attackers to trick the server into serving incorrect DNS data. For the old stable distribution, fixed packages will be provided soon. For the stable distribution, these problems have been fixed in version 3.1.7-1+lenny1. For the unstable distribution, these problems have been fixed in version 3.1.7.2-1. We recommend that you upgrade your pdns-recursor package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1727-1 proftpd-dfsg -- SQL injection vulnerabilites
Debian GNU/Linux 5.0
proftpd-dfsg
Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0542 Shino discovered that proftpd is prone to an SQL injection vulnerability via the use of certain characters in the username. CVE-2009-0543 TJ Saunders discovered that proftpd is prone to an SQL injection vulnerability due to insufficient escaping mechanisms, when multybite character encodings are used. For the stable distribution, these problems have been fixed in version 1.3.1-17lenny1. For the oldstable distribution, these problems will be fixed soon. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 1.3.2-1. We recommend that you upgrade your proftpd-dfsg package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1759-1 strongswan -- denial of service
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
strongswan
Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an IPSec implementation for linux, is prone to a denial of service attack via a malicious packet. For the stable distribution, this problem has been fixed in version 4.2.4-5+lenny1. For the oldstable distribution, this problem has been fixed in version 2.8.0+dfsg-1+etch1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your strongswan packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2153-1 linux-2.6 -- privilege escalation/denial of service/information leak
Debian GNU/Linux 5.0
linux-2.6
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0435 Gleb Napatov reported an issue in the KVM subsystem that allows virtual machines to cause a denial of service of the host machine by executing mov to/from DR instructions. CVE-2010-3699 Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can cause a denial of service on the host by retaining a leaked reference to a device. This can result in a zombie domain, xenwatch process hangs, and xm command failures. CVE-2010-4158 Dan Rosenberg discovered an issue in the socket filters subsystem, allowing local unprivileged users to obtain the contents of sensitive kernel memory. CVE-2010-4162 Dan Rosenberg discovered an overflow issue in the block I/O subsystem that allows local users to map large numbers of pages, resulting in a denial of service due to invocation of the out of memory killer. CVE-2010-4163 Dan Rosenberg discovered an issue in the block I/O subsystem. Due to improper validation of iov segments, local users can trigger a kernel panic resulting in a denial of service. CVE-2010-4242 Alan Cox reported an issue in the Bluetooth subsystem. Local users with sufficient permission to access HCI UART devices can cause a denial of service due to a missing check for an existing tty write operation. CVE-2010-4243 Brad Spengler reported a denial-of-service issue in the kernel memory accounting system. By passing large argv/envp values to exec, local users can cause the out of memory killer to kill processes owned by other users. CVE-2010-4248 Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local users can cause a denial of service due to incorrect assumptions about thread group leader behavior. CVE-2010-4249 Vegard Nossum reported an issue with the UNIX socket garbage collector. Local users can consume all of LOWMEM and decrease system performance by overloading the system with inflight sockets. CVE-2010-4258 Nelson Elhage reported an issue in Linux oops handling. Local users may be able to obtain elevated privileges if they are able to trigger an oops with a process" fs set to KERNEL_DS. CVE-2010-4342 Nelson Elhage reported an issue in the econet protocol. Remote attackers can cause a denial of service by sending an Acorn Universal Networking packet over UDP. CVE-2010-4346 Tavis Ormandy discovered an issue in the install_special_mapping routine which allows local users to bypass the mmap_min_addr security restriction. Combined with an otherwise low severity local denial of service vulnerability, a local user could obtain elevated privileges. CVE-2010-4526 Eugene Teo reported a race condition in the Linux SCTP implementation. Remote users can cause a denial of service by transmitting an ICMP unreachable message to a locked socket. CVE-2010-4527 Dan Rosenberg reported two issues in the OSS soundcard driver. Local users with access to the device may contain access to sensitive kernel memory or cause a buffer overflow, potentially leading to an escalation of privileges. CVE-2010-4529 Dan Rosenberg reported an issue in the Linux kernel IrDA socket implementation on non-x86 architectures. Local users may be able to gain access to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES getsockopt call. CVE-2010-4565 Dan Rosenberg reported an issue in the Linux CAN protocol implementation. Local users can obtain the address of a kernel heap object which might help facilitate system exploitation. CVE-2010-4649 Dan Carpenter reported an issue in the uverb handling of the InfiniBand subsystem. A potential buffer overflow may allow local users to cause a denial of service by passing in a large cmd.ne value. CVE-2010-4656 Kees Cook reported an issue in the driver for I/O-Warrior USB devices. Local users with access to these devices maybe able to overrun kernel buffers, resulting in a denial of service or privilege escalation. CVE-2010-4668 Dan Rosenberg reported an issue in the block subsystem. A local user can cause a denial of service by submitting certain 0-length I/O requests. CVE-2011-0521 Dan Carpenter reported an issue in the DVB driver for AV7110 cards. Local users can pass a negative info->num value, corrupting kernel memory and causing a denial of service.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1870-1 pidgin -- insufficient input validation
Debian GNU/Linux 5.0
pidgin
Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN. The first packet is used to create an SLP message object with an offset of zero, the second packet then contains a crafted offset which hits the vulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and allows an attacker to execute arbitrary code. Note: Users with the "Allow only the users below" setting are not vulnerable to this attack. If you can't install the below updates you may want to set this via Tools->Privacy. For the stable distribution, this problem has been fixed in version 2.4.3-4lenny3. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.5.9-1. We recommend that you upgrade your pidgin packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2151-1 openoffice.org -- several
Debian GNU/Linux 5.0
openoffice.org
Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code. CVE-2010-3450 During an internal security audit within Red Hat, a directory traversal vulnerability has been discovered in the way OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If a local user is tricked into opening a specially-crafted OOo XML filters package file, this problem could allow remote attackers to create or overwrite arbitrary files belonging to local user or, potentially, execute arbitrary code. CVE-2010-3451 During his work as a consultant at Virtual Security Research, Dan Rosenberg discovered a vulnerability in OpenOffice.org's RTF parsing functionality. Opening a maliciously crafted RTF document can caus an out-of-bounds memory read into previously allocated heap memory, which may lead to the execution of arbitrary code. CVE-2010-3452 Dan Rosenberg discovered a vulnerability in the RTF file parser which can be leveraged by attackers to achieve arbitrary code execution by convincing a victim to open a maliciously crafted RTF file. CVE-2010-3453 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8ListManager::WW8ListManager function of OpenOffice.org that allows a maliciously crafted file to cause the execution of arbitrary code. CVE-2010-3454 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8DopTypography::ReadFromMem function in OpenOffice.org that may be exploited by a maliciously crafted file which allowins an attacker to control program flow and potentially execute arbitrary code. CVE-2010-3689 Dmitri Gribenko discovered that the soffice script does not treat an empty LD_LIBRARY_PATH variable like an unset one, may lead to the execution of arbitrary code. CVE-2010-4253 A heap based buffer overflow has been discovered with unknown impact. CVE-2010-4643 A vulnerability has been discovered in the way OpenOffice.org handles TGA graphics which can be tricked by a specially crafted TGA file that could cause the program to crash due to a heap-based buffer overflow with unknown impact.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2082-1 gmime2.2 -- buffer overflow
Debian GNU/Linux 5.0
gmime2.2
It was discovered that a buffer overflow in the MIME library GMime might lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 2.2.22-2+lenny2. For the unstable distribution, this problem has been fixed in version 2.2.25-1.1. We recommend that you upgrade your gmime2.2 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1833-1 dhcp3 -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
dhcp3
Several remote vulnerabilities have been discovered in ISC's DHCP implementation: It was discovered that dhclient does not properly handle overlong subnet mask options, leading to a stack-based buffer overflow and possible arbitrary code execution. Christoph Biedl discovered that the DHCP server may terminate when receiving certain well-formed DHCP requests, provided that the server configuration mixes host definitions using "dhcp-client-identifier" and "hardware ethernet". This vulnerability only affects the lenny versions of dhcp3-server and dhcp3-server-ldap. For the old stable distribution, these problems have been fixed in version 3.0.4-13+etch2. For the stable distribution, this problem has been fixed in version 3.1.1-6+lenny2. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your dhcp3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2149-1 dbus -- denial of service
Debian GNU/Linux 5.0
dbus
Rémi Denis-Courmont discovered that dbus, a message bus application, is not properly limiting the nesting level when examining messages with extensive nested variants. This allows an attacker to crash the dbus system daemon due to a call stack overflow via crafted messages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2043-1 vlc -- integer overflow
Debian GNU/Linux 5.0
vlc
tixxDZ discovered a vulnerability in vlc, the multimedia player and streamer. Missing data validation in vlc's real data transport implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code. No Common Vulnerabilities and Exposures project identifier is available for this issue. For the stable distribution, this problem has been fixed in version 0.8.6.h-4+lenny2.3. For the testing distribution, this problem was fixed in version 1.0.1-1. We recommend that you upgrade your vlc packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1802-1 squirrelmail -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
squirrelmail
Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1578 Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data. CVE-2009-1579 Code injection was possible when SquirrelMail was configured to use the map_yp_alias function to authenticate users. This is not the default. CVE-2009-1580 It was possible to hijack an active user session by planting a specially crafted cookie into the user's browser. CVE-2009-1581 Specially crafted HTML emails could use the CSS positioning feature to place email content over the SquirrelMail user interface, allowing for phishing. For the old stable distribution, these problems have been fixed in version 2:1.4.9a-4. For the stable distribution, these problems have been fixed in version 2:1.4.15-4+lenny1. For the unstable distribution, these problems have been fixed in version 1.4.18-1. We recommend that you upgrade your squirrelmail package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2145-1 libsmi -- buffer overflow
Debian GNU/Linux 5.0
libsmi
Andres Lopez Luksenberg discovered a buffer overflow in the OID parser of libsmi, a library to access SMI MIB data.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2097-1 phpmyadmin -- insufficient input sanitising
Debian GNU/Linux 5.0
phpmyadmin
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3055 The configuration setup script does not properly sanitise its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. In Debian, the setup tool is protected through Apache HTTP basic authentication by default. CVE-2010-3056 Various cross site scripting issues have been discovered that allow a remote attacker to inject arbitrary web script or HTML. For the stable distribution, these problems have been fixed in version 4:2.11.8.1-5+lenny5. For the testing and unstable distribution, these problems have been fixed in version 3.3.5.1-1. We recommend that you upgrade your phpmyadmin package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2103-1 smbind -- sql injection
Debian GNU/Linux 5.0
smbind
It was discovered that smbind, a PHP-based tool for managing DNS zones for BIND, does not properly validating input. An unauthenticated remote attacker could execute arbitrary SQL commands or gain access to the admin account. For the stable distribution, this problem has been fixed in version 0.4.7-3+lenny1. For the unstable distribution, this problem has been fixed in version 0.4.7-5, and will migrate to the testing distribution shortly. We recommend that you upgrade your smbind package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2122-2 glibc -- missing input sanitisation
Debian GNU/Linux 5.0
glibc
Colin Watson discovered that the update for stable relased in DSA-2122-1 did not complete address the underlying security issue in all possible scenarios.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2141-2 nss -- SSL/TLS insecure renegotiation protocol design flaw
Debian GNU/Linux 5.0
nss
CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. The updated libraries allow to use shell environment variables to configure if insecure renegotiation is still allowed. The syntax of these environment variables is described in the release notes to version 3.12.6 of nss: https://developer.mozilla.org/NSS_3.12.6_release_notes However, the default behaviour for nss in Debian 5.0 is NSS_SSL_ENABLE_RENEGOTIATION=3, which allows clients to continue to renegotiate with vulnerable servers.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2124-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
Several vulnerabilities have been discovered in Xulrunner, the component that provides the core functionality of Iceweasel, Debian's variant of Mozilla's browser technology. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3765 Xulrunner allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption. CVE-2010-3174 CVE-2010-3176 Multiple unspecified vulnerabilities in the browser engine in Xulrunner allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. CVE-2010-3177 Multiple cross-site scripting vulnerabilities in the Gopher parser in Xulrunner allow remote attackers to inject arbitrary web script or HTML via a crafted name of a file or directory on a Gopher server. CVE-2010-3178 Xulrunner does not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. CVE-2010-3179 Stack-based buffer overflow in the text-rendering functionality in Xulrunner allows remote attackers to execute arbitrary code or cause a denial of service via a long argument to the document.write method. CVE-2010-3180 Use-after-free vulnerability in the nsBarProp function in Xulrunner allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. CVE-2010-3183 The LookupGetterOrSetter function in Xulrunner does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. In addition, this security update includes corrections for regressions caused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1 and DSA-2106-1. For the stable distribution, these problems have been fixed in version 1.9.0.19-6. For the unstable distribution and the upcoming stable distribution, these problems have been fixed in version 3.5.15-1 of the iceweasel package. We recommend that you upgrade your Xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2085-1 lftp -- missing input validation
Debian GNU/Linux 5.0
lftp
It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute arbitrary code. For the stable distribution, this problem has been fixed in version 3.7.3-1+lenny1. For the testing distribution, this problem has been fixed in version 4.0.6-1. For the unstable distribution, this problem has been fixed in version 4.0.6-1. We recommend that you upgrade your lftp packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1744-1 weechat -- missing input sanitisation
Debian GNU/Linux 5.0
weechat
Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients via a crafted PRIVMSG command. The weechat version in the oldstable distribution is not affected by this problem. For the stable distribution, this problem has been fixed in version 0.2.6-1+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.2.6.1-1. We recommend that you upgrade your weechat packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2132-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: For the stable distribution, these problems have been fixed in version 1.9.0.19-7. For the upcoming stable version and the unstable distribution, these problems have been fixed in version 3.5.15-1. For the experimental distribution, these problems have been fixed in version 3.6.13-1. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1742-1 libsndfile -- integer overflow
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libsndfile
Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution. For the oldstable distribution this problem has been fixed in version 1.0.16-2+etch1. For the stable distribution this problem has been fixed in version 1.0.17-4+lenny1. For the unstable distribution this problem has been fixed in version 1.0.19-1. We recommend that you upgrade your libsndfile packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1992-1 chrony -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
chrony
Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0292 chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorised hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions. CVE-2010-0293 The client logging facility of chronyd doesn't limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion. CVE-2010-0294 chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorised hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets. For the oldstable distribution, this problem has been fixed in version 1.21z-5+etch1. For the stable distribution, this problem has been fixed in version 1.23-6+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your chrony packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2157-1 postgresql-8.3, postgresql-8.4, postgresql-9.0 -- buffer overflow
Debian GNU/Linux 5.0
postgresql-8.3, postgresql-8.4, postgresql-9.0
It was discovered that PostgreSQL's intarray contrib module does not properly handle integers with a large number of digits, leading to a server crash and potentially arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1896-1 opensaml, shibboleth-sp -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
opensaml
shibboleth-sp
Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x: Chris Ries discovered that decoding a crafted URL leads to a crash. Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignored key usage constraints. For the old stable distribution, these problems have been fixed in version 1.3f.dfsg1-2+etch1 of the shibboleth-sp packages, and version 1.1a-2+etch1 of the opensaml packages. For the stable distribution, these problems have been fixed in version 1.3.1.dfsg1-3+lenny1 of the shibboleth-sp packages, and version 1.1.1-2+lenny1 of the opensaml packages. The unstable distribution does not contain Shibboleth 1.x packages. This update requires restarting the affected services to become effective. We recommend that you upgrade your Shibboleth 1.x packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1945-1 gforge -- symlink attack
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
gforge
Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. For the stable distribution, this problem has been fixed in version 4.7~rc2-7lenny3. The oldstable distribution, this problem has been fixed in version 4.5.14-22etch13. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 4.8.2-1. We recommend that you upgrade your gforge packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1972-1 audiofile -- buffer overflow
Debian GNU/Linux 5.0
audiofile
Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile. This flaw could result in a denial of service or possibly execution of arbitrary code via a crafted WAV file. The old stable distribution, this problem will be fixed in version 0.2.6-6+etch1. The packages for the oldtable distribution are not included in this advisory. An update will be released soon. For the stable distribution, this problem has been fixed in version 0.2.6-7+lenny1. For the testing distribution and the unstable distribution, this problem has been fixed in version 0.2.6-7.1. We recommend that you upgrade your audiofile packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2260-1 rails -- several
Debian GNU/Linux 5.0
rails
Two vulnerabilities were discovered in Ruby on Rails, a web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3086 The cookie store may be vulnerability to a timing attack, potentially allowing remote attackers to forge message digests. CVE-2009-4214 A cross-site scripting vulnerability in the strip_tags function allows remote user-assisted attackers to inject arbitrary web script.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2105-1 freetype -- several
Debian GNU/Linux 5.0
freetype
Several vulnerabilities have been discovered in the FreeType font library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1797 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType allow remote attackers to execute arbitrary code or cause a denial of service via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. CVE-2010-2541 Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does not properly validate certain position values, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file CVE-2010-2806 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType allows remote attackers to cause a denial of service or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. CVE-2010-2807 FreeType uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. CVE-2010-2808 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File font. CVE-2010-3053 bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service via a crafted BDF font file, related to an attempted modification of a value in a static string. For the stable distribution, these problems have been fixed in version 2.3.7-2+lenny3 For the unstable distribution and the testing distribution, these problems have been fixed in version 2.4.2-1 We recommend that you upgrade your freetype package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2115-1 moodle -- several
Debian GNU/Linux 5.0
moodle
Several remote vulnerabilities have been discovered in Moodle, a course management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1613 Moodle does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. CVE-2010-1614 Multiple cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML via vectors related to the Login-As feature or when the global search feature is enabled, unspecified global search forms in the Global Search Engine. CVE-2010-1615 Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands via vectors related to the add_to_log function in mod/wiki/view.php in the wiki module, or "data validation in some forms elements" related to lib/form/selectgroups.php. CVE-2010-1616 Moodle can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. CVE-2010-1617 user/view.php does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. CVE-2010-1618 A Cross-site scripting vulnerability in the phpCAS client library allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. CVE-2010-1619 A Cross-site scripting vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities. CVE-2010-2228 A Cross-site scripting vulnerability in the MNET access-control interface allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. CVE-2010-2229 Multiple cross-site scripting vulnerabilities in blog/index.php allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. CVE-2010-2230 The KSES text cleaning filter in lib/weblib.php does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting attacks via HTML input. CVE-2010-2231 A Cross-site request forgery vulnerability in report/overview/report.php in the quiz module allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. This security update switches to a new upstream version and requires database updates. For the stable distribution, these problems have been fixed in version 1.8.13-1. For the unstable distribution, these problems have been fixed in version 1.9.9.dfsg2-1. We recommend that you upgrade your moodle package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1877-1 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
mysql-dfsg-5.0
In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. For the stable distribution, this problem has been fixed in version 5.0.51a-24+lenny2. For the old stable distribution, this problem has been fixed in version 5.0.32-7etch11. We recommend that you upgrade your mysql packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2009-1 tdiary -- insufficient input sanitising
Debian GNU/Linux 5.0
tdiary
It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin. For the stable distribution, this problem has been fixed in version 2.2.1-1+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.2.1-1.1. We recommend that you upgrade your tdiary packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2093-1 ghostscript -- several
Debian GNU/Linux 5.0
ghostscript
Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4897 It was discovered a buffer overflow that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted PDF document containing a long name. CVE-2010-1628 Dan Rosenberg discovered that ghostscript incorrectly handled certain recursive Postscript files. An attacker could execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. For the stable distribution, these problems have been fixed in version 8.62.dfsg.1-3.2lenny5. For the testing distribution and the unstable distribution, these problems have been fixed in version 8.71~dfsg2-4 We recommend that you upgrade your ghostscript package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2099-1 openoffice.org -- buffer overflows
Debian GNU/Linux 5.0
openoffice.org
Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2191-1 proftpd-dfsg -- several
Debian GNU/Linux 5.0
proftpd-dfsg
Several vulnerabilities have been discovered in ProFTPD, a versatile, virtual-hosting FTP daemon: CVE-2008-7265 Incorrect handling of the ABOR command could lead to denial of service through elevated CPU consumption. CVE-2010-3867 Several directory traversal vulnerabilities have been discovered in the mod_site_misc module. CVE-2010-4652 A SQL injection vulnerability was discovered in the mod_sql module.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Steven Christey
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2106-1 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution, these problems have been fixed in version 1.9.0.19-4. For the unstable distribution, these problems have been fixed in version 3.5.12-1 of the iceweasel source package. For the experimental distribution, these problems have been fixed in version 3.6.9-1 of the iceweasel source package. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2104-1 quagga -- several
Debian GNU/Linux 5.0
quagga
Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2948 When processing a crafted Route Refresh message received from a configured, authenticated BGP neighbor, Quagga may crash, leading to a denial of service. CVE-2010-2949 When processing certain crafted AS paths, Quagga would crash with a NULL pointer dereference, leading to a denial of service. In some configurations, such crafted AS paths could be relayed by intermediate BGP routers. In addition, this update contains a reliability fix: Quagga will no longer advertise confederation-related AS paths to non-confederation peers, and reject unexpected confederation-related AS paths by resetting the session with the BGP peer which is advertising them. For the stable distribution, these problems have been fixed in version 0.99.10-1lenny3. For the unstable distribution and the testing distribution, these problems have been fixed in version 0.99.17-1. We recommend that you upgrade your quagga package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2243-1 unbound -- design flaw
Debian GNU/Linux 5.0
unbound
It was discovered that Unbound, a caching DNS resolver, ceases to provide answers for zones signed using DNSSEC after it has processed a crafted query. In addition, this update improves the level of DNSSEC support in the lenny version of Unbound so that it is possible for system administrators to configure the trust anchor for the root zone.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2130-1 bind9 -- several
Debian GNU/Linux 5.0
bind9
Several remote vulnerabilities have been discovered in BIND, an implementation of the DNS protocol suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3762 When DNSSEC validation is enabled, BIND does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service via a DNS query. CVE-2010-3614 BIND does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which may lead to zone unavailability during rollovers. CVE-2010-3613 BIND does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service via a query for cached data. In addition, this security update improves compatibility with previously installed versions of the bind9 package. As a result, it is necessary to initiate the update with "apt-get dist-upgrade" instead of "apt-get update". For the stable distribution, these problems have been fixed in version 1:9.6.ESV.R3+dfsg-0+lenny1. For the upcoming stable distribution and the unstable distribution, these problems have been fixed in version 1:9.7.2.dfsg.P3-1. We recommend that you upgrade your bind9 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2131-1 exim4 -- arbitrary code execution
Debian GNU/Linux 5.0
exim4
Several vulnerabilities have been found in exim4 that allow a remote attacker to execute arbitrary code as root user. Exploits for these issues have been seen in the wild. This update fixes a memory corruption issue that allows a remote attacker to execute arbitrary code as the Debian-exim user. A fix for an additional issue that allows the Debian-exim user to obtain root privileges is currently being checked for compatibility issues. It is not yet included in this upgrade but will released soon in an update to this advisory. For the stable distribution, this problem has been fixed in version 4.69-9+lenny1. This advisory only contains the packages for the alpha, amd64, hppa, i386, ia64, powerpc, and s390 architectures. The packages for the arm, armel, mips, mipsel, and sparc architectures will be released as soon as they are built. For the testing distribution and the unstable distribution, this problem has been fixed in version 4.70-1. We strongly recommend that you upgrade your exim4 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2106-2 xulrunner -- several
Debian GNU/Linux 5.0
xulrunner
DSA-2106-1 introduced a regression that could lead to an application crash. This update fixes this problem. For reference, the text of the original advisory is provided below. Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution, the problem has been fixed in version 1.9.0.19-5. The packages for the mips architecture are not included in this update. They will be released as soon as they become available. We recommend that you upgrade your xulrunner packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2077-1 openldap -- several
Debian GNU/Linux 5.0
openldap
Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences. CVE-2010-0212 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string. For the stable distribution, this problem has been fixed in version 2.4.11-1+lenny2. For the unstable distribution, this problem has been fixed in version 2.4.23-1. We recommend that you upgrade your openldap packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2183-1 nbd -- buffer overflow
Debian GNU/Linux 5.0
nbd
It was discovered a regression of a buffer overflow in nbd, the Network Block Device server, that could allow arbitrary code execution on the NBD server via a large request.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2126-1 linux-2.6 -- privilege escalation/denial of service/information leak
Debian GNU/Linux 5.0
linux-2.6
CVE-2010-2963 Kees Cook discovered an issue in the v4l 32-bit compatibility layer for 64-bit systems that allows local users with /dev/video write permission to overwrite arbitrary kernel memory, potentially leading to a privilege escalation. On Debian systems, access to /dev/video devices is restricted to members of the "video" group by default. CVE-2010-3067 Tavis Ormandy discovered an issue in the io_submit system call. Local users can cause an integer overflow resulting in a denial of service. CVE-2010-3296 Dan Rosenberg discovered an issue in the cxgb network driver that allows unprivileged users to obtain the contents of sensitive kernel memory. CVE-2010-3297 Dan Rosenberg discovered an issue in the eql network driver that allows local users to obtain the contents of sensitive kernel memory. CVE-2010-3310 Dan Rosenberg discovered an issue in the ROSE socket implementation. On systems with a rose device, local users can cause a denial of service. CVE-2010-3432 Thomas Dreibholz discovered an issue in the SCTP protocol that permits a remote user to cause a denial of service. CVE-2010-3437 Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with permission to open /dev/pktcdvd/control can obtain the contents of sensitive kernel memory or cause a denial of service. By default on Debian systems, this access is restricted to members of the group "cdrom". CVE-2010-3442 Dan Rosenberg discovered an issue in the ALSA sound system. Local users with permission to open /dev/snd/controlC0 can create an integer overflow condition that causes a denial of service. By default on Debian systems, this access is restricted to members of the group "audio". CVE-2010-3448 Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain Thinkpad systems, local users can cause a denial of service by reading /proc/acpi/ibm/video. CVE-2010-3477 Jeff Mahoney discovered an issue in the Traffic Policing module that allows local users to obtain the contents of sensitive kernel memory. CVE-2010-3705 Dan Rosenberg reported an issue in the HMAC processing code in the SCTP protocol that allows remote users to create a denial of service. CVE-2010-3848 Nelson Elhage discovered an issue in the Econet protocol. Local users can cause a stack overflow condition with large msg->msgiovlen values that can result in a denial of service or privilege escalation. CVE-2010-3849 Nelson Elhage discovered an issue in the Econet protocol. Local users can cause a denial of service if a NULL remote addr value is passed as a parameter to sendmsg. CVE-2010-3850 Nelson Elhage discovered an issue in the Econet protocol. Local users can assign econet addresses to arbitrary interfaces due to a missing capabilities check. CVE-2010-3858 Brad Spengler reported an issue in the setup_arg_pages function. Due to a bounds-checking failure, local users can create a denial of service. CVE-2010-3859 Dan Rosenberg reported an issue in the TIPC protocol. When the tipc module is loaded, local users can gain elevated privileges via the sendmsg system call. CVE-2010-3873 Dan Rosenberg reported an issue in the X.25 network protocol. Local users can cause heap corruption, resulting in a denial of service. CVE-2010-3874 Dan Rosenberg discovered an issue in the Control Area Network subsystem on 64-bit systems. Local users may be able to cause a denial of service. CVE-2010-3875 Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users can obtain the contents of sensitive kernel memory. CVE-2010-3876 Vasiliy Kulikov discovered an issue in the Packet protocol. Local users can obtain the contents of sensitive kernel memory. CVE-2010-3877 Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users can obtain the contents of sensitive kernel memory. CVE-2010-3880 Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users can cause the kernel to execute unaudited INET_DIAG bytecode, resulting in a denial of service. CVE-2010-4072 Kees Cook discovered an issue in the System V shared memory subsystem. Local users can obtain the contents of sensitive kernel memory. CVE-2010-4073 Dan Rosenberg discovered an issue in the System V shared memory subsystem. Local users on 64-bit system can obtain the contents of sensitive kernel memory via the 32-bit compatible semctl system call. CVE-2010-4074 Dan Rosenberg reported issues in the mos7720 and mos7840 drivers for USB serial converter devices. Local users with access to these devices can obtain the contents of sensitive kernel memory. CVE-2010-4078 Dan Rosenberg reported an issue in the framebuffer driver for SiS graphics chipesets. Local users with access to the framebuffer device can obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl. CVE-2010-4079 Dan Rosenberg reported an issue in the ivtvfb driver used for the Hauppauge PVR-350 card. Local users with access to the framebuffer device can obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl. CVE-2010-4080 Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP audio devices. Local users with access to the audio device can obtain the contents of sensitive kernel memory via the SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl. CVE-2010-4081 Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP MADI audio devices. Local users with access to the audio device can obtain the contents of sensitive kernel memory via the SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl. CVE-2010-4083 Dan Rosenberg discovered an issue in the semctl system call. Local users can obtain the contents of sensitive kernel memory through usage of the semid_ds structure. CVE-2010-4164 Dan Rosenberg discovered an issue in the X.25 network protocol. Remote users can achieve a denial of service by taking advantage of an integer underflow in the facility parsing code. For the stable distribution, this problem has been fixed in version 2.6.26-26lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+26lenny1
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2128-1 libxml2 -- invalid memory access
Debian GNU/Linux 5.0
libxml2
Bui Quang Minh discovered that libxml2, a library for parsing and handling XML data files, does not well process a malformed XPATH, causing crash and allowing arbitrary code execution. For the stable distribution, this problem has been fixed in version 2.6.32.dfsg-5+lenny2. For the testing and unstable distribution, this problem has been fixed in version 2.7.8.dfsg-1. We recommend that you upgrade your libxml2 package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw
Debian GNU/Linux 5.0
openssl
CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable. Currently we are not aware of other software with similar compatibility problems. CVE-2010-4180: In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1813-1 evolution-data-server -- Several vulnerabilities
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
evolution-data-server
Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. CVE-2009-0547 Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. CVE-2009-0582 It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service. For the oldstable distribution, these problems have been fixed in version 1.6.3-5etch2. For the stable distribution, these problems have been fixed in version 2.22.3-1.1+lenny1. For the testing distribution and the unstable distribution, these problems have been fixed in version 2.26.1.1-1. We recommend that you upgrade your evolution-data-server packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2086-1 avahi -- several
Debian GNU/Linux 5.0
avahi
Several vulnerabilities have been discovered in the Avahi mDNS/DNS-SD daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0758 Rob Leslie discovered a denial of service vulnerability in the code used to reflect unicast mDNS traffic. CVE-2010-2244 Ludwig Nussel discovered a denial of service vulnerability in the processing of malformed DNS packets. For the stable distribution, this problem has been fixed in version 0.6.23-3lenny2. For the unstable distribution, these problems have been fixed in version 0.6.26-1. We recommend that you upgrade your Avahi packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2154-2 exim4 -- privilege escalation / regression
Debian GNU/Linux 5.0
exim4
The updated packages from DSA-2154-1 introduced a regression which prevented unprivileged users from using "exim4 -bf" to test filter configurations. This update fixes this problem. Please also read the information provided in DSA-2154-1 if you have not done so already.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2084-1 tiff -- integer overflows
Debian GNU/Linux 5.0
tiff
Kevin Finisterre discovered that several integer overflows in the TIFF library could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 3.8.2-11.3. For the unstable distribution, this problem has been fixed in version 3.9.4-1. We recommend that you upgrade your tiff packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2196-1 maradns -- buffer overflow
Debian GNU/Linux 5.0
maradns
Witold Baryluk discovered that MaraDNS, a simple security-focused Domain Name Service server, may overflow an internal buffer when handling requests with a large number of labels, causing a server crash and the consequent denial of service.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2133-1 collectd -- denial of service
Debian GNU/Linux 5.0
collectd
It was discovered that collectd, a statistics collection and monitoring daemon, is prone to a denial of service attach via a crafted network packet. For the stable distribution, this problem has been fixed in version 4.4.2-3+lenny1. For the testing distribution, this problem has been fixed in version 4.10.1-1+squeeze2. For the unstable distribution, this problem has been fixed in version 4.10.1-2.1. This advisory only contains the packages for the alpha, amd64, arm, armel, hppa, i386, ia64, mips, powerpc, s390 and sparc architectures. The packages for the mipsel architecture will be released soon. We recommend that you upgrade your collectd packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2108-1 cvsnt -- programming error
Debian GNU/Linux 5.0
cvsnt
It has been discovered that in cvsnt, a multi-platform version of the original source code versioning system CVS, an error in the authentication code allows a malicious, unprivileged user, through the use of a specially crafted branch name, to gain write access to any module or directory, including CVSROOT itself. The attacker can then execute arbitrary code as root by modifying or adding administrative scripts in that directory. For the stable distribution, this problem has been fixed in version 2.5.03.2382-3.3+lenny1. We recommend that you upgrade your cvsnt package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2144-1 wireshark -- buffer overflow
Debian GNU/Linux 5.0
wireshark
It was discovered that a buffer overflow in the ENTTEC dissector may lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1995-1 openoffice.org -- several
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
openoffice.org
Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library. CVE-2009-2949 Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. CVE-2009-2950 Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. CVE-2009-3301/CVE-2009-3302 Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code. For the old stable distribution, these problems have been fixed in version 2.0.4.dfsg.2-7etch9. For the stable distribution, these problems have been fixed in version 1:2.4.1+dfsg-1+lenny6. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your openoffice.org packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1958-1 libtool -- privilege escalation
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
libtool
It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2156-1 pcscd -- buffer overflow
Debian GNU/Linux 5.0
pcscd
MWR InfoSecurity identified a buffer overflow in pcscd, middleware to access a smart card via PC/SC, which could lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2094-1 linux-2.6 -- privilege escalation/denial of service/information leak
Debian GNU/Linux 5.0
linux-2.6
CVE-2009-4895 Kyle Bader reported an issue in the tty subsystem that allows local users to create a denial of service. CVE-2010-2226 Dan Rosenberg reported an issue in the xfs filesystem that allows local users to copy and read a file owned by another user, for which they only have write permissions, due to a lack of permission checking in the XFS_SWAPEXT ioctl. CVE-2010-2240 Rafal Wojtczuk reported an issue that allows users to obtain escalated privileges. Users must already have sufficient privileges to execute or connect clients to an Xorg server. CVE-2010-2248 Suresh Jayaraman discovered an issue in the CIFS filesystem. A malicious file server can set an incorrect "CountHigh" value, resulting in a denial of service. CVE-2010-2521 Neil Brown reported an issue in the NFSv4 server code. A malicious client could trigger a denial of service on a server due to a bug in the read_buf routine. CVE-2010-2798 Bob Peterson reported an issue in the GFS2 file system. A file system user could cause a denial of service via certain rename operations. CVE-2010-2803 Kees Cook reported an issue in the DRM subsystem. Local users with sufficient privileges could acquire access to sensitive kernel memory. CVE-2010-2959 Ben Hawkes discovered an issue in the AF_CAN socket family. An integer overflow condition may allow local users to obtain elevated privileges. CVE-2010-3015 Toshiyuki Okajima reported an issue in the ext4 filesystem. Local users could trigger a denial of service by generating a specific set of filesystem operations. This update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details. For the stable distribution, this problem has been fixed in version 2.6.26-24lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+24lenny1
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2112-1 bzip2 -- integer overflow
Debian GNU/Linux 5.0
bzip2
Mikolaj Izdebski has discovered an integer overflow flaw in the BZ2_decompress function in bzip2/libbz2. An attacker could use a crafted bz2 file to cause a denial of service or potentially to execute arbitrary code. After the upgrade, all running services that use libbz2 need to be restarted. This update also provides rebuilt dpkg packages, which are statically linked to the fixed version of libbz2. Updated packages for clamav, which is also affected by this issue, will be provided on debian-volatile. For the stable distribution, these problems have been fixed in version 1.0.4-1+lenny1. For the testing distribution and the unstable distribution, this problem in bzip2 will be fixed soon. Updated dpkg packages are not necessary for testing/unstable. We recommend that you upgrade your bzip2 / dpkg packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-1966-1 horde3 -- insufficient input sanitising
Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
horde3
Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3237 It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file. CVE-2009-3701 It has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. This issue can only be exploited by authenticated administrators. CVE-2009-4363 It has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages. For the stable distribution, these problems have been fixed in version 3.2.2+debian0-2+lenny2. For the oldstable distribution, these problems have been fixed in version 3.1.3-4etch7. For the testing distribution and the unstable distribution, these problems have been fixed in version 3.3.6+debian0-1. We recommend that you upgrade your horde3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
Debian GNU/Linux 4.0 is installed.
Debian GNU/Linux 4.0
Debian GNU/Linux 4.0 (etch) is installed
SecPod Team
DRAFT
INTERIM
ACCEPTED
Preeti Subramanian
INTERIM
ACCEPTED
Chandan S
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2150-1 request-tracker3.6 -- unsalted password hashing
Debian GNU/Linux 5.0
request-tracker3.6
It was discovered that Request Tracker, an issue tracking system, stored passwords in its database by using an insufficiently strong hashing method. If an attacker would have access to the password database, he could decode the passwords stored in it.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2208-2 bind9 -- denial of service
Debian GNU/Linux 5.0
bind9
The BIND, a DNS server, contains a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains. Configurations not using DNSSEC validations are not affected by this usse.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2122-1 glibc -- missing input sanitisation
Debian GNU/Linux 5.0
glibc
Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable. For the stable distribution, this problem has been fixed in version 2.7-18lenny6. For the upcoming stable distribution, this problem has been fixed in version 2.11.2-6+squeeze1 of the eglibc package. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your glibc packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2125-1 openssl -- buffer overflow
Debian GNU/Linux 5.0
openssl
A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This allows an attacker to cause an appliation crash or potentially to execute arbitrary code. However, not all OpenSSL based SSL/TLS servers are vulnerable: A server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. In particular the Apache HTTP server and Stunnel are NOT affected. This upgrade fixes this issue. After the upgrade, any services using the openssl libraries need to be restarted. The checkrestart script from the debian-goodies package or lsof can help to find out which services need to be restarted. A note to users of the tor packages from the Debian backports or Debian volatile: This openssl update causes problems with some versions of tor. You need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2, respectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable is not affected by these problems. For the stable distribution, the problem has been fixed in openssl version 0.9.8g-15+lenny9. For the testing distribution and the unstable distribution, this problem has been fixed in version 0.9.8o-3. We recommend that you upgrade your openssl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2116-1 poppler -- several
Debian GNU/Linux 5.0
poppler
Joel Voss of Leviathan Security Group discovered two vulnerabilities in the Poppler PDF rendering library, which may lead to the execution of arbitrary code if a malformed PDF file is opened. For the stable distribution, these problems have been fixed in version 0.8.7-4. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your poppler packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2172-1 moodle -- several
Debian GNU/Linux 5.0
moodle
Several vulnerabilties have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2098-2 typo3-src -- several
Debian GNU/Linux 5.0
typo3-src
The update for TYPO3 in DSA 2098 introduced a regression which could make the backend functionality unusable. This update corrects the problem. For reference the original advisory below. Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. The testing distribution will be fixed soon. For the unstable distribution, these problems have been fixed in version 4.3.5-1. We recommend that you upgrade your typo3-src package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2081-1 libmikmod -- buffer overflow
Debian GNU/Linux 5.0
libmikmod
Tomas Hoger discovered that the upstream fix for CVE-2009-3995 was insufficient. This update provides a corrected package. For the stable distribution, this problem has been fixed in version 3.1.11-6.0.1+lenny1. For the unstable distribution, these problems have been fixed in version 3.1.11-6.3. We recommend that you upgrade your libmikmod packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2179-1 dtc -- SQL injection
Debian GNU/Linux 5.0
dtc
Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services. CVE-2011-0434 The bw_per_moth.php graph contains an SQL injection vulnerability. CVE-2011-0435 Insufficient checks in bw_per_month.php can lead to bandwidth usage information disclosure. CVE-2011-0436 After a registration, passwords are sent in cleartext email messages. CVE-2011-0437 Authenticated users could delete accounts using an obsolete interface which was incorrectly included in the package. This update introduces a new configuration option which controls the presence of cleartext passwords in email messages. The default is not to include cleartext passwords
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2141-3 apache2 -- backward compatibility option for SSL/TLS insecure
Debian GNU/Linux 5.0
apache2
DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that support the RFC5746 renegotiation extension. This update to apache2 adds the new SSLInsecureRenegotiation configuration option that allows to restore support for insecure clients. More information can be found in the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz .
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2123-1 nss -- several
Debian GNU/Linux 5.0
nss
Several vulnerabilities have been discovered in Mozilla's Network Security Services library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3173 NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny2. For the unstable distribution and the upcoming stable distribution, these problems have been fixed in version 3.12.8-1. We recommend that you upgrade your NSS packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2095-1 lvm2 -- insecure communication protocol
Debian GNU/Linux 5.0
lvm2
Alasdair Kergon discovered that the cluster logical volume manager daemon in lvm2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service. For the stable distribution, this problem has been fixed in version 2.02.39-8 For the testing distribution, and the unstable distribution, this problem has been fixed in version 2.02.66-3 We recommend that you upgrade your lvm2 package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2148-1 tor -- several
Debian GNU/Linux 5.0
tor
The developers of Tor, an anonymizing overlay network for TCP, found three security issues during a security audit. A heap overflow allowed the execution of arbitrary code, a denial of service vulnerability was found in the zlib compression handling and some key memory was incorrectly zeroed out before being freed. The latter two issues do not yet have CVE identifiers assigned
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2146-1 mydms -- directory traversal
Debian GNU/Linux 5.0
mydms
D. Fabian and L. Weichselbaum discovered a directory traversal vulnerability in MyDMS, a open-source document management system based on PHP and MySQL.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2089-1 php5 -- several
Debian GNU/Linux 5.0
php5
Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1917 The fnmatch function can be abused to conduct denial of service attacks by the means of a stack overflow. CVE-2010-2225 The SplObjectStorage unserializer allows attackers to execute arbitrary code via serialized data by the means of a use-after-free vulnerability. MOPS-60 The default sessions serializer does not correctly handle a special marker, which allows an attacker to inject arbitrary variables into the session and possibly exploit vulnerabilities in the unserializer. For the vulnerability described by CVE-2010-1128 we do not consider upstream's solution to be sufficient. It is recommended to uncomment the "session.entropy_file" and "session.entropy_length" settings in the php.ini files. Further improvements can be achieved by setting "session.hash_function" to 1 and incrementing the value of "session.entropy_length." For the stable distribution, these problems have been fixed in version 5.2.6.dfsg.1-1+lenny9. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your php5 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2141-4 lighttpd -- compatibility problem with updated openssl
Debian GNU/Linux 5.0
lighttpd
The openssl update in DSA-2141-1 caused a regression in lighttpd. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries. This update fixes this problem.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2111-1 squid3 -- denial of service
Debian GNU/Linux 5.0
squid3
Phil Oester discovered that squid3, a fully featured Web Proxy cache, is prone to a denial of service attack via a specially crafted request that includes empty strings. For the stable distribution, this problem has been fixed in version 3.0.STABLE8-3+lenny4. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.1.6-1.1. We recommend that you upgrade your squid3 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2092-1 lxr-cvs -- missing input sanitising
Debian GNU/Linux 5.0
lxr-cvs
Dan Rosenberg discovered that in lxr-cvs, a code-indexing tool with a web frontend, not enough sanitation of user input is performed; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. For the stable distribution, this problem has been fixed in version 0.9.5+cvs20071020-1+lenny1. For the testing distribution, this problem has been fixed in version 0.9.5+cvs20071020-1.1. We recommend that you upgrade your lxr-cvs packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2117-1 apr-util -- denial of service
Debian GNU/Linux 5.0
apr-util
APR-util is part of the Apache Portable Runtime library which is used by projects such as Apache httpd and Subversion. Jeff Trawick discovered a flaw in the apr_brigade_split_line function in apr-util. A remote attacker could send crafted http requests to cause a greatly increased memory consumption in Apache httpd, resulting in a denial of service. This upgrade fixes this issue. After the upgrade, any running apache2 server processes need to be restarted. For the stable distribution, this problem has been fixed in version 1.2.12+dfsg-8+lenny5. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.3.9+dfsg-4. We recommend that you upgrade your apr-util packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2097-2 phpmyadmin -- insufficient input sanitising
Debian GNU/Linux 5.0
phpmyadmin
The update in DSA 2097 for phpMyAdmin did not correctly apply the intended changes, thereby not completely addressing the vulnerabilities. Updated packages now fix the issues described in the original advisory text below. Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3055 The configuration setup script does not properly sanitise its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. In Debian, the setup tool is protected through Apache HTTP basic authentication by default. CVE-2010-3056 Various cross site scripting issues have been discovered that allow a remote attacker to inject arbitrary web script or HTML. For the stable distribution, these problems have been fixed in version 4:2.11.8.1-5+lenny6. For the testing and unstable distribution, these problems have been fixed in version 3.3.5.1-1. We recommend that you upgrade your phpmyadmin package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2078-1 mapserver -- several
Debian GNU/Linux 5.0
mapserver
Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2539 A stack-based buffer overflow in the msTmpFile function might lead to arbitrary code execution under some conditions. CVE-2010-2540 It was discovered that the CGI debug command-line arguments which are enabled by default are insecure and may allow a remote attacker to execute arbitrary code. Therefore they have been disabled by default. For the stable distribution, this problem has been fixed in version 5.0.3-3+lenny5. For the testing distribution, this problem has been fixed in version 5.6.4-1. For the unstable distribution, this problem has been fixed in version 5.6.4-1. We recommend that you upgrade your mapserver packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2114-1 git-core -- buffer overflow
Debian GNU/Linux 5.0
git-core
The Debian stable point release 5.0.6 included updated packages of the Git revision control system in order to fix a security issue. Unfortunately, the update introduced a regression which could make it impossible to clone or create git repositories. This upgrade fixes this regression, which is tracked as Debian bug #595728. The original security issue allowed an attacker to execute arbitrary code if he could trick a local user to execute a git command in a crafted working directory. For the stable distribution, this problem has been fixed in version 1.5.6.5-3+lenny3.2. The packages for the hppa architecture are not included in this advisory. However, the hppa architecture is not known to be affected by the regression. For the testing distribution and the unstable distribution, the security issue has been fixed in version 1.7.1-1.1. These distributions were not affected by the regression. We recommend that you upgrade your git-core packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2155-1 freetype -- several
Debian GNU/Linux 5.0
freetype
Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2101-1 wireshark -- several
Debian GNU/Linux 5.0
wireshark
Several implementation errors in the dissector of the Wireshark network traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal Decompressor Virtual Machine may lead to the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.0.2-3+lenny10. For the unstable distribution, these problems have been fixed in version 1.2.10-1. We recommend that you upgrade your wireshark packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2098-1 typo3-src -- several
Debian GNU/Linux 5.0
typo3-src
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. The testing distribution will be fixed soon. For the unstable distribution, these problems have been fixed in version 4.3.5-1. We recommend that you upgrade your typo3-src package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2080-1 ghostscript -- several
Debian GNU/Linux 5.0
ghostscript
Several security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter, which might lead to the execution of arbitrary code if a user processes a malformed PDF or Postscript file. For the stable distribution, these problems have been fixed in version 8.62.dfsg.1-3.2lenny4. For the unstable distribution, these problems have been fixed in version 8.71~dfsg-4. We recommend that you upgrade your ghostscript packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2113-1 drupal6 -- several vulnerabilities
Debian GNU/Linux 5.0
drupal6
Several vulnerabilities have been discovered in drupal6 a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3091 Several issues have been discovered in the OpenID module that allows malicious access to user accounts. CVE-2010-3092 The upload module includes a potential bypass of access restrictions due to not checking letter case-sensitivity. CVE-2010-3093 The comment module has a privilege escalation issue that allows certain users to bypass limitations. CVE-2010-3094 Several cross-site scripting issues have been discovered in the Action feature. For the stable distribution, these problems have been fixed in version 6.6-3lenny6. For the testing distribution and the unstable distribution, these problems have been fixed in version 6.18-1. We recommend that you upgrade your drupal6 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2109-1 samba -- buffer overflow
Debian GNU/Linux 5.0
samba
A vulnerability has been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The sid_parse function does not correctly check its input lengths when reading a binary representation of a Windows SID. This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. For the stable distribution, this problem has been fixed in version 2:3.2.5-4lenny13. For the testing distribution and the unstable distribution, this problem will be fixed in version 3.5.5~dfsg-1. We recommend that you upgrade your samba packages. The packages for the mips architecture are not included in this upgrade. They will be released as soon as they become available.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2096-1 zope-ldapuserfolder -- missing input validation
Debian GNU/Linux 5.0
zope-ldapuserfolder
Jeremy James discovered that in zope-ldapuserfolder, a Zope extension used to authenticate against an LDAP server, the authentication code does not verify the password provided for the emergency user. Malicious users that manage to get the emergency user login can use this flaw to gain administrative access to the Zope instance, by providing an arbitrary password. For the stable distribution, this problem has been fixed in version 2.9-1+lenny1. The package no longer exists in the upcoming stable distribution or the unstable distribution. We recommend that you upgrade your zope-ldapuserfolder package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2120-1 postgresql-8.3 -- privilege escalation
Debian GNU/Linux 5.0
postgresql-8.3
Tim Bunce discovered that PostgreSQL, a database server software, does not properly separate interpreters for server-side stored procedures which run in different security contexts. As a result, non-privileged authenticated database users might gain additional privileges. Note that this security update may impact intended communication through global variables between stored procedures. It might be necessary to convert these functions to run under the plperlu or pltclu languages, with database superuser privileges. This security update also includes unrelated bug fixes from PostgreSQL 8.3.12. For the stable distribution, this problem has been fixed in version 8.3_8.3.12-0lenny1. For the unstable distribution, this problem has been fixed in version 8.4.5-1 of the postgresql-8.4 package. We recommend that you upgrade your PostgreSQL packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2090-1 socat -- incorrect user-input validation
Debian GNU/Linux 5.0
socat
A stack overflow vulnerability was found in socat that allows an attacker to execute arbitrary code with the privileges of the socat process. This vulnerability can only be exploited when an attacker is able to inject more than 512 bytes of data into socat's argument. A vulnerable scenario would be a CGI script that reads data from clients and uses this data as argument for a socat invocation. For the stable distribution, this problem has been fixed in version 1.6.0.1-1+lenny1. For the unstable distribution, this problem has been fixed in version 1.7.1.3-1. We recommend that you upgrade your socat package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2100-1 openssl -- double free
Debian GNU/Linux 5.0
openssl
George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny8. For the unstable distribution, this problem has been fixed in version 0.9.8o-2. We recommend that you upgrade your openssl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2217-1 dhcp3 -- missing input sanitisation
Debian GNU/Linux 5.0
dhcp3
Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of dhcp3, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2107-1 couchdb -- untrusted search path
Debian GNU/Linux 5.0
couchdb
Dan Rosenberg discovered that in couchdb, a distributed, fault-tolerant and schema-free document-oriented database, an insecure library search path is used; a local attacker could execute arbitrary code by first dumping a maliciously crafted shared library in some directory, and then having an administrator run couchdb from this same directory. For the stable distribution, this problem has been fixed in version 0.8.0-2+lenny1. We recommend that you upgrade your couchdb package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2143-1 mysql-dfsg-5.0 -- several vulnerabilities
Debian GNU/Linux 5.0
mysql-dfsg-5.0
Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3677 It was discovered that MySQL allows remote authenticated users to cause a denial of service via a join query that uses a table with a unique SET column. CVE-2010-3680 It was discovered that MySQL allows remote authenticated users to cause a denial of service by creating temporary tables while using InnoDB, which triggers an assertion failure. CVE-2010-3681 It was discovered that MySQL allows remote authenticated users to cause a denial of service by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. CVE-2010-3682 It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could crash the server. CVE-2010-3833 It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could crash the server. CVE-2010-3834 It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could crash the server. CVE-2010-3835 It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could crash the server. CVE-2010-3836 It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could crash the server. CVE-2010-3837 It was discovered that MySQL incorrectly handled using GROUP_CONCAT and WITH ROLLUP together. An authenticated user could crash the server. CVE-2010-3838 It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST or LEAST functions. An authenticated user could crash the server. CVE-2010-3840 It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB function. An authenticated user could crash the server.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2266-2 php5 -- several
Debian GNU/Linux 5.0
php5
The update for CVE-2010-2531 for the old stable distribution introduced a regression, which lead to additional output being written to stdout.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2091-1 squirrelmail -- No user-specific token implemented
Debian GNU/Linux 5.0
squirrelmail
SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other actions, by tricking the victim into following a link controled by the offender. In addition, a denial-of-service was fixed, which could be triggered when a passwords containing 8-bit characters was used to log in. For the stable distribution, these problems have been fixed in version 2:1.4.15-4+lenny3.1. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.4.21-1. We recommend that you upgrade your squirrelmail packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2152-1 hplip -- buffer overflow
Debian GNU/Linux 5.0
hplip
Sebastian Krahmer discovered a buffer overflow in the SNMP discovery code of the HP Linux Printing and Imaging System, which could result in the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2129-1 krb5 -- checksum verification weakness
Debian GNU/Linux 5.0
krb5
A vulnerability has been found in krb5, the MIT implementation of Kerberos. MIT krb5 clients incorrectly accept an unkeyed checksums in the SAM-2 preauthentication challenge: An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some circumstances, this can negate the incremental security benefit of using a single-use authentication mechanism token. MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying KRB-SAFE messages: An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. Few application protocols use KRB-SAFE messages. The Common Vulnerabilities and Exposures project has assigned CVE-2010-1323 to these issues. For the stable distribution, these problems have been fixed in version 1.6.dfsg.4~beta1-5lenny6. The builds for the mips architecture are not included in this advisory. They will be released as soon as they are available. For the testing distribution and the unstable distribution, these problem have been fixed in version 1.8.3+dfsg-3. We recommend that you upgrade your krb5 packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2234-1 zodb -- several
Debian GNU/Linux 5.0
zodb
Several remote vulnerabilities have been discovered in python-zodb, a set of tools for using ZODB, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identified the following problems: CVE-2009-0668 The ZEO server doesn't restrict the callables when unpickling data received from a malicious client which can be used by an attacker to execute arbitrary python code on the server by sending certain exception pickles. This also allows an attacker to import any importable module as ZEO is importing the module containing a callable specified in a pickle to test for a certain flag. CVE-2009-0669 Due to a programming error an authorisation method in the StorageServer component of ZEO was not used as an internal method. This allows a malicious client to bypass authentication when connecting to a ZEO server by simply calling this authorisation method. The update also limits the number of new object ids a client can request to 100 as it would be possible to consume huge amounts of resources by requesting a big batch of new object ids. No CVE id has been assigned to this.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2140-1 libapache2-mod-fcgid -- stack overflow
Debian GNU/Linux 5.0
libapache2-mod-fcgid
A vulnerability has been found in Apache mod_fcgid. The Common Vulnerabilities and Exposures project identifies the following problem: CVE-2010-3872 A stack overflow could allow an untrusted FCGI application to cause a server crash or possibly to execute arbitrary code as the user running the web server.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2070 freetype -- several vulnerabilities
Debian GNU/Linux 5.0
freetype
Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2064 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: "wushi" discovered that incorrect pointer handling in the frame processing code could lead to the execution of arbitrary code. "Nils" discovered that an integer overflow in DOM node parsing could lead to the execution of arbitrary code. Ilja von Sprundel discovered that incorrect parsing of Content-Disposition headers could lead to cross-site scripting. Microsoft engineers discovered that incorrect memory handling in the interaction of browser plugins could lead to the execution of arbitrary code. Martin Barbella discovered that an integer overflow in XSLT node parsing could lead to the execution of arbitrary code. Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben Turner, Jonathan Kew and David Humphrey discovered crashes in the layout engine, which might allow the execution of arbitrary code. "boardraider" and "stedenon" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Bob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2052 krb5 -- null pointer dereference
Debian GNU/Linux 5.0
krb5
Shawn Emery discovered that in MIT Kerberos 5 , a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2056 zonecheck -- missing input sanitising
Debian GNU/Linux 5.0
zonecheck
It was discovered that in zonecheck, a tool to check DNS configurations, the CGI does not perform sufficient sanitation of user input; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2074 ncompress -- integer underflow
Debian GNU/Linux 5.0
ncompress
Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2110-1 linux-2.6 -- privilege escalation/denial of service/information leak
Debian GNU/Linux 5.0
linux-2.6
CVE-2010-2492 Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer overflow condition may allow local users to cause a denial of service or gain elevated privileges. CVE-2010-2954 Tavis Ormandy reported an issue in the irda subsystem which may allow local users to cause a denial of service via a NULL pointer dereference. CVE-2010-3078 Dan Rosenberg discovered an issue in the XFS file system that allows local users to read potentially sensitive kernel memory. CVE-2010-3080 Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation layer. Local users with sufficient privileges to open /dev/sequencer can cause a denial of service via a NULL pointer dereference. CVE-2010-3081 Ben Hawkes discovered an issue in the 32-bit compatibility code for 64-bit systems. Local users can gain elevated privileges due to insufficient checks in compat_alloc_user_space allocations. For the stable distribution, this problem has been fixed in version 2.6.26-25lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+25lenny1
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2067 mahara -- several vulnerabilities
Debian GNU/Linux 5.0
mahara
Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder. The following Common Vulnerabilities and Exposures project ids identify them: Multiple pages performed insufficient input sanitising, making them vulnerable to cross-site scripting attacks. Multiple forms lacked protection against cross-site request forgery attacks, therefore making them vulnerable. Gregor Anzelj discovered that it was possible to accidentally configure an installation of mahara that allows access to another user's account without a password. Certain Internet Explorer-specific cross-site scripting vulnerabilities were discovered in HTML Purifier, of which a copy is included in the mahara package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2087-1 cabextract -- programming error
Debian GNU/Linux 5.0
cabextract
It was discovered that a programming error in the archive test mode of cabextract, a program to extract Microsoft Cabinet files, could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 1.2-3+lenny1. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your cabextract package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2083-1 moin -- missing input sanitisation
Debian GNU/Linux 5.0
moin
It was discovered that moin, a python clone of WikiWiki, does not sufficiently sanitise parameters when passing them to the add_msg function. This allows a remote attackers to conduct cross-site scripting attacks for example via the template parameter. For the stable distribution, this problem has been fixed in version 1.7.1-3+lenny5. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.9.3-1.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2049 barnowl -- buffer overflow
Debian GNU/Linux 5.0
barnowl
It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM and Zephyr client, is prone to a buffer overflow via its "CC:" handling, which could lead to the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2069 znc -- denial of service
Debian GNU/Linux 5.0
znc
It was discovered that znc, an IRC bouncer, is vulnerable to denial of service attacks via a NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2050 kdegraphics -- several vulnerabilities
Debian GNU/Linux 5.0
kdegraphics
Several local vulnerabilities have been discovered in KPDF, a PDF viewer for KDE, which allow the execution of arbitrary code or denial of service if a user is tricked into opening a crafted PDF document.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2115-2 moodle -- several
Debian GNU/Linux 5.0
moodle
DSA-2115-1 introduced a regression because it lacked a dependency on the wwwconfig-common package, leading to installations problems. This update addresses this issue. For reference, the text of the original advisory is provided below. Several remote vulnerabilities have been discovered in Moodle, a course management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1613 Moodle does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. CVE-2010-1614 Multiple cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML via vectors related to the Login-As feature or when the global search feature is enabled, unspecified global search forms in the Global Search Engine. CVE-2010-1615 Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands via vectors related to the add_to_log function in mod/wiki/view.php in the wiki module, or "data validation in some forms elements" related to lib/form/selectgroups.php. CVE-2010-1616 Moodle can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. CVE-2010-1617 user/view.php does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. CVE-2010-1618 A Cross-site scripting vulnerability in the phpCAS client library allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. CVE-2010-1619 A Cross-site scripting vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities. CVE-2010-2228 A Cross-site scripting vulnerability in the MNET access-control interface allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. CVE-2010-2229 Multiple cross-site scripting vulnerabilities in blog/index.php allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. CVE-2010-2230 The KSES text cleaning filter in lib/weblib.php does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting attacks via HTML input. CVE-2010-2231 A Cross-site request forgery vulnerability in report/overview/report.php in the quiz module allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. This security update switches to a new upstream version and requires database updates. For the stable distribution, these problems have been fixed in version 1.8.13-2. For the unstable distribution, these problems have been fixed in version 1.9.9.dfsg2-1. We recommend that you upgrade your moodle package.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2055 openoffice.org -- macro execution
Debian GNU/Linux 5.0
openoffice.org
It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft® Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in certain use cases of the python macro viewer component.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2065 kvirc -- several vulnerabilities
Debian GNU/Linux 5.0
kvirc
Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2071 libmikmod -- buffer overflows
Debian GNU/Linux 5.0
libmikmod
Dyon Balding discovered buffer overflows in the MikMod sound library, which could lead to the execution of arbitrary code if a user is tricked into opening malformed Impulse Tracker or Ultratracker sound files.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2062 sudo -- missing input sanitisation
Debian GNU/Linux 5.0
sudo
Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2054 bind9 -- DNS cache poisoning
Debian GNU/Linux 5.0
bind9
Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root , and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade".
SecPod Team
DRAFT
INTERIM
ACCEPTED
Pavel Kankovsky
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2127-1 wireshark -- denial of service
Debian GNU/Linux 5.0
wireshark
A flaw has been found in wireshark, a network protocol analyzer. It was found that the ASN.1 BER dissector was susceptible to a stack overflow, causing the application to crash. For the stable distribution, the problem has been fixed in version 1.0.2-3+lenny11. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.2.11-3. We recommend that you upgrade your wireshark packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2118-1 subversion -- logic flaw
Debian GNU/Linux 5.0
subversion
Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn module of subversion, a version control system, is not properly enforcing access rules which are scope-limited to named repositories. If the SVNPathAuthz option is set to "short_circuit" set this may enable an unprivileged attacker to bypass intended access restrictions and disclose or modify repository content. As a workaround it is also possible to set SVNPathAuthz to "on" but be advised that this can result in a performance decrease for large repositories. For the stable distribution, this problem has been fixed in version 1.5.1dfsg1-5. For the testing distribution, this problem has been fixed in version 1.6.12dfsg-2. For the unstable distribution, this problem has been fixed in version 1.6.12dfsg-2. We recommend that you upgrade your samba packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2057 mysql-dfsg-5.0 -- several vulnerabilities
Debian GNU/Linux 5.0
mysql-dfsg-5.0
Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2102-1 barnowl -- unchecked return value
Debian GNU/Linux 5.0
barnowl
It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service , and possibly execute arbitrary code. For the stable distribution, this problem has been fixed in version 1.0.1-4+lenny2. For the testing distribution, this problem has been fixed in version 1.6.2-1. For the unstable distribution, this problem has been fixed in version 1.6.2-1. We recommend that you upgrade your barnowl packages.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2073 mlmmj -- insufficient input sanitising
Debian GNU/Linux 5.0
mlmmj
Florian Streibelt reported a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users" requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and/or delete arbitrary files.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2063 pmount -- insecure temporary file
Debian GNU/Linux 5.0
pmount
Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2060 cacti -- insufficient input sanitisation
Debian GNU/Linux 5.0
cacti
Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2051 postgresql-8.3 -- several vulnerabilities
Debian GNU/Linux 5.0
postgresql-8.3
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. It was discovered that an unprivileged user could reset superuser-only parameter settings.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2068 python-cjson -- buffer overflow
Debian GNU/Linux 5.0
python-cjson
Matt Giuca discovered a buffer overflow in python-cjson, a fast JSON encoder/decoder for Python. This allows a remote attacker to cause a denial of service through a specially-crafted Python script.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2076 gnupg2 -- use-after-free
Debian GNU/Linux 5.0
gnupg2
It was discovered that GnuPG 2 uses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2047 aria2 -- insufficient input sanitising
Debian GNU/Linux 5.0
aria2
A vulnerability was discovered in aria2, a download client. The "name" attribute of the "file" element of metalink files is not properly sanitised before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2048 dvipng -- buffer overflow
Debian GNU/Linux 5.0
dvipng
Dan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service, and possibly arbitrary code execution.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2061 samba -- memory corruption
Debian GNU/Linux 5.0
samba
Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
Maria Mikhno
INTERIM
ACCEPTED
ACCEPTED
DSA-2075 xulrunner -- several vulnerabilities
Debian GNU/Linux 5.0
xulrunner
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. "regenrecht" discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code. "JS3" discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code. Jordi Chancel discovered that the location could be spoofed to appear like a secured page. "regenrecht" discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code. Soroush Dalili discovered an information leak in script processing.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2072 libpng -- several vulnerabilities
Debian GNU/Linux 5.0
libpng
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service via a PNG image containing malformed Physical Scale chunks.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2059 pcsc-lite -- buffer overflow
Debian GNU/Linux 5.0
pcsc-lite
It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
DSA-2066 wireshark -- several vulnerabilities
Debian GNU/Linux 5.0
wireshark
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer. It was discovered that null pointer dereferences, buffer overflows and infinite loops in the SMB, SMB PIPE, ASN1.1 and SigComp dissectors could lead to denial of service or the execution of arbitrary code.
SecPod Team
DRAFT
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
Debian GNU/Linux 5.0 is installed
Debian GNU/Linux 5.0
Debian GNU/Linux 5.0 (lenny) is installed
SecPod Team
DRAFT
INTERIM
ACCEPTED
Preeti Subramanian
INTERIM
ACCEPTED
Chandan S
INTERIM
ACCEPTED
Sergey Artykhov
INTERIM
ACCEPTED
ACCEPTED
dovecot-dev
dovecot-pop3d
dovecot-imapd
dovecot-common
wesnoth-all
wesnoth-sof
wesnoth-sotbe
wesnoth-l
wesnoth-dbg
wesnoth-aoi
wesnoth-did
wesnoth-editor
wesnoth-trow
wesnoth-httt
wesnoth-utbs
wesnoth-server
wesnoth-tools
wesnoth-nr
wesnoth-data
wesnoth-music
wesnoth
wesnoth-tsg
wesnoth-ttb
wesnoth-ei
wesnoth-thot
libmodplug-dev
libmodplug0c2
fetchmail
fetchmailconf
wx2.4-doc
libwxgtk2.4-contrib-dev
wx2.4-examples
libwxbase2.8-dbg
libwxbase2.4-1
python-wxversion
libwxgtk2.6-0
libwxbase2.4-dbg
libwxgtk2.4-1-contrib
libwxbase2.4-dev
wx2.4-i18n
libwxgtk2.8-dev
python-wxgtk2.6-dbg
libwxbase2.8-dev
libwxbase2.6-dbg
wx2.4-headers
wx2.6-examples
libwxbase2.8-0
python-wxgtk2.4
wx2.6-doc
python-wxtools
wx2.8-doc
python-wxgtk2.6
libwxgtk2.4-dbg
libwxgtk2.8-0
libwxgtk2.4-1
libwxgtk2.8-dbg
wx2.6-i18n
libwxbase2.6-0
wx2.6-headers
wx2.8-i18n
wx-common
libwxbase2.6-dev
wx2.8-headers
libwxgtk2.4-dev
libwxgtk2.6-dbg
python-wxgtk2.8
python-wxgtk2.8-dbg
libwxgtk2.6-dev
wx2.8-examples
freetype2-demos
libfreetype6-dev
libfreetype6
php-mail
dhcp3-relay
dhcp3-server
dhcp3-client
dhcp3-dev
dhcp3-server-ldap
dhcp-client
dhcp3-common
eggdrop-data
eggdrop
evolution-data-server-common
evolution-data-server
evolution-data-server-dbg
evolution-data-server-dev
djbdns
dbndns
dnscache-run
bugzilla3-doc
bugzilla3
dnsmasq
dnsmasq-base
dbus-1-utils
dbus-1-doc
dbus-x11
libldap-2.3-0
kolab-libcyrus-imap-perl
kolab-cyrus-common
kolab-cyrus-imapd
kolab-cyrus-clients
kolab-cyrus-admin
kolab-cyrus-pop3d
qemu
ksvg
kview
kdvi
kdegraphics-doc-html
kghostview
kdegraphics-dev
kfax
kfaxview
kuickshow
libkscan-dev
kruler
kgamma
kdegraphics-dbg
kdegraphics
kmrml
kpdf
ksnapshot
kooka
kpovmodeler
kdegraphics-kfile-plugins
kolourpaint
kcoloredit
kviewshell
kiconedit
libkscan1
kamera
libopenexr2c2a
libopenexr6
libopenexr-dev
openexr
request-tracker3.4
rt3.4-clients
rt3.6-db-postgresql
rt3.6-db-mysql
rt3.6-clients
rt3.6-db-sqlite
rt3.6-apache
rt3.6-apache2
rt3.4-apache2
rt3.4-apache
znc
dkim-filter
ethereal-dev
ethereal-common
ethereal
ldnsutils
libldns-dev
libldns1
graphicsmagick-imagemagick-compat
libgraphicsmagick++1-dev
graphicsmagick
libgraphicsmagick1
graphicsmagick-libmagick-dev-compat
libgraphicsmagick++1
graphicsmagick-dbg
libgraphicsmagick1-dev
libgraphics-magick-perl
squid
squid-common
squid-cgi
libxerces2-java
libxerces2-java-doc
libxerces2-java-gcj
speakup-modules-2.6-parisc64
speakup-modules-2.6-parisc
et131x-modules-2.6.26-2-parisc
lzma-modules-2.6.26-2-parisc-smp
aufs-modules-2.6-parisc64
nilfs2-modules-2.6-parisc-smp
lzma-modules-2.6-parisc
aufs-modules-2.6.26-2-parisc-smp
lzma-modules-2.6-parisc-smp
speakup-modules-2.6-parisc64-smp
speakup-modules-2.6.26-2-parisc-smp
aufs-modules-2.6-parisc64-smp
nilfs2-modules-2.6.26-2-parisc64
redhat-cluster-modules-2.6.26-2-parisc64-smp
redhat-cluster-modules-2.6.26-2-parisc-smp
loop-aes-modules-2.6-parisc64-smp
atl2-modules-2.6.26-2-parisc64
speakup-modules-2.6-parisc-smp
speakup-modules-2.6.26-2-parisc64
redhat-cluster-modules-2.6-parisc64-smp
redhat-cluster-modules-2.6.26-2-parisc64
et131x-modules-2.6-parisc64
atl2-modules-2.6-parisc64
drbd8-modules-2.6.26-2-parisc64
drbd8-modules-2.6-parisc64
loop-aes-modules-2.6-parisc-smp
et131x-modules-2.6-parisc64-smp
loop-aes-modules-2.6-parisc64
atl2-modules-2.6.26-2-parisc-smp
lzma-modules-2.6.26-2-parisc
aufs-modules-2.6-parisc
redhat-cluster-modules-2.6-parisc
aufs-modules-2.6.26-2-parisc
aufs-modules-2.6.26-2-parisc64
drbd8-modules-2.6.26-2-parisc
et131x-modules-2.6-parisc-smp
nilfs2-modules-2.6-parisc
drbd8-modules-2.6.26-2-parisc64-smp
nilfs2-modules-2.6.26-2-parisc-smp
redhat-cluster-modules-2.6-parisc-smp
drbd8-modules-2.6-parisc
nilfs2-modules-2.6.26-2-parisc
atl2-modules-2.6-parisc-smp
atl2-modules-2.6.26-2-parisc
et131x-modules-2.6-parisc
speakup-modules-2.6.26-2-parisc64-smp
aufs-modules-2.6.26-2-parisc64-smp
lzma-modules-2.6.26-2-parisc64-smp
drbd8-modules-2.6-parisc64-smp
nilfs2-modules-2.6-parisc64-smp
drbd8-modules-2.6.26-2-parisc-smp
et131x-modules-2.6.26-2-parisc-smp
aufs-modules-2.6-parisc-smp
loop-aes-modules-2.6.26-2-parisc64-smp
drbd8-modules-2.6-parisc-smp
lzma-modules-2.6-parisc64-smp
et131x-modules-2.6.26-2-parisc64-smp
redhat-cluster-modules-2.6.26-2-parisc
atl2-modules-2.6-parisc64-smp
nilfs2-modules-2.6-parisc64
speakup-modules-2.6.26-2-parisc
nilfs2-modules-2.6.26-2-parisc64-smp
redhat-cluster-modules-2.6-parisc64
atl2-modules-2.6-parisc
loop-aes-modules-2.6.26-2-parisc
lzma-modules-2.6.26-2-parisc64
loop-aes-modules-2.6.26-2-parisc64
et131x-modules-2.6.26-2-parisc64
loop-aes-modules-2.6.26-2-parisc-smp
aufs-modules-2.6.26-2-xen-amd64
lzma-modules-2.6-xen-amd64
loop-aes-modules-2.6.26-2-openvz-amd64
speakup-modules-2.6.26-2-xen-amd64
iscsitarget-modules-2.6.26-2-vserver-amd64
tp-smapi-modules-2.6.26-2-xen-amd64
redhat-cluster-modules-2.6-openvz-amd64
drbd8-modules-2.6-vserver-amd64
squashfs-modules-2.6.26-2-xen-amd64
gspca-modules-2.6-amd64
loop-aes-modules-2.6-parisc
aufs-modules-2.6-vserver-amd64
drbd8-modules-2.6.26-2-vserver-amd64
lzma-modules-2.6-parisc64
speakup-modules-2.6-amd64
aufs-modules-2.6-openvz-amd64
squashfs-modules-2.6.26-2-openvz-amd64
atl2-modules-2.6.26-2-parisc64-smp
squashfs-modules-2.6-xen-amd64
tp-smapi-modules-2.6.26-2-openvz-amd64
loop-aes-modules-2.6.26-2-vserver-s390x
squashfs-modules-2.6.26-2-vserver-amd64
squashfs-modules-2.6.26-2-amd64
loop-aes-modules-2.6-s390x
squashfs-modules-2.6.26-2-vserver-s390x
speakup-modules-2.6-openvz-amd64
drbd8-modules-2.6.26-2-amd64
aufs-modules-2.6.26-2-amd64
loop-aes-modules-2.6-s390
loop-aes-modules-2.6-amd64
virtualbox-ose-modules-2.6.26-2-vserver-amd64
redhat-cluster-modules-2.6.26-2-amd64
iscsitarget-modules-2.6-xen-amd64
squashfs-modules-2.6-amd64
squashfs-modules-2.6-s390
gspca-modules-2.6.26-2-openvz-amd64
lzma-modules-2.6.26-2-vserver-amd64
lzma-modules-2.6-vserver-s390x
et131x-modules-2.6-amd64
lzma-modules-2.6.26-2-amd64
aufs-modules-2.6.26-2-vserver-amd64
squashfs-modules-2.6.26-2-s390
virtualbox-ose-modules-2.6.26-2-amd64
drbd8-modules-2.6-openvz-amd64
nilfs2-modules-2.6.26-2-s390
redhat-cluster-modules-2.6.26-2-xen-amd64
aufs-modules-2.6.26-2-s390
redhat-cluster-modules-2.6.26-2-vserver-amd64
speakup-modules-2.6.26-2-openvz-amd64
et131x-modules-2.6.26-2-openvz-amd64
redhat-cluster-modules-2.6-s390
aufs-modules-2.6-s390x
iscsitarget-modules-2.6.26-2-amd64
speakup-modules-2.6-vserver-amd64
loop-aes-modules-2.6-vserver-amd64
drbd8-modules-2.6.26-2-s390x
drbd8-modules-2.6-amd64
iscsitarget-modules-2.6.26-2-openvz-amd64
iscsitarget-modules-2.6.26-2-xen-amd64
loop-aes-modules-2.6-xen-amd64
redhat-cluster-modules-2.6.26-2-s390
atl2-modules-2.6.26-2-amd64
iscsitarget-modules-2.6-amd64
nilfs2-modules-2.6-s390x
lzma-modules-2.6-amd64
speakup-modules-2.6.26-2-amd64
iscsitarget-modules-2.6.26-2-s390
redhat-cluster-modules-2.6-amd64
atl2-modules-2.6.26-2-vserver-amd64
atl2-modules-2.6-amd64
nilfs2-modules-2.6-vserver-s390x
lzma-modules-2.6-openvz-amd64
lzma-modules-2.6.26-2-s390x
nilfs2-modules-2.6.26-2-vserver-s390x
drbd8-modules-2.6.26-2-vserver-s390x
squashfs-modules-2.6-s390x
nilfs2-modules-2.6-vserver-amd64
lzma-modules-2.6-s390
tp-smapi-modules-2.6-xen-amd64
iscsitarget-modules-2.6.26-2-vserver-s390x
loop-aes-modules-2.6-openvz-amd64
squashfs-modules-2.6-vserver-amd64
lzma-modules-2.6-vserver-amd64
drbd8-source
loop-aes-modules-2.6-vserver-s390x
drbd8-modules-2.6.26-2-xen-amd64
squashfs-modules-2.6-vserver-s390x
et131x-modules-2.6-openvz-amd64
gspca-modules-2.6-vserver-amd64
drbd8-modules-2.6-xen-amd64
tp-smapi-modules-2.6-openvz-amd64
lzma-modules-2.6.26-2-vserver-s390x
atl2-modules-2.6-vserver-amd64
loop-aes-modules-2.6.26-2-amd64
nilfs2-modules-2.6-amd64
tp-smapi-modules-2.6.26-2-amd64
redhat-cluster-modules-2.6.26-2-openvz-amd64
nilfs2-modules-2.6-xen-amd64
tp-smapi-modules-2.6.26-2-vserver-amd64
atl2-modules-2.6-openvz-amd64
iscsitarget-modules-2.6-openvz-amd64
nilfs2-modules-2.6.26-2-xen-amd64
redhat-cluster-modules-2.6-xen-amd64
iscsitarget-modules-2.6.26-2-s390x
virtualbox-ose-modules-2.6-openvz-amd64
drbd8-modules-2.6.26-2-s390
iscsitarget-modules-2.6-s390x
aufs-modules-2.6-s390
nilfs2-modules-2.6.26-2-s390x
loop-aes-modules-2.6.26-2-vserver-amd64
nilfs2-modules-2.6.26-2-openvz-amd64
squashfs-modules-2.6-openvz-amd64
virtualbox-ose-modules-2.6.26-2-openvz-amd64
redhat-cluster-modules-2.6.26-2-vserver-s390x
nilfs2-modules-2.6.26-2-amd64
drbd8-utils
virtualbox-ose-modules-2.6-vserver-amd64
iscsitarget-modules-2.6-vserver-amd64
aufs-modules-2.6-amd64
loop-aes-modules-2.6.26-2-s390x
atl2-modules-2.6.26-2-openvz-amd64
drbd8-modules-2.6-s390
gspca-modules-2.6-openvz-amd64
speakup-modules-2.6.26-2-vserver-amd64
redhat-cluster-modules-2.6.26-2-s390x
loop-aes-modules-2.6.26-2-s390
drbd8-modules-2.6.26-2-openvz-amd64
squashfs-modules-2.6.26-2-s390x
aufs-modules-2.6-xen-amd64
drbd8-modules-2.6-s390x
iscsitarget-modules-2.6-s390
gspca-modules-2.6.26-2-amd64
lzma-modules-2.6.26-2-openvz-amd64
gspca-modules-2.6.26-2-vserver-amd64
aufs-modules-2.6.26-2-openvz-amd64
aufs-modules-2.6.26-2-vserver-s390x
lzma-modules-2.6-s390x
nilfs2-modules-2.6-openvz-amd64
redhat-cluster-modules-2.6-vserver-s390x
aufs-modules-2.6-vserver-s390x
drbd8-modules-2.6-vserver-s390x
redhat-cluster-modules-2.6-vserver-amd64
virtualbox-ose-modules-2.6-amd64
loop-aes-modules-2.6.26-2-xen-amd64
nilfs2-modules-2.6.26-2-vserver-amd64
redhat-cluster-modules-2.6-s390x
lzma-modules-2.6.26-2-xen-amd64
tp-smapi-modules-2.6-amd64
et131x-modules-2.6.26-2-amd64
speakup-modules-2.6-xen-amd64
tp-smapi-modules-2.6-vserver-amd64
iscsitarget-modules-2.6-vserver-s390x
nilfs2-modules-2.6-s390
lzma-modules-2.6.26-2-s390
aufs-modules-2.6.26-2-s390x
mediawikimath
devscripts
libwebkit-1.0-1-dbg
libwebkit-1.0-1
libwebkit-dev
python2.4
python2.4-dbg
python2.4-examples
python2.5-dev
python2.4-dev
python2.5-examples
idle-python2.4
python2.5
idle-python2.5
python2.5-minimal
python2.4-minimal
python2.5-dbg
phpldapadmin
libqt4-sql-psql
libqt4-webkit-dbg
libqt4-dbg
libqt4-opengl
libqt4-designer
libqtgui4
libqt4-sql-odbc
libqtcore4
libqt4-sql
qt4-doc-html
qt4-demos
libqt4-sql-sqlite2
libqt4-core
libqt4-sql-ibase
libqt4-svg
libqt4-qt3support
libqt4-sql-mysql
qt4-designer
libqt4-sql-sqlite
libqt4-help
qt4-doc
qt4-dev-tools
libqt4-test
libqt4-xml
libqt4-script
libqt4-dbus
libqt4-assistant
libqt4-gui
libqt4-network
libqt4-dev
qt4-qmake
qt4-qtconfig
libqt4-xmlpatterns
libqt4-webkit
libqt4-opengl-dev
libqt4-xmlpatterns-dbg
cacti
egroupware
fuse-utils
libfuse-dev
libfuse2
libnetpbm10-dev
netpbm
libnetpbm9-dev
libnetpbm9
libnetpbm10
libthai0
libthai-dev
libthai-doc
libthai-data
expat
spamass-milter
libmilter1.0.1
sensible-mda
libmilter0-dbg
sendmail-bin
libmilter0
sendmail-base
sendmail-doc
libmilter1.0.1-dbg
sendmail
libmilter-dev
sendmail-cf
rmail
dokuwiki
krb5
ldns
xulrunner
drupal6
sendmail
xpdf
openldap
openldap2.3
poppler
kolab-cyrus-imapd
cyrus-imapd-2.2
gnutls13
gnutls26
pango1.0
phpmyadmin
gnupg2
mysql-dfsg-5.0
pulseaudio
spamass-milter
clamav
libxerces2-java
graphicsmagick
qt4-x11
apache2
libxml2
cupsys
cups
dovecot
tor
movabletype-opensource
wxwidgets2.6
wxwindows2.4
wxwidgets2.8
wordpress
kvm
fuse
nginx
netpbm-free
webkit
phpldapadmin
drbd8
linux-modules-extra-2.6
libthai
moin
openswan
sudo
spamass-milter
python2.5
python2.4
mapserver
php-mail
ntp
openjdk-6
dokuwiki
evince
libsvn-javahl
systemtap
libxml-security-c12
libxml-security-c14
libxml-security-c-doc
libxml-security-c-dev
libhtml-parser-perl
amule
amule-utils
amule-utils-gui
amule-common
amule-daemon
yaws-wiki
yaws-mail
yaws-chat
yaws
yaws-yapp
libcamlimages-ocaml-doc
libcamlimages-ocaml-dev
libcamlimages-ocaml
ipsec-tools
racoon
python-crypto
python-crypto-dbg
gstreamer0.10-esd
gstreamer0.10-plugins-good-dbg
gstreamer0.10-plugins-good-doc
gstreamer0.10-plugins-good
libisccc0
libbind9-0
libdns22
libisc11
libisccfg1
liblwres9
asterisk-h323
asterisk-dev
asterisk-dbg
asterisk-sounds-main
asterisk-doc
asterisk-config
ctorrent
libssl0.9.7
libssl0.9.7-dbg
nsmasq
nsmasq-base
roundup
fckeditor
ndns
nscache-run
jbdns
mantis
libsasl2-modules-ldap
libsasl2-modules-gssapi-heimdal
sasl2-bin
cyrus-sasl2-doc
libsasl2-modules-otp
libsasl2-modules-gssapi-mit
libsasl2-modules-sql
libsasl2-2
cyrus-sasl2-heimdal-dbg
libsasl2-modules
cyrus-sasl2-dbg
libsasl2-dev
libpostproc0d
libavcodec0d
libavformat0d
libmysql-ocaml
libmysql-ocaml-dev
ugzilla3
ugzilla3-doc
ganeti
network-manager-dev
libnm-glib0
libnm-util-dev
network-manager
libnm-glib-dev
network-manager-gnome
libnm-util0
auth2db-frontend
auth2db
auth2db-filters
auth2db-common
libgio-fam
libglib2.0-data
libglib2.0-0
libglib2.0-0-dbg
libglib2.0-dev
libglib2.0-doc
cscope
ajaxterm
libgnutls26-dbg
libgnutls26
gnutls-bin
libgnutls13-dbg
libgnutls13
gnutls-doc
guile-gnutls
libgnutls-dev
otrs2
apache2-mpm-perchild
libtk-img-doc
libtk-img
libtk-img-dev
transmission
transmission-cli
transmission-common
transmission-gtk
udev
libvolume-id0
libvolume-id-dev
libapt-pkg-dev
apt-utils
apt-transport-https
apt-doc
apt
libapt-pkg-doc
lintian
clamav-base
libclamav5
libclamav2
clamav-testfiles
clamav-freshclam
clamav-daemon
libclamav-dev
clamav-dbg
clamav-docs
clamav-milter
clamav
psi
libsilc-1.1-2
silc
irssi-plugin-silc
libsilc-1.1-2-dev
libsilc-1.1-2-dbg
libxmltooling1
libxmltooling-dev
libxmltooling-doc
xmltooling-schemas
iceweasel
iceweasel-gnome-support
iceweasel-dbg
vscripts
libnspr4-0d
libnspr4-dev
libnspr4-0d-dbg
nsd3
nsd
liblcms1
liblcms1-dev
python-liblcms
liblcms-utils
gstreamer0.10-plugins-bad-doc
gstreamer0.10-sdl
gstreamer0.10-plugins-bad-dbg
gstreamer0.10-plugins-bad
wget
libnss-ldapd
php4-mapscript
libtorrent-rasterbar-dbg
libtorrent-rasterbar0
libtorrent-rasterbar-dev
libtorrent-rasterbar-doc
polipo
firefox-sage
linux-patch-openswan
openswan-modules-source
openswan
ruby1.8
libtcltk-ruby1.9
libgdbm-ruby1.9
libruby1.9
libopenssl-ruby1.8
ruby1.9
rdoc1.8
libdbm-ruby1.8
libdbm-ruby1.9
libopenssl-ruby1.9
ruby1.9-elisp
libgdbm-ruby1.8
irb1.9
ruby1.8-elisp
libtcltk-ruby1.8
rdoc1.9
libruby1.8-dbg
libreadline-ruby1.8
libruby1.8
libruby1.9-dbg
ruby1.9-examples
ruby1.9-dev
ri1.9
libreadline-ruby1.9
ruby1.8-dev
ri1.8
irb1.8
ruby1.8-examples
libtheora-bin
libtheora-dev
libtheora0
libsmdkim-dev
libsmdkim2
kim-filter
libpango1.0-common
libpango1.0-dev
libpango1.0-doc
libpango1.0-0-dbg
libpango1.0-0
libapache-mod-php5
websvn
libcupsys2-gnutls10
mplayer-doc
mplayer-dbg
mplayer
linux-headers-2.6.26-1-parisc
linux-image-2.6.26-1-parisc64
linux-headers-2.6.26-1-parisc-smp
linux-image-2.6.26-1-xen-amd64
linux-headers-2.6.26-1-parisc64-smp
linux-image-2.6.26-1-amd64
linux-headers-2.6.26-1-all-amd64
linux-headers-2.6.26-1-common-xen
linux-headers-2.6.26-1-s390
linux-headers-2.6.26-1-all-s390
linux-headers-2.6.26-1-common
linux-headers-2.6.26-1-openvz-amd64
linux-image-2.6.26-1-parisc64-smp
linux-image-2.6.26-1-parisc
linux-image-2.6.26-1-vserver-amd64
linux-headers-2.6.26-1-xen-amd64
linux-image-2.6.26-1-s390
xen-linux-system-2.6.26-1-xen-amd64
linux-headers-2.6.26-1-amd64
linux-image-2.6.26-1-s390x
linux-headers-2.6.26-1-all
linux-modules-2.6.26-1-xen-amd64
linux-headers-2.6.26-1-vserver-s390x
linux-headers-2.6.26-1-vserver-amd64
linux-headers-2.6.26-1-common-vserver
linux-image-2.6.26-1-openvz-amd64
linux-headers-2.6.26-1-s390x
linux-image-2.6.26-1-parisc-smp
linux-headers-2.6.26-1-parisc64
linux-image-2.6.26-1-vserver-s390x
linux-support-2.6.26-1
linux-image-2.6.26-1-s390-tape
linux-headers-2.6.26-1-all-hppa
linux-headers-2.6.26-1-common-openvz
advi-examples
advi
slurm-llnl-basic-plugins-dev
libslurm13-dev
libpmi0-dev
libslurm13
slurm-llnl-basic-plugins
slurm-llnl-doc
slurm-llnl-slurmdbd
libpmi0
slurm-llnl-sview
slurm-llnl
curl
libcurl4-openssl-dev
libcurl4-gnutls-dev
libcurl3-openssl-dev
libcurl3-dev
libcurl3-gnutls-dev
libcurl3-gnutls
libcurl3-dbg
libcurl3
xapian-omega
openjdk-6-jre-lib
openjdk-6-jdk
openjdk-6-dbg
openjdk-6-doc
openjdk-6-source
openjdk-6-jre
openjdk-6-demo
openjdk-6-jre-headless
klipper
libkonq4
kdeprint
ksysguardd
konqueror-nsplugins
kwin
ktip
ksysguard
ksplash
kfind
kdebase-doc
konsole
kpager
kdebase-dbg
kcontrol
khelpcenter
kate
kdebase-data
kdesktop
kdebase
libkonq4-dev
kdebase-bin-kde3
kdebase-bin
kmenuedit
kdebase-doc-html
kdm
kdepasswd
konqueror
kdebase-kio-plugins
kdeeject
kdebase-dev
ksmserver
kicker
kpersonalizer
kappfinder
libwmf-doc
libwmf-bin
libwmf0.2-7
libwmf-dev
mldonkey-gui
mldonkey-server
us-x11
us-1-doc
us-1-utils
us
libdbus-1-dev
libdbus-1-3
zope2.10
zope2.9
zope2.10-sandbox
zope2.9-sandbox
lighttpd-mod-magnet
lighttpd-mod-webdav
lighttpd-doc
lighttpd-mod-mysql-vhost
lighttpd-mod-trigger-b4-dl
lighttpd-mod-cml
linux-headers-2.6.26-2-powerpc
linux-image-2.6.26-2-powerpc
linux-image-2.6.26-2-vserver-powerpc64
linux-headers-2.6.26-2-all-powerpc
linux-image-2.6.26-2-powerpc-smp
linux-image-2.6.26-2-vserver-powerpc
linux-headers-2.6.26-2-powerpc-smp
linux-image-2.6.26-2-powerpc64
linux-headers-2.6.26-2-powerpc64
linux-headers-2.6.26-2-vserver-powerpc64
linux-headers-2.6.26-2-vserver-powerpc
multipath-tools-boot
kpartx
multipath-tools
lib64expat1-dev
libexpat1
libexpat1-dev
xpat
lib64expat1
memcached
dpkg-dev
libimlib2
libimlib2-dev
libopensc2-dev
mozilla-opensc
libopensc2
opensc
libopensc2-dbg
nagios3
nagios3-dbg
nagios3-doc
nagios3-common
egroupware-core
egroupware-infolog
egroupware-resources
egroupware-addressbook
egroupware-registration
egroupware-tracker
egroupware-sitemgr
egroupware-filemanager
egroupware-sambaadmin
egroupware-developer-tools
egroupware-emailadmin
egroupware-calendar
egroupware-etemplate
egroupware-bookmarks
egroupware-phpbrain
egroupware-wiki
egroupware-projectmanager
egroupware-polls
egroupware-phpsysinfo
egroupware-manual
egroupware-mydms
egroupware-felamimail
egroupware-timesheet
egroupware-news-admin
python-django
ikiwiki
libapr1
libapr1-dev
libapr1-dbg
proftpd-pgsql
proftpd-mysql
proftpd-ldap
ocsinventory-agent
typo3-src-4.0
libopenafs-dev
openafs-dbserver
libpam-openafs-kaserver
openafs-doc
openafs-dbg
openafs-fileserver
openafs-client
openafs-krb5
openafs-modules-source
openafs-kpasswd
acpid
kvm-source
kvm
tunapie
trac-git
libjasper-dev
libjasper1
libjasper-runtime
libc6.1
libc6.1-dev
libc6.1-dbg
libc6.1-pic
libc6.1-prof
php-net-ping
libmagick++10
libmagick10
perlmagick
libmagick++9c2a
libmagick9
libmagick9-dev
libmagick++9-dev
imagemagick
unbound-host
libunbound-dev
libunbound0
ejabberd
python-pygresql-dbg
python-pygresql
tethereal
thereal-common
thereal-dev
thereal
mediawiki-math
mediawiki
libicu-dev
libicu38-dbg
lib32icu38
lib32icu-dev
libicu36-dev
libicu38
libicu36
icu-doc
libnewt-dev
newt-tcl
libnewt-pic
whiptail
python-newt
libnewt0.52
squid3-client
squid
squid-common
squid-cgi
user-mode-linux
icedove-gnome-support
icedove
icedove-dbg
icedove-dev
apache2-suexec-custom
apache2-mpm-event
apache2.2-common
apache2-mpm-prefork
apache2-suexec
apache2-doc
apache2-mpm-worker
apache2-mpm-itk
apache2-src
apache2-utils
apache2-prefork-dev
apache2-threaded-dev
apache2-dbg
maildrop
libapache-mod-jk-doc
libapache-mod-jk
libapache2-mod-jk
citadel-webcit
ircd-hybrid
hybrid-dev
ircd-ratbox
ircd-ratbox-dbg
squidguard
ipplan
kdelibs5-dbg
kdelibs5-dev
kdelibs-bin
kdelibs5
kdelibs5-data
libsaml2-doc
libsaml2-dev
libsaml2
opensaml2-tools
opensaml2-schemas
libshibsp1
shibboleth-sp2-schemas
libshibsp-dev
libapache2-mod-shib2
libshibsp-doc
nginx
xpdf-reader
xpdf
xpdf-utils
xpdf-common
nagios2-doc
nagios2-common
nagios2
nagios2-dbg
liblwres40
libisccc40
libbind9-40
libdns45
libisccfg40
libisc45
libpostproc-dev
ffmpeg
libavdevice-dev
libavformat-dev
libavutil-dev
libavformat52
libavcodec-dev
libavcodec51
libavdevice52
ffmpeg-doc
libswscale-dev
libswscale0
libpostproc51
libavutil49
ffmpeg-dbg
smarty
libgd2-xpm-dev
libgd2-noxpm-dev
libgd2-xpm
libgd-tools
libgd2-noxpm
wordpress
cups-common
libcupsys2
cupsys
libcupsimage2-dev
libcupsys2-dev
cups-client
cupsys-bsd
libcups2-dev
libcups2
cupsys-client
cupsys-dbg
cupsys-common
libcupsimage2
cups-bsd
cups-dbg
fontforge
libpostgresql-ocaml
libpostgresql-ocaml-dev
ntp
ntp-refclock
ntp-doc
ntp-simple
ntpdate
ggdrop
ggdrop-data
iscsitarget-source
iscsitarget
hybserv
cyrus-admin-2.2
cyrus-clients-2.2
libcyrus-imap-perl22
cyrus-pop3d-2.2
cyrus-imapd-2.2
cyrus-murder-2.2
cyrus-common-2.2
cyrus-doc-2.2
cyrus-nntpd-2.2
cyrus-dev-2.2
sork-passwd-h3
gzip
gzip-win32
libecpg-compat2
postgresql-7.4
postgresql-doc-8.1
postgresql-8.1
postgresql-contrib-8.1
postgresql-plpython-7.4
postgresql-server-dev-7.4
libpgtypes2
postgresql-client-7.4
postgresql-doc-7.4
postgresql-pltcl-8.1
libecpg5
postgresql-plperl-7.4
postgresql-plperl-8.1
postgresql-client-8.1
postgresql-plpython-8.1
postgresql-server-dev-8.1
libpq4
postgresql-pltcl-7.4
postgresql-contrib-7.4
pulseaudio-module-hal-dbg
pulseaudio-utils
libpulse-dev
pulseaudio-module-gconf
pulseaudio-module-x11
pulseaudio-module-lirc-dbg
libpulse-mainloop-glib0-dbg
pulseaudio-module-zeroconf
pulseaudio-module-x11-dbg
pulseaudio-module-gconf-dbg
pulseaudio-module-lirc
libpulsecore5
pulseaudio-utils-dbg
pulseaudio-module-jack
pulseaudio-module-zeroconf-dbg
libpulse-mainloop-glib0
libpulse-browse0-dbg
pulseaudio-module-hal
pulseaudio
libpulse-browse0
pulseaudio-module-jack-dbg
pulseaudio-dbg
libpulse0-dbg
libpulsecore5-dbg
pulseaudio-esound-compat-dbg
pulseaudio-esound-compat
libpulse0
phpgroupware-0.9.16
phpgroupware-0.9.16-filemanager
phpgroupware-0.9.16-phpgwapi-doc
phpgroupware-0.9.16-news-admin
phpgroupware-0.9.16-calendar
phpgroupware-0.9.16-email
phpgroupware-0.9.16-manual
phpgroupware-0.9.16-core-base
phpgroupware-0.9.16-setup
phpgroupware-0.9.16-addressbook
phpgroupware-0.9.16-phpgwapi
phpgroupware-0.9.16-core
phpgroupware
phpgroupware-0.9.16-todo
phpgroupware-0.9.16-admin
phpgroupware-0.9.16-notes
phpgroupware-0.9.16-doc
phpgroupware-0.9.16-preferences
tomcat5.5
ffmpeg-debian
cups
asterisk
changetrack
kdelibs
kdelibs4-doc
kdelibs-dbg
kdelibs-data
kdelibs4c2a
kdelibs4-dev
pimd
libvorbis0a
libvorbisfile3
libvorbis-dev
libvorbisenc2
pdns-recursor
proftpd-mod-ldap
proftpd-doc
proftpd-basic
proftpd-mod-mysql
proftpd-mod-pgsql
proftpd
strongswan
linux-2.6
finch
libpurple0
pidgin-dbg
pidgin-dev
pidgin
pidgin-data
libpurple-bin
finch-dev
libpurple-dev
libgmime-2.0-2a
libgmime-2.0-2-doc
libgmime2.2-cil
libgmime-2.0-2-dev
hcp3-server
hcp3-client
hcp3-dev
hcp3-server-ldap
hcp-client
hcp3-common
hcp3-relay
dbus
vlc
vlc-nox
vlc-plugin-ggi
libvlc0
mozilla-plugin-vlc
vlc-plugin-svgalib
vlc-plugin-jack
vlc-plugin-glide
vlc-plugin-arts
vlc-plugin-sdl
libvlc0-dev
vlc-plugin-esd
libsmi
smbind
glibc
nss
lftp
weechat-common
weechat
weechat-curses
weechat-plugins
libsndfile1-dev
sndfile-programs
libsndfile1
chrony
postgresql-8.3, postgresql-8.4, postgresql-9.0
libshib-dev
libapache2-mod-shib
libshib-target5
libshib6
libsaml5
opensaml-schemas
libsaml-dev
gforge-ldap-openldap
gforge-mta-exim
gforge-plugin-scmsvn
gforge-ftp-proftpd
gforge-lists-mailman
gforge-mta-courier
gforge-shell-postgresql
gforge-mta-postfix
gforge-web-apache2
gforge-shell-ldap
gforge-web-apache
gforge-plugin-scmcvs
gforge-db-postgresql
gforge-plugin-mediawiki
gforge-dns-bind9
gforge-common
gforge
libaudiofile-dev
libaudiofile0
libaudiofile0-dbg
rails
mysql-server-4.1
tdiary
tdiary-plugin
tdiary-mode
tdiary-contrib
tdiary-theme
proftpd-dfsg
quagga-doc
quagga
unbound
libdns58
libisc50
xim4-daemon-light-dbg
xim4-config
xim4-dev
xim4-daemon-heavy-dbg
xim4-daemon-heavy
xim4-daemon-light
gforge-mta-exim4
xim4-dbg
ximon4
xim4-base
slapd
slapd-dbg
ldap-utils
libldap-2.4-2
libldap2-dev
libldap-2.4-2-dbg
nbd
libxml2-dbg
libxml2
libxml2-doc
python-libxml2
libxml2-dev
libxml2-utils
libgdata1.2-dev
libecal1.2-6
libedata-cal1.2-6
libegroupwise1.2-dev
volution-data-server
libexchange-storage1.2-1
libgdata-google1.2-1
libedata-book1.2-2
libecal1.2-7
libedataserverui1.2-6
libexchange-storage1.2-3
libedataserver1.2-9
libebook1.2-5
libecal1.2-dev
libgdata1.2-1
libegroupwise1.2-10
libedata-book1.2-dev
libedataserverui1.2-dev
volution-data-server-common
volution-data-server-dev
libedataserverui1.2-8
libgdata-google1.2-dev
libcamel1.2-8
libedata-cal1.2-dev
libedataserver1.2-7
libedataserver1.2-dev
libcamel1.2-11
libegroupwise1.2-13
libebook1.2-dev
volution-data-server-dbg
libcamel1.2-dev
libedata-cal1.2-5
libexchange-storage1.2-dev
libebook1.2-9
libavahi-ui0
avahi-discover
libavahi-qt3-dev
avahi-autoipd
avahi-dbg
libavahi-common-dev
libavahi-compat-libdnssd-dev
libavahi-qt4-dev
libavahi-gobject0
libavahi-qt4-1
avahi-utils
python-avahi
libavahi-compat-howl-dev
libavahi-glib-dev
libavahi-compat-libdnssd1
libavahi-gobject-dev
libavahi-core5
libavahi-client-dev
avahi-daemon
libavahi-compat-howl0
libavahi-core-dev
libavahi-client3
libavahi-common3
avahi-dnsconfd
libavahi-common-data
avahi-ui-utils
libavahi-glib1
libavahi-qt3-1
libavahi-ui-dev
exim4
libtiff4
libtiff-tools
libtiff-opengl
libtiff-doc
libtiffxx0c2
libtiff4-dev
maradns
collectd
collectd-dev
collectd-dbg
cvsnt
openoffice.org-gtk-gnome
openoffice.org-filter-so52
openoffice.org-help-en
openoffice.org-l10n-hi
openoffice.org-ogltrans
libtool
libtool-doc
libltdl3-dev
libltdl3
linux-image-2.6.26-2-s390-tape
linux-headers-2.6.26-2-vserver-s390x
linux-headers-2.6.26-2-s390x
linux-image-2.6.26-2-s390
linux-image-2.6.26-2-s390x
linux-headers-2.6.26-2-all-s390
linux-headers-2.6.26-2-s390
linux-image-2.6.26-2-vserver-s390x
libbz2-dev
dselect
lib64bz2-dev
zip2-doc
lib64bz2-1.0
lib32bz2-dev
lib32bz2-1.0
libbz2-1.0
dpkg
zip2
horde3
request-tracker3.6
libc6
libc6-s390x
libc6-pic
libc6-dev
glibc-source
locales
libc6-dev-mipsn32
libc6-dbg
nscd
libc6-dev-s390x
libc6-mipsn32
libc6-mips64
libc6-dev-mips64
locales-all
libc6-prof
glibc-doc
libpoppler-qt2
libpoppler-qt-dev
poppler-dbg
libpoppler3
libpoppler-qt4-3
libpoppler-dev
libpoppler-qt4-dev
poppler-utils
libpoppler-glib-dev
libpoppler-glib3
dtc
apache2
libnss3-dev
libnss3-1d
libnss3-tools
libnss3-1d-dbg
clvm
lvm2
tor
mydms
php5-mhash
php5-interbase
php5-sqlite
libapache2-mod-php5
php5-common
php5-mysql
php5-cli
php5-ldap
php5-mcrypt
libapache2-mod-php5filter
php5-tidy
php5-pgsql
php5-snmp
php5-gd
php5-imap
php5-cgi
php5-pspell
php5-gmp
php5-sybase
php5-odbc
php5-xmlrpc
php-pear
php5-curl
php5-dev
php5-xsl
php5-dbg
php5-recode
lighttpd
squid3
squid3-cgi
squidclient
squid3-common
lxr-cvs
libaprutil1
libaprutil1-dbg
libaprutil1-dev
phpmyadmin
libmapscript-ruby1.9
mapserver-bin
php5-mapscript
libmapscript-ruby
python-mapscript
libmapscript-ruby1.8
cgi-mapserver
perl-mapscript
mapserver-doc
git-core
git-arch
git-doc
git-svn
git-cvs
git-daemon-run
git-email
git-gui
gitweb
gitk
freetype
typo3-src-4.2
typo3
ghostscript-x
libgs-dev
gs-common
gs-gpl
gs
ghostscript
gs-esp
libgs8
ghostscript-doc
gs-aladdin
drupal6
libsmbclient
zope-ldapuserfolder
socat
openssl
libssl-dev
libssl0.9.8
libssl0.9.8-dbg
dhcp3
couchdb
mysql-dfsg-5.0
php5
squirrelmail
hplip
zodb
libapache2-mod-fcgid
libfreetype6
freetype2-demos
libfreetype6-dev
krb5-telnetd
krb5-doc
libkrb5-dev
krb5-pkinit
krb5-admin-server
krb5-kdc
libkrb5-dbg
krb5-kdc-ldap
libkadm55
krb5-clients
krb5-ftpd
krb5-user
libkrb53
krb5-rsh-server
zonecheck-cgi
zonecheck
ncompress
linux-headers-2.6.26-2-686-bigmem
linux-image-2.6.26-2-parisc64-smp
linux-headers-2.6.26-2-all-hppa
linux-headers-2.6.26-2-parisc64-smp
linux-image-2.6.26-2-openvz-686
linux-image-2.6.26-2-686-bigmem
linux-modules-2.6.26-2-xen-686
xen-linux-system-2.6.26-2-xen-amd64
linux-headers-2.6.26-2-openvz-amd64
linux-image-2.6.26-2-vserver-686
linux-tree-2.6.26
linux-manual-2.6.26
linux-headers-2.6.26-2-common-vserver
linux-image-2.6.26-2-parisc-smp
linux-modules-2.6.26-2-xen-amd64
linux-headers-2.6.26-2-vserver-686
linux-headers-2.6.26-2-amd64
linux-image-2.6.26-2-xen-amd64
linux-image-2.6.26-2-openvz-amd64
xen-linux-system-2.6.26-2-xen-686
linux-headers-2.6.26-2-xen-686
linux-image-2.6.26-2-486
linux-headers-2.6.26-2-all
linux-support-2.6.26-2
linux-image-2.6.26-2-vserver-amd64
linux-doc-2.6.26
linux-headers-2.6.26-2-all-amd64
linux-headers-2.6.26-2-common-xen
linux-patch-debian-2.6.26
linux-image-2.6.26-2-parisc64
linux-image-2.6.26-2-amd64
linux-headers-2.6.26-2-parisc
linux-image-2.6.26-2-vserver-686-bigmem
linux-headers-2.6.26-2-vserver-686-bigmem
linux-headers-2.6.26-2-486
linux-headers-2.6.26-2-xen-amd64
linux-headers-2.6.26-2-parisc64
linux-headers-2.6.26-2-686
linux-libc-dev
linux-headers-2.6.26-2-openvz-686
linux-image-2.6.26-2-686
linux-headers-2.6.26-2-parisc-smp
linux-headers-2.6.26-2-common-openvz
linux-source-2.6.26
linux-headers-2.6.26-2-common
linux-image-2.6.26-2-parisc
linux-headers-2.6.26-2-all-i386
linux-image-2.6.26-2-xen-686
linux-headers-2.6.26-2-vserver-amd64
mahara
mahara-apache2
cabextract
python-moinmoin
znc
kview
kdegraphics-dbg
kfaxview
kdegraphics-doc-html
kviewshell
kdegraphics-dev
ksvg
kuickshow
kghostview
kdegraphics-kfile-plugins
kpovmodeler
ksnapshot
kolourpaint
kpdf
kiconedit
kcoloredit
kfax
kdegraphics
kmrml
kgamma
kooka
kruler
kamera
kdvi
libkscan1
libkscan-dev
moodle
openoffice.org-headless
openoffice.org-presentation-minimizer
openoffice.org-dev
libmythes-dev
ure
openoffice.org-calc
openoffice.org-l10n-fa
openoffice.org-base
openoffice.org-help-km
openoffice.org-dbg
openoffice.org-l10n-dz
openoffice.org-help-es
openoffice.org-common
openoffice.org-writer
openoffice.org-l10n-el
openoffice.org-l10n-et
openoffice.org-l10n-mr-in
openoffice.org-l10n-hu
openoffice.org-style-tango
openoffice.org-help-sl
openoffice.org-l10n-ss
libuno-cli-basetypes1.0-cil
openoffice.org-gtk
openoffice.org-impress
openoffice.org-l10n-th
openoffice.org-l10n-fi
openoffice.org-help-en-gb
openoffice.org-help-fr
openoffice.org-l10n-tr
openoffice.org-help-zh-tw
openoffice.org-filter-mobiledev
openoffice.org-l10n-ne
openoffice.org-l10n-ta-in
openoffice.org-l10n-ru
openoffice.org-l10n-ml-in
openoffice.org-core
openoffice.org-l10n-as-in
openoffice.org-officebean
openoffice.org-java-common
openoffice.org-l10n-ku
openoffice.org-help-hu
openoffice.org-l10n-zh-cn
mozilla-openoffice.org
openoffice.org-l10n-cs
openoffice.org-l10n-ja
openoffice.org-help-it
openoffice.org-help-et
openoffice.org-l10n-cy
openoffice.org-style-crystal
openoffice.org-help-hi-in
openoffice.org-dev-doc
openoffice.org-l10n-eo
openoffice.org-l10n-ns
openoffice.org-l10n-en-gb
openoffice.org-l10n-zu
openoffice.org-l10n-da
openoffice.org-l10n-za
openoffice.org-base-core
openoffice.org-l10n-vi
ttf-opensymbol
openoffice.org-dtd-officedocument1.0
openoffice.org-l10n-sv
openoffice.org-l10n-gl
openoffice.org-help-zh-cn
openoffice.org-l10n-nn
openoffice.org-l10n-he
ure-dbg
openoffice.org-l10n-gu-in
openoffice.org-style-hicontrast
libuno-cli-ure1.0-cil
openoffice.org-l10n-tg
openoffice.org-help-ko
openoffice.org-help-de
openoffice.org-l10n-pl
openoffice.org-help-en-us
openoffice.org-l10n-uk
openoffice.org-l10n-es
openoffice.org-qa-api-tests
openoffice.org-math
openoffice.org-qa-tools
openoffice.org-l10n-br
openoffice.org-l10n-sl
openoffice.org-l10n-te-in
openoffice.org-l10n-hr
openoffice.org-l10n-ka
openoffice.org
openoffice.org-l10n-nb
openoffice.org-l10n-rw
openoffice.org-l10n-ko
broffice.org
openoffice.org-l10n-bg
openoffice.org-l10n-be-by
openoffice.org-emailmerge
openoffice.org-l10n-sr-cs
openoffice.org-help-dz
openoffice.org-l10n-mk
openoffice.org-l10n-tn
openoffice.org-l10n-pt-br
openoffice.org-report-builder-bin
openoffice.org-l10n-ga
openoffice.org-evolution
openoffice.org-l10n-uz
openoffice.org-l10n-nr
openoffice.org-help-pl
openoffice.org-l10n-pa-in
openoffice.org-help-cs
libuno-cli-cppuhelper1.0-cil
openoffice.org-l10n-zh-tw
openoffice.org-l10n-de
openoffice.org-filter-binfilter
openoffice.org-l10n-ca
openoffice.org-l10n-or-in
openoffice.org-l10n-hi-in
openoffice.org-l10n-it
openoffice.org-l10n-af
openoffice.org-kde
openoffice.org-help-gl
openoffice.org-l10n-ar
openoffice.org-help-pt
cli-uno-bridge
openoffice.org-style-industrial
openoffice.org-l10n-en-za
openoffice.org-help-nl
openoffice.org-gcj
openoffice.org-help-ja
openoffice.org-help-eu
openoffice.org-l10n-bs
openoffice.org-draw
openoffice.org-help-pt-br
openoffice.org-l10n-sr
openoffice.org-l10n-in
openoffice.org-l10n-lo
openoffice.org-l10n-fr
openoffice.org-help-sv
openoffice.org-report-builder
openoffice.org-l10n-lt
openoffice.org-l10n-xh
openoffice.org-l10n-bn
openoffice.org-gnome
openoffice.org-help-ru
libuno-cli-types1.1-cil
openoffice.org-l10n-eu
openoffice.org-sdbc-postgresql
openoffice.org-help-da
openoffice.org-style-andromeda
python-uno
openoffice.org-l10n-lv
openoffice.org-l10n-st
openoffice.org-l10n-nl
openoffice.org-l10n-ve
openoffice.org-l10n-ts
openoffice.org-l10n-sk
openoffice.org-l10n-ro
openoffice.org-l10n-pt
openoffice.org-l10n-km
kvirc-dev
kvirc-data
kvirc
libmikmod2-dev
libmikmod2
sudo-ldap
sudo
bind9-host
dnsutils
libbind9-50
lwresd
libisccfg50
bind9-doc
bind9
libdns55
liblwres50
libbind-dev
bind9utils
libisccc50
libisc52
subversion
python-subversion
libsvn1
libsvn-perl
libsvn-java
libsvn-ruby1.8
libapache2-svn
subversion-tools
libsvn-doc
libsvn-dev
libsvn-ruby
libmysqlclient15off
mysql-common
mysql-server
libmysqlclient15-dev
mysql-server-5.0
mysql-client-5.0
mysql-client
barnowl
barnowl-irc
mlmmj-php-web-admin
mlmmj-php-web
mlmmj
pmount
cacti
libecpg-dev
libecpg-compat3
postgresql-client
postgresql-plpython-8.3
libpgtypes3
postgresql-doc-8.3
libpq-dev
libpq5
postgresql-doc
postgresql-contrib-8.3
postgresql-pltcl-8.3
postgresql
postgresql-8.3
postgresql-contrib
postgresql-client-8.3
postgresql-server-dev-8.3
postgresql-plperl-8.3
libecpg6
python-cjson-dbg
python-cjson
gnupg-agent
gpgsm
gnupg2
aria2
dvipng
samba-dbg
smbclient
samba-tools
swat
smbfs
libwbclient0
samba-doc
winbind
libsmbclient
libpam-smbpass
libsmbclient-dev
samba-common
samba-doc-pdf
samba
python-xpcom
xulrunner-1.9-gnome-support
xulrunner-1.9
xulrunner-1.9-dbg
spidermonkey-bin
xulrunner-dev
libmozjs-dev
libmozjs1d-dbg
libmozjs1d
libmozillainterfaces-java
libpng3
libpng12-0
libpng12-dev
pcscd
libpcsclite1
libpcsclite-dev
/etc
debian_version
^(\d\.\d).*$
1
wireshark-dev
wireshark
wireshark-common
tshark
2:1.4.15-4+lenny2
2:1.4.9a-5
0:3.6-2etch2
0:1.0.rc15-2etch5
0:1.0.15-2.3+lenny1
0:0.11.4-5+lenny1
0:2.6.26-13lenny2
0:1.2-5
0:1.4.4-2+lenny1
1:2.4.12+dfsg-1.3+lenny2
1:2.4.6+dfsg.2-1.1+etch2
0:1.0-2+lenny1
1:1.3-15etch3
1:1.3-release-7+lenny1
0:2.1.22.dfsg1-23+lenny1
0:2.4.3-4lenny2
0:0.8.4-1+lenny1
0:0.7-5.2+etch1
0:2.6.26-1um-2+15lenny2
0:2.6.26-15lenny2
0:6.3.9~rc2-4+lenny1
0:6.3.6-1etch2
0:2.3.7-1.1+lenny1
0:2.3.6-1+etch1
0:3.0.7-3.lenny2
0:1.4.4-3+etch5
0:2.4.2-6+lenny2
0:0.52.2-11.3+lenny1
0:0.52.2-10+etch1
0:2.4.5.1.1+etch1-0
0:2.6.3.2.1.5+etch1-0
0:2.6.3.2.2-3+lenny1
0:2.8.7.1-1.1+lenny1
0:0.10.3-3.1+etch3
0:0.10.7-2+lenny2
0:0.6.46.4-0.1+etch1
0:0.7.20.2+lenny1-0
0:0.11-9
0:1.3.4-dnh3.2-1+lenny1
0:4.3-3+lenny1
0:4.3-3+etch1
0:0.94.dfsg.2-1lenny2
0:0.90.1dfsg-4etch19
0:15.6-6+lenny1
0:2.0-4+lenny1
0:1.2.7-4+etch9
0:1.3.8-1+lenny7
0:2.0.36~rc1~dfsg-3+lenny1
0:2.0.33-5.2etch2
0:2.3.7-2+lenny1
0:2.2.1-5+etch4
0:2.4.3-4lenny5
0:0.125-7+lenny1
0:0.105-4etch1
0:1.1.6-2+etch1
0:1.1.14-1+lenny1
0:1.77-3+lenny1
0:1.65-4etch1
7:6.3.7.9.dfsg2-1~lenny3
7:6.2.4.5.dfsg1-0.15+etch1
0:2.9.5-2+lenny1
0:2.2.6-02-1+lenny2+b2
0:2.2.3-01-2+etch4+b1
0:2.2.9-10+lenny6
0:2.2.3-4+etch11
0:2.6-2+etch3
0:3.0.6-4~lenny2
0:1.2.12+dfsg-8+lenny2
0:1.2.7+dfsg-2+etch2
0:0.4.7-1.1etch2
0:0.4.8-14+lenny1
0:2.1.8-2
0:2.0.1-6+lenny1
0:1.0.4-4+lenny4
0:1.4.4-7etch7
0:1.6.dfsg.4~beta1-5lenny1
1:0.0.9.2repack1-4lenny1
0:4.7.1-5
0:4.86a-7+lenny1
0:1.1.12-1+etch1
0:1.2.2-1+lenny1
0:5.2.0+dfsg-8+etch15
0:5.2.6.dfsg.1-1+lenny3
0:3.8.1-1etch2
0:3.8.1-3+lenny1
0:1.2.7-9
0:1.2.12-5+lenny1
0:1.2.7+dfsg-2+etch3
0:1.2.12+dfsg-8+lenny4
0:1.9.0.13-0lenny1
0:1.4.2dfsg1-3
0:1.5.1dfsg1-4
0:6.6-3lenny2
4:3.5.9-3+lenny2
4:3.5.5-3etch4
0:2.6.27.dfsg-6+etch1
0:2.6.32.dfsg-5+lenny1
0:2.4.3-4lenny3
0:3.1.3-4etch6
0:3.2.2+debian0-2+lenny1
2:3.2.5-4lenny6
0:0.6.32-3+lenny3
0:0.4.13-2+etch3
0:3.12.3.1-0lenny1
0:1.3.6-1lenny3
0:2.12.4-2+etch1
0:2.16.6-1+lenny1
0:4.7~rc2-7lenny1
0:4.5.14-22etch11
0:1.4.4.4-4+etch2
0:1.5.6.5-3+lenny1
0:1.1.6+dfsg-2lenny1
0:1.0.8-1lenny1
0:1.0.4-5etch1
0:3.5.5a.dfsg.1-8etch2
0:3.5.10.dfsg.1-0lenny2
0:2.6.26-1um-2+15lenny3
0:2.6.26-15lenny3
0:1.2.7-4+etch8
0:1.3.8-1+lenny6
0:2.0.10-1etch4
0:2.5.1-11+lenny1
0:2.2.1-1+lenny2
0:4.7~rc2-7lenny2
0:4.5.14-22etch12
0:3.1.1-6+lenny2
0:3.0.4-13+etch2
1:0.7.1-1.3+lenny2
1:0.6.6-3.1etch3
0:4.2.4-5+lenny3
0:2.8.0+dfsg-1+etch2
0:0.13.1-2+lenny1
0:2.0.1-4+lenny1
0:1.95.8-3.4+etch1
1:2.6.2-1lenny1
0:4.2.2.p4+dfsg-2etch3
0:4.2.4p4+dfsg-8lenny2
0:0.9.8c-4etch5
0:0.9.8g-15+lenny1
0:0.9.7k-3.1etch3
0:6b11-9.1+lenny2
0:2.0.0.22-0lenny1
0:1.6.19-1.1+lenny1
0:1.6.18-1etch2
0:3.55-1+etch1
0:3.56-1+lenny1
0:3.0-2+lenny1
0:3.0-2+etch1
0:0.6.7.1-0
0:1.6.3-5etch2
0:2.22.3-1.1+lenny1
0:3.0.6-3
0:1.1.13.0+OOo2.4.1+dfsg-1+lenny3
0:1.0.10.0+OOo2.4.1+dfsg-1+lenny3
0:2.0.4.dfsg.2-7etch6
0:1.0.2+OOo2.4.1+dfsg-1+lenny3
0:1.0+OOo2.4.1+dfsg-1+lenny3
0:1.0.13.0+OOo2.4.1+dfsg-1+lenny3
0:0.7.6+OOo2.4.1+dfsg-1+lenny3
0:1.4+OOo2.4.1+dfsg-1+lenny3
0:2.0.4.dfsg.2-7etch7
1:2.4.1+dfsg-1+lenny3
0:2.4.6+dfsg.2-1.1+etch1
0:2.4.12+dfsg-1.3+lenny1
0:1.0.16-2+etch2
0:1.0.17-4+lenny2
0:1.3f.dfsg1-2+etch1
0:1.1.1-2+lenny1
0:1.3.1.dfsg1-3+lenny1
0:1.1a-2+etch1
0:1.9.0.7-0lenny1
0:1.1.7-2+lenny1
0:1.1.4-1+lenny1
0:2.6.26-17lenny2
0:1.3.1-17lenny1
0:1.2.7-4etch7
0:1.3.8-1lenny5
0:1.0.4-2+etch1
0:1.0.4-4+lenny1
0:2.2.0-4+lenny3
0:2.20-8+etch3
0:0.2.5-2+dfsg-1+lenny1
1:1.05-4+lenny1
0:1.9.0.15-0lenny1
0:3.0.4.1-2+lenny2
0:1.2.1-3+etch1
0:1.4.0-3+lenny2
0:2.9.1.1-13
0:2.11.8.1-5+lenny3
0:2.45-1+lenny1
0:0.2.8.4-2+etch1
0:0.2.8.4-6+lenny1
0:1.8.2.dfsg-3+lenny2
0:1.6.3-2+etch3
0:2.6.20-1.2
0:2.6.14-1etch2
0:1.10.2-2+etch1
0:1.11.4-2+lenny1
0:1.0.2-1+etch3
0:1.2.1-5+lenny1
0:2.8.0+dfsg-1+etch1
0:4.2.4-5+lenny1
0:5.0.51a-24+lenny2
0:5.0.32-7etch11
0:1.0.16-2+etch1
0:1.0.17-4+lenny1
0:2.3.30-5+etch3
0:2.4.11-1+lenny1
0:1.9.0.7-0lenny2
2:3.2.5-4lenny7
0:5.2.0+dfsg-8+etch16
0:5.2.6.dfsg.1-1+lenny4
0:1.7.1-3+lenny2
0:2.2.13-14+lenny3
0:2.2.13-10+etch4
0:2.2.13-5+lenny2
0:2.2.13-2+etch2
0:5.0.32-7etch10
0:5.0.51a-24+lenny1
0:0.8.2-4etch3
0:0.9.1-10lenny1
0:1.9.0.11-0lenny1
0:5.0.3-3+lenny4
0:4.10.0-5.1+etch4
0:1.5.6.5-3+lenny2
0:1.4.4.4-4+etch3
4:3.5.9-3+lenny1
4:3.5.5-3etch3
0:1.2.2-4.3+etch2
0:1.6.1-3+lenny3
0:2.53.4-0
0:6.6-3lenny1
0:3.6.1-4+etch1
0:3.6.7-5+lenny3
0:3.4.5-2+etch1
0:1.8.5-4etch5
0:1.9.0+20060609-1etch5
0:1.9.0.2-9lenny1
0:1.8.7.72-3lenny1
0:0.cvs20060823-8+etch1
0:0.svn20080206-17+lenny1
0:2.2.0-4+lenny2
0:2.20-8+etch2
0:1.9.0.12-0lenny1
0:2.2.0-4+lenny1
0:2.20-8+etch1
0:8.3.8-0lenny1
0:8.1.18-0etch1
1:7.4.26-0etch1
0:3.0.STABLE8-3+lenny1
1:1.2.26-2+lenny1
1:1.2.18-3etch2
0:9.3.4-2etch5
0:9.5.1.dfsg.P3-1
0:1.0.4-4+lenny3
0:8.54.dfsg.1-5etch2
0:8.62.dfsg.1-3.2lenny1
0:0.2.6-1+lenny1
0:0.0.20080705-1+lenny1
0:1.9.0.14-0lenny1
0:2.1.0-7
0:72+dfsg-5~lenny3
0:0.9.9-1+etch1
0:1.0.7-3+lenny1
0:3.01-9.1+etch6
0:3.02-1.4+lenny1
0:4.2.5-1+lenny2
0:4.0.2+debian-9
0:1.4.7.dfsg1-6+lenny1
0:1.4.2-6etch2
0:1.3.0-19etch3
0:1.3.1-17lenny4
0:7.15.5-1etch2
0:7.18.2-8lenny2
0:0.6.32-3+lenny2
0:0.4.13-2+etch2
0:0.9.10-3+lenny1
0:2.6.26-19lenny2
0:2.6.26-19lenny1
0:1.5.4-2+etch1
0:1.7.0-3+lenny1
0:0.045-3+etch3
0:0.058-2+lenny3
0:1.20.5-5+lenny1
0:2.6.0.dfsg-1+lenny1
0:2.2.6-02-1+lenny2
0:2.2.3-01-2+etch3
0:2.2.3-4+etch9
0:2.2.9-10+lenny4
0:2.0.1-6+lenny2
0:1.0.2-3+lenny7
0:0.99.4-5.etch.4
0:7.37-dfsg-7
4:2.11.8.1-5+lenny1
4:2.9.1.1-11
0:1.0.2-1+lenny1
0:1.7.1-3+lenny3
0:0.6.6-4+lenny1
0:0.6.4-6+etch1
0:1.4.0-1+lenny1
0:2.2.7-2lenny3
0:1.0.2-3+lenny5
0:4.1.0-3+lenny1
0:3.8.2-11.2
0:3.8.2-7+etch3
0:4.5.14-22etch13
0:4.7~rc2-7lenny3
0:4.0.0.really.3.5.9.dfsg.1-6+lenny1
4:3.5.9.dfsg.1-6+lenny1
2:3.2.5-4lenny9
0:0.9.8c-4etch9
0:0.9.7k-3.1etch5
0:0.9.8g-15+lenny5
0:1.3.12-6+lenny1
0:1.3.5-15+etch1
0:3.6-2etch3
0:3.8.1-3+lenny2
0:1.1.7-13+etch1
0:1.1.11-3.2+lenny1
0:1.5.22-4+etch1
0:1.5.26-4+lenny1
0:2.6.26-21lenny2
0:2.6.26-21lenny3
0:2.6.26-21lenny1
0:2.0.1+dfsg1-2.3+lenny0
0:1.9.0.18-1
0:2.53.5-0
0:0.10.4-4+etch1
0:0.10.8-4.1~lenny2
0:1.6.dfsg.4~beta1-5lenny2
0:1.4.4-7etch8
1:1.12.0-2lenny4
0:1.0.4-1+lenny1
0:2.9.6-4etch2
0:2.10.6-1+lenny1
0:1.9.0.19-1
0:0.99.10-1lenny2
0:1.17.dfsg-1+lenny1
0:1.15-1.1+etch2
0:0.8.6.h-4+lenny2.3
0:1.900.1-5.1+lenny1
0:1.3.1-17lenny2
1:4.2.4p4+dfsg-8lenny3
1:4.2.2.p4+dfsg-2etch4
0:5.2.6.dfsg.1-1+lenny6
0:1.2.1-10+etch1
0:1.4.4-4+lenny1
0:0.8.7-3
0:1.1.2.dfsg-1.4+etch1
0:1.2.0.dfsg-3.1+lenny1
0:6.6-3lenny3
0:9.3.4-2etch6
0:9.5.1.dfsg.P3-1+lenny1
0:1.0.4-5etch2
0:1.0.8-1lenny2
0:3.0.STABLE8-3+lenny3
0:3.0.PRE5-5+etch2
0:2.7.STABLE3-4.1lenny1
0:2.6.5-6etch5
0:1.23-6+lenny1
0:1.21z-5+etch1
0:2.6.26-21lenny4
0:2.8.1-1+etch1
0:2.9.1-2+lenny1
0:1.0.4-4+lenny2
0:2.6.26+0.37-6+lenny3
0:2.6.26+0.4.16+svn162-6+lenny3
0:2.6.26+1.6.6-dfsg-6+lenny3
0:8.0.14-2+lenny1
0:2.6.26+2.0.5-6+lenny3
0:2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3
0:2.6.26+2.20081102-6+lenny3
0:2.6.26+8.0.14-6+lenny3
0:2.6.26+3.3-6+lenny3
0:2.6.26+01.00.20-6+lenny3
0:2.6.26+3.2c-6+lenny3
0:2.6.26+2.0.4-6+lenny3
0:2.6.26+1.2.3-2-6+lenny3
0:2.6.26-6+lenny3
0:2.6.26+4.43-6+lenny3
0:2.6.26+0+20080719-6+lenny3
4:2.11.8.1-5+lenny4
0:7.15.5-1etch3
0:7.18.2-8lenny3
0:2.2.3-01-2+etch2
0:2.2.3-4+etch8
0:2.2.6-02-1+lenny1
0:2.2.9-10+lenny3
1:1.12.0-2lenny5
0:72+dfsg-5~lenny2
0:1.9.2-4+lenny2
0:2.10.35lenny6-0
0:2.9.26etch4-0
0:1.20.5-3+lenny1
0:1.14.8-5+etch1
0:1.0.1-4+lenny2
0:2.2.1-1+lenny1
0:1.3.8-1+lenny8
0:2.2.13-10+etch2
0:2.2.13-14+lenny1
0:2.0-2+lenny2
0:2.0.dfsg1-4+lenny2
0:1.3.1.dfsg1-3+lenny2
0:1.3f.dfsg1-2+etch2
0:0.0.20080710-3+lenny1
0:2.4.2-1+lenny1
0:2.4.2-1+etch1
0:2.2.6-02-1+lenny2+b3
0:2.2.6-02-1+lenny2+b4
0:2.2.9-10+lenny7
0:3.1.7-1+lenny1
0:2.4.4-3+etch3
0:2.5.2-15+lenny1
0:2.4.6-1+lenny1
0:2.5-5+etch2
0:72+dfsg-5~lenny5
0:1.4.13-4etch12
0:1.4.19-5+lenny1
0:4.2.5-1+lenny3
0:1.1.0.5-6+lenny1
0:2.2.8.dfsg-2+lenny1
0:7.2.2.dfsg.2-4+lenny1
0:1.2.27-2+lenny3
0:1.0.4-4+lenny5
0:1.7.1-3+lenny4
0:6.6-3lenny5
0:1.0.2-3+lenny8
0:3.1.3-4etch7
0:3.2.2+debian0-2+lenny2
0:1.22-1+lenny2
0:1.0.2-1+lenny2
0:1.9.0.16-1
0:2.6.26-17lenny1
0:0.14.0-1+lenny1
0:0.svn20080206-18+lenny1
0:1.23.28+etch1-0
0:1.24.2.1+lenny1-0
0:0.2.6-7+lenny1
0:5.2.6.dfsg.1-1+lenny8
0:3.02-1.4+lenny2
0:0.8.6i-3.6
0:0.8.7b-2.1+lenny1
0:72+dfsg-5~lenny4
0:1.3.6-4etch1
0:1.4.2-0.1+lenny1
0:1.2.0-8.4+lenny1
0:0.9.8g-15+lenny6
1:1.4.21.2~dfsg-3+lenny1
0:4.4.3-1+lenny1
0:1.9.0.9-0lenny2
0:1.14.29-0
0:1.4+OOo2.4.1+dfsg-1+lenny6
0:1.0+OOo2.4.1+dfsg-1+lenny5
0:1.0+OOo2.4.1+dfsg-1+lenny4
0:1.1.13.0+OOo2.4.1+dfsg-1+lenny5
0:1.4+OOo2.4.1+dfsg-1+lenny4
0:1.0.13.0+OOo2.4.1+dfsg-1+lenny4
0:1.0.10.0+OOo2.4.1+dfsg-1+lenny5
0:1.4+OOo2.4.1+dfsg-1+lenny5
0:2.0.4.dfsg.2-7etch8
0:2.0.4.dfsg.2-7etch9
0:0.7.6+OOo2.4.1+dfsg-1+lenny4
0:1.0.2+OOo2.4.1+dfsg-1+lenny4
0:1.0.13.0+OOo2.4.1+dfsg-1+lenny6
0:2.4.1+dfsg-1+lenny4
0:2.4.1+dfsg-1+lenny5
0:2.4.1+dfsg-1+lenny6
0:0.9.10-3+lenny2
0:0.8.7b-2.1+lenny2
0:2.0.4-3+lenny1
0:2.0.2-11+etch1
0:1.4.004-2.dfsg-4.2
0:2.7.4-1.1+lenny1
0:2.5.3-4.4+etch1
1:7.4.27-0etch1
0:8.3.9-0lenny1
0:8.1.19-0etch1
0:1.2.6-3+lenny2
0:10.0-12+lenny1
0:0.10-2+lenny1
0:0.9-2+etch1
4:3.5.10.dfsg.1-0lenny4
1:0.9.16.012+dfsg-8+lenny2
0:5.0.32-7etch12
0:5.0.51a-24+lenny3
0:0.1.6-1+etch1
0:0.1.9-4+lenny1
1:1.0~rc2-17+lenny3.2
0:1.95.8-3.4+etch2
0:2.0.1-4+lenny2
0:2.3.6.ds1-13etch10
0:2.7-18lenny2
0:0.0.20080505-4+lenny1
0:1.4.0-1.2+lenny1
0:1.6.dfsg.4~beta1-5lenny3
0:0.3.1-8+lenny1
0:8.13.8-3+etch1
0:8.14.3-5+lenny1
0:0.4.16+svn162-3.1+lenny1
0:7.18.2-8lenny4
0:2.0.0.24-0lenny1
1:0.9.16.012+dfsg-8+lenny1
0:1.8.2.dfsg-3+lenny3
0:1.0~beta3-1+lenny1
0:2.4.3-4lenny6
0:1.2.15~beta5-1+etch2
0:1.2.27-2+lenny2
0:0.0.20080505-4+lenny1
0:1.6.dfsg.4~beta1-5lenny3
0:1.4.0-1+lenny1
0:1.9.0.7-0lenny1
0:6.6-3lenny5
0:8.13.8-3+etch1
0:8.14.3-5+lenny1
0:3.02-1.4+lenny3
0:2.4.11-1+lenny1
0:2.3.30-5+etch3
0:0.8.7-4
0:5.0.32-7etch10
0:5.0.51a-24+lenny1
0:2.2.13-14+lenny3
0:2.2.13-5+lenny2
0:2.2.13-2+etch2
0:2.2.13-10+etch4
0:1.4.4-3+etch5
0:2.4.2-6+lenny2
0:1.20.5-5+lenny1
4:2.11.8.1-5+lenny7
0:2.0.9-3.1+lenny1
0:5.0.51a-24+lenny3
0:5.0.32-7etch12
0:0.9.10-3+lenny2
0:0.3.1-8+lenny1
0:<end-of-life> (upstream has discontinued providing virus signatures for versions prior to 0.95)
0:2.8.1-1+etch1
0:2.9.1-2+lenny1
0:1.1.11-3.2+lenny1
0:1.1.7-13+etch1
0:4.4.3-1+lenny1
0:2.2.3-4+etch9
0:2.2.9-10+lenny4
0:2.6.32.dfsg-5+lenny3
0:1.2.7-4+etch8
0:1.3.8-1+lenny6
0:72+dfsg-5~lenny5
0:1.0.rc15-2etch5
1:1.0.15-2.3+lenny1
0:0.2.1.26-1~lenny+4
0:4.2.3-1+lenny3
0:2.6.3.2.1.5+etch1-0
0:2.6.3.2.2-3+lenny1
0:2.4.5.1.1+etch1-0
0:2.8.7.1-1.1+lenny1
0:2.5.1-11+lenny4
0:1.7.1-3+lenny3
0:72+dfsg-5~lenny4
0:2.5.3-4.4+etch1
0:2.7.4-1.1+lenny1
0:0.4.13-2+etch3
0:0.6.32-3+lenny3
2:10.0-12+lenny1
0:1.0.1-4+lenny2
0:1.1.0.5-6+lenny1
2:8.0.14-2+lenny1
0:2.6.26-6+lenny3
0:0.1.9-4+lenny1
0:0.1.6-1+etch1
0:1.7.1-3+lenny4
1:2.4.12+dfsg-1.3+lenny2
1:2.4.6+dfsg.2-1.1+etch2
0:1.6.9p17-2+lenny1
0:0.3.1-8+lenny2
0:2.4.6-1+lenny1
0:2.5-5+etch2
0:2.5.2-15+lenny1
0:2.4.4-3+etch3
0:5.0.3-3+lenny5
0:1.1.6-2+etch1
0:1.1.14-1+lenny1
1:4.2.4p4+dfsg-8lenny3
1:4.2.2.p4+dfsg-2etch4
0:5.2.6.dfsg.1-1+lenny16
0:0.8.7b-2.1+lenny5
0:6b18-1.8.10-0~lenny1
0:1.3.1-17lenny9
0:0.0.20080505-4+lenny4
0:1.9.0.19-14
0:0.29.18-1+lenny2
0:2.22.2-4~lenny2
0:2.6.26-26lenny4
0:1.5.1dfsg1-4
0:1.4.2dfsg1-3
0:0.058-2+lenny3
0:0.045-3+etch3
0:0.0.20080705-1+lenny1
0:1.4.0-3+lenny2
0:1.2.1-3+etch1
0:3.55-1+etch1
0:3.56-1+lenny1
0:2.2.1-1+lenny2
0:1.9.0.12-0lenny1
0:1.0.8-1lenny2
0:1.0.4-5etch2
0:2.2.3-01-2+etch2
0:2.2.6-02-1+lenny1
0:2.2.9-10+lenny3
0:2.2.3-4+etch8
0:1.65-4etch1
0:1.77-3+lenny1
0:2.1.0-7
0:9.3.4-2etch5
0:9.5.1.dfsg.P3-1
0:1.0.2-3+lenny5
0:0.9.7k-3.1etch3
0:0.9.8g-15+lenny1
0:0.9.8c-4etch5
0:2.6.26-1um-2+15lenny2
0:2.6.26-15lenny2
0:2.0.dfsg1-4+lenny1
0:2.0-2+lenny1
0:1.17.dfsg-1+lenny1
0:1.15-1.1+etch2
0:2.20-8+etch3
0:1:2.2.0-4+lenny3
4:2.11.8.1-5+lenny3
4:2.9.1.1-13
1:0.7.1-1.3+lenny2
1:0.6.6-3.1etch3
0:3.12.3.1-0lenny1
0:2.0.1+dfsg1-2.3+lenny0
0:0.10.4-4+etch1
0:0.10.8-4.1~lenny2
1:9.5.1.dfsg.P3-1+lenny1
1:9.3.4-2etch6
1:1.4.21.2~dfsg-3+lenny1
0:1.3.4-dnh3.2-1+lenny1
0:0.9.7k-3.1etch5
0:0.9.8g-15+lenny5
0:0.9.8c-4etch9
0:2.45-1+lenny1
0:3.1.1-6+lenny3
4:2.11.8.1-5+lenny1
4:2.9.1.1-11
0:3.1.3-4etch6
0:3.2.2+debian0-2+lenny1
0:1.2.1-10+etch1
0:1.4.4-4+lenny1
0:8.1.18-0etch1
1:7.4.26-0etch1
0:8.3.8-0lenny1
0:1.6.3-2+etch3
0:1.8.2.dfsg-3+lenny2
0:1:2.6.2-1lenny1
0:5.2.0+dfsg-8+etch15
0:5.2.6.dfsg.1-1+lenny3
0:1.05-4+lenny1
0:0.8.7-3
0:0.14.0-1+lenny1
0:1.1.6+dfsg-2lenny1
0:2.6.32.dfsg-5+lenny1
0:2.6.27.dfsg-6+etch1
0:1.9.0.13-0lenny1
0:2.1.22.dfsg1-23+lenny1
0:0.cvs20060823-8+etch1
0:0.svn20080206-17+lenny1
0:1.0.4-4+lenny1
0:1.0.4-2+etch1
0:2.53.4-0
0:3.0.4.1-2+lenny2
0:1.9.0.16-1
0:1.2.6-3+lenny2
0:0.6.6-4+lenny1
0:0.6.4-6+etch1
0:6.6-3lenny3
0:3.0-2+lenny2
0:3.0-2+etch2
0:2.0.1-4+lenny2
0:1.95.8-3.4+etch2
0:0.2.5-2+dfsg-1+lenny1
0:2.12.4-2+etch1
0:2.16.6-1+lenny1
0:15.6-6+lenny1
0:3.8.2-7+etch3
0:3.8.2-11.2
0:8.3.11-0lenny1
0:0.9-2+etch1
0:0.10-2+lenny1
0:2.10.35lenny6-0
0:2.9.26etch4-0
0:2.4.2-6+lenny1
0:1.4.4-3+etch4
0:2.2.7-2lenny3
0:1.0.4-4+lenny2
0:1.7.1-3+lenny2
0:2.2.3-01-2+etch4+b1
0:2.2.6-02-1+lenny2+b2
0:2.2.3-4+etch11
0:2.2.9-10+lenny6
0:1.6.9p17-3
1:1.3-15etch3
1:1.3-release-7+lenny1
0:1.22-1+lenny2
0:2.4.3-4lenny2
0:0.105-4etch1
0:0.125-7+lenny1
0:0.6.46.4-0.1+etch1
0:0.7.20.2+lenny1-0
0:1.23.28+etch1-0
0:1.24.2.1+lenny1-0
0:0.99.10-1lenny2
0:1.2.15~beta5-1+etch2
0:1.2.27-2+lenny2
0:0.94.dfsg.2-1lenny2
0:0.90.1dfsg-4etch19
0:1.9.0.14-0lenny1
0:0.11-9
0:1.1.4-1+lenny1
0:1.1.7-2+lenny1
0:1.0-2+lenny1
0:3.0.6-3
0:2.10.35lenny7-0
0:2.9.26etch5-0
0:4.7.1-5
4:3.5.5-3etch4
4:3.5.9-3+lenny2
0:2.3.7-1.1+lenny1
0:3.0.7-3.lenny2
0:2.3.6-1+etch1
0:1.15-1.1+etch3
0:1.17.dfsg-1+lenny2
0:2.4.3-4lenny8
0:2.6.26-19lenny1
0:2.6.26-22lenny1
0:4.5.14-22etch12
0:4.7~rc2-7lenny2
0:0.10.7-2+lenny2
0:0.10.3-3.1+etch3
0:4.2.4.2-1+lenny1
0:1.11.4-2+lenny1
0:1.10.2-2+etch1
0:7.15.5-1etch2
0:7.18.2-8lenny2
0:4.2.4-5+lenny3
0:2.8.0+dfsg-1+etch2
0:0.6.7.1-0
0:1.6.dfsg.4~beta1-5lenny2
0:1.4.4-7etch8
0:1.4.9a-5
0:1.4.15-4+lenny2
0:1.0.4-4+lenny5
0:5.0.3-3+lenny4
0:4.10.0-5.1+etch4
0:0.13.1-2+lenny1
0:0.058-2+lenny4
0:1.5.6.5-3+lenny1
0:1.4.4.4-4+etch2
0:2.6.26-17lenny2
0:2.6.20-1.3
0:2.0.1-6+lenny2
0:1.0.4-1+lenny1
0:1.4.2-0.1+lenny1
0:1.3.6-4etch1
0:0.9.18-2+lenny1
1:2.4.12+dfsg-1.3+lenny1
1:2.4.6+dfsg.2-1.1+etch1
0:6.6-3lenny1
0:3.0.STABLE8-3+lenny1
0:1.9.0.2-9lenny1
0:1.9.0+20060609-1etch5
0:1.8.5-4etch5
0:1.8.7.72-3lenny1
0:1.0.17-4+lenny2
0:1.0.16-2+etch2
0:2.6.26-17lenny1
0:2.7-18lenny4
0:1.0~beta3-1+lenny1
0:2.6.0.dfsg-1+lenny1
0:1.3.8-1+lenny7
0:1.2.7-4+etch9
0:1.20.5-3+lenny1
0:1.14.8-5+etch1
0:5.2.0+dfsg-8+etch16
0:5.2.6.dfsg.1-1+lenny4
0:1.9.0.19-1
0:2.0-4+lenny1
0:0.8.6i-3.6
0:0.8.7b-2.1+lenny1
0:1.2.7-4etch7
0:1.3.8-1lenny5
0:1.2.27-2+lenny3
1:1.0~rc2-17+lenny3.2
0:4.5.14-22etch11
0:4.7~rc2-7lenny1
0:2.6.26-13lenny2
0:1.6.0-13+lenny2
0:1.0.4-4+lenny1
0:2.4.3-4lenny7
0:7.18.2-8lenny4
0:1:1.12.0-2lenny5
0:1.3.6-1lenny3
0:7.18.2-8lenny3
0:7.15.5-1etch3
0:1.0.2-3+lenny9
0:0.9.9-1+etch1
0:1.0.7-3+lenny1
0:6b11-9.1+lenny2
0:2.0.1-4+lenny1
0:1.95.8-3.4+etch1
0:4.0.0.really.3.5.9.dfsg.1-6+lenny1
4:3.5.9.dfsg.1-6+lenny1
0:4.2.4p4+dfsg-8lenny2
0:4.2.2.p4+dfsg-2etch3
0:5.2.6.dfsg.1-1+lenny6
0:1.2.15-1.1+lenny1
0:0.2.8.4-2+etch1
0:0.2.8.4-6+lenny1
0:2.9.5-2+lenny1
0:1.2.1-5+lenny1
0:1.0.2-1+etch3
0:4.2.5-1+lenny3
0:1.0.4-4+lenny4
0:2.4.3-4lenny5
0:2.10.6-1+lenny1
0:2.9.6-4etch2
0:1.4.13-4etch12
0:1.4.19-5+lenny1
2:3.2.5-4lenny6
0:1.9.0.9-0lenny2
0:2.6.26-19lenny2
0:0.4.7-1.1etch2
0:0.4.8-14+lenny1
0:1.9.0.11-0lenny1
0:2.0.4-3+lenny3
0:2.0.2-11+etch2
0:1.95.8-3.4+etch3
0:2.0.1-4+lenny3
0:1.1.12-1+etch1
0:1.2.2-1+lenny1
0:1.14.29-0
0:1.4.0-1.2+lenny1
0:72+dfsg-5~lenny3
0:2.22.3-1.1+lenny2
0:1.6.3-5etch3
0:5.2.6.dfsg.1-1+lenny8
0:3.0.STABLE8-3+lenny2
0:2.6.26-21lenny1
0:2.6.26-21lenny2
0:2.6.26-21lenny3
0:0.11.4-5+lenny1
0:2.2.1-5+etch4
0:2.3.7-2+lenny1
0:3.6-2etch2
0:3.8.1-3+lenny1
1:1.4.4.4-4+etch3
1:1.5.6.5-3+lenny2
0:2.3.7-2+lenny2
0:3.0.6-4~lenny2
0:3.02-1.4+lenny2
0:1.4.004-2.dfsg-4.2
0:2.0.0.22-0lenny1
0:1.0.2-1+lenny2
0:2.53.5-0
0:1.2.7-9
0:1.2.12-5+lenny1
0:1.2.7+dfsg-2+etch3
0:1.2.12+dfsg-8+lenny4
0:0.0.20080710-3+lenny2
1:0.9.16.012+dfsg-8+lenny1
0:1.3.0-19etch3
0:1:0.0.9.2repack1-4lenny1
0:1.0.2-3+lenny8
0:4.2.5-1+lenny2
0:4.0.2+debian-9
0:1.9.0.7-0lenny2
0:0.8.7b-2.1+lenny3
0:1.4.2-6etch2
0:1.4.7.dfsg1-6+lenny1
0:1.9.0.18-1
0:1.8.2.dfsg-3+lenny3
0:1.0.8-1lenny1
0:1.0.4-5etch1
0:72+dfsg-5~lenny2
0:6.6-3lenny2
0:1.2.27-2+lenny4
0:1.0+OOo2.4.1+dfsg-1+lenny3
0:1.4+OOo2.4.1+dfsg-1+lenny3
0:1.1.13.0+OOo2.4.1+dfsg-1+lenny3
0:1.0.10.0+OOo2.4.1+dfsg-1+lenny3
0:1.0.2+OOo2.4.1+dfsg-1+lenny3
0:1.0.13.0+OOo2.4.1+dfsg-1+lenny3
0:0.7.6+OOo2.4.1+dfsg-1+lenny3
0:2.0.4.dfsg.2-7etch6
0:2.0.4.dfsg.2-7etch7
1:2.4.1+dfsg-1+lenny3
0:2.1.8-2
0:0.0.20080710-3+lenny1
0:1.9.0.19-2
0:1.900.1-5.1+lenny1
0:2.3.6.ds1-13etch10
0:2.7-18lenny2
0:1.4.102-1+lenny1
0:2.4.2-1+lenny1
0:2.4.2-1+etch1
7:6.3.7.9.dfsg2-1~lenny3
7:6.2.4.5.dfsg1-0.15+etch1
0:1.0.2-1+lenny1
0:2.0.1-6+lenny1
0:0.9.8g-15+lenny6
0:3.1.11-a-6+lenny1
4:3.5.9-3+lenny3
2:3.2.5-4lenny12
0:3.5.5a.dfsg.1-8etch2
0:3.5.10.dfsg.1-0lenny2
0:1:3.8.1-3+lenny1
0:1:3.8.1-1etch2
0:5.0.51a-24+lenny4
0:1.0.2-3+lenny7
0:0.99.4-5.etch.4
1:1.12.0-2lenny4
0:3.8.1-3+lenny2
0:3.6-2etch3
0:0.52.2-11.3+lenny1
0:0.52.2-10+etch1
0:3.0.STABLE8-3+lenny3
0:3.0.PRE5-5+etch2
0:2.7.STABLE3-4.1lenny1
0:2.6.5-6etch5
0:2.6.26-1um-2+15lenny3
0:2.6.26-15lenny3
0:2.0.0.24-0lenny1
0:2.0.4-13lenny1
4:3.5.9-3+lenny1
4:3.5.5-3etch3
0:2.2.6-02-1+lenny2+b3
0:2.2.6-02-1+lenny2+b4
0:2.2.9-10+lenny7
0:1.6.dfsg.4~beta1-5lenny4
0:2.0.4-3+lenny1
0:2.0.2-11+etch1
0:1:1.2.18-3etch2
0:1:1.2.26-2+lenny1
0:0.8.7b-2.1+lenny2
0:7.37-dfsg-7
0:1:7.2.2.dfsg.2-4+lenny1
0:1:2.2.8.dfsg-2+lenny1
1:9.6.ESV.R1+dfsg-0+lenny1
0:1.2.0-8.4+lenny1
0:4.86a-7+lenny1
0:1.6.dfsg.4~beta1-5lenny1
0:1.4.4-7etch7
0:4.1.0-3+lenny1
0:1.2.7+dfsg-2+etch2
0:1.2.12+dfsg-8+lenny2
2:3.2.5-4lenny9
4:2.11.8.1-5+lenny4
0:1.9.0.15-0lenny1
0:2.0-2+lenny2
0:1.3f.dfsg1-2+etch2
0:2.0.dfsg1-4+lenny2
0:1.3.1.dfsg1-3+lenny2
0:0.6.32-3+lenny2
0:0.4.13-2+etch2
0:1.9.0.19-3
2:3.4.0-5
0:1.0.4-4+lenny3
0:2.6.26-21lenny4
0:8.62.dfsg.1-3.2lenny1
0:8.54.dfsg.1-5etch2
0:3.02-1.4+lenny1
0:2.6-2+etch5
0:1.4.4.4-4+etch4
0:1.5.6.5-3+lenny3
1:9.5.1.dfsg.P3-1+lenny1
0:9.6.ESV.R1+dfsg-0+lenny2
0:0.svn20080206-18+lenny1
0:2.6.20-1.2
0:2.6.14-1etch2
0:1.0.4-4+lenny6
0:2.0.33-5.2etch2
0:2.0.36~rc1~dfsg-3+lenny1
0:2.4.3-4lenny6
0:2.0.10-1etch4
0:2.5.1-11+lenny1
0:1.3.8-1+lenny8
0:0.0.20080429-1+lenny2
0:1.7.0-3+lenny1
0:1.5.4-2+etch1
0:1:4.2.2.p4+dfsg-2etch4
0:1:4.2.4p4+dfsg-8lenny3
0:1.4.102-1+lenny3
0:1.6.19-1.1+lenny1
0:1.6.18-1etch2
0:0.4.16+svn162-3.1+lenny1
0:1:0.7.6+OOo2.4.1+dfsg-1+lenny7
0:1:1.4+OOo2.4.1+dfsg-1+lenny7
0:1:1.0.13.0+OOo2.4.1+dfsg-1+lenny7
0:1:1.0.2+OOo2.4.1+dfsg-1+lenny7
0:1:1.0.10.0+OOo2.4.1+dfsg-1+lenny7
0:1:1.0+OOo2.4.1+dfsg-1+lenny7
0:1:1.1.13.0+OOo2.4.1+dfsg-1+lenny7
0:1:2.4.1+dfsg-1+lenny7
0:1.9.2-4+lenny2
0:2.2.13-10+etch2
0:2.2.13-14+lenny1
0:3.0-2+lenny1
0:3.0-2+etch1
0:1.3.5-15+etch1
0:1.3.12-6+lenny1
0:8.1.19-0etch1
1:7.4.27-0etch1
0:8.3.9-0lenny1
0:2.6.26-26lenny3
0:0.9.10-3+lenny1
1:0.9.16.012+dfsg-8+lenny2
0:5.5.26-5lenny2
0:0.14.0-1+lenny2
0:0.svn20080206-18+lenny3
0:1.3.8-1+lenny9
0:1.4.21.2~dfsg-3+lenny5
0:4.69-9+lenny3
0:1.0.1-4+lenny1
0:4.3-3+etch1
0:4.3-3+lenny1
0:4:3.5.10.dfsg.1-0lenny4
0:2.1.0-alpha29.17-8.1lenny1
0:1.14.31-0
0:1.1.2.dfsg-1.4+etch1
0:1.2.0.dfsg-3.1+lenny1
0:3.1.7-1+lenny1
0:1.3.1-17lenny1
0:4.2.4-5+lenny1
0:2.8.0+dfsg-1+etch1
0:2.6.26-26lenny2
0:2.4.3-4lenny3
1:2.4.1+dfsg-1+lenny11
0:2.2.22-2+lenny2
0:3.1.1-6+lenny2
0:3.0.4-13+etch2
0:1.2.1-5+lenny2
0:0.8.6.h-4+lenny2.3
2:1.4.15-4+lenny1
2:1.4.9a-4
0:0.4.7+dfsg-0.2
4:2.11.8.1-5+lenny5
0:0.4.7-3+lenny1
0:2.7-18lenny7
0:3.12.3.1-0lenny3
0:1.9.0.19-6
0:3.7.3-1+lenny1
0:0.2.6-1+lenny1
0:1.9.0.19-7
0:1.0.17-4+lenny1
0:1.0.16-2+etch1
0:1.21z-5+etch1
0:1.23-6+lenny1
0:8.3.14-0lenny1
0:1.3f.dfsg1-2+etch1
0:1.3.1.dfsg1-3+lenny1
0:1.1.1-2+lenny1
0:1.1a-2+etch1
0:4.7~rc2-7lenny3
0:4.5.14-22etch13
0:0.2.6-7+lenny1
0:2.1.0-7+lenny0.2
0:2.3.7-2+lenny3
0:1.8.13-1
0:5.0.32-7etch11
0:5.0.51a-24+lenny2
0:2.2.1-1+lenny1
0:8.62.dfsg.1-3.2lenny5
0:1.0.2+OOo2.4.1+dfsg-1+lenny8
0:0.7.6+OOo2.4.1+dfsg-1+lenny8
0:1.0.10.0+OOo2.4.1+dfsg-1+lenny8
0:1.4+OOo2.4.1+dfsg-1+lenny8
0:1.0+OOo2.4.1+dfsg-1+lenny8
0:1.1.13.0+OOo2.4.1+dfsg-1+lenny8
0:1.0.13.0+OOo2.4.1+dfsg-1+lenny8
1:2.4.1+dfsg-1+lenny8
0:1.3.1-17lenny6
0:1.9.0.19-4
0:0.99.10-1lenny3
0:1.4.6-1~lenny1
1:9.6.ESV.R3+dfsg-0+lenny1
0:4.69-9+lenny1
0:1.9.0.19-5
0:2.4.11-1+lenny2
0:1:2.9.11-3lenny1
0:2.6.26-26lenny1
0:2.6.32.dfsg-5+lenny2
0:0.9.8g-15+lenny11
0:1.6.3-5etch2
0:2.22.3-1.1+lenny1
0:0.6.23-3lenny2
0:4.69-9+lenny4
0:3.8.2-11.3
0:1.3.07.09-2.1
0:4.4.2-3+lenny1
0:2.5.03.2382-3.3+lenny1
0:1.0.2-3+lenny12
0:1.0.13.0+OOo2.4.1+dfsg-1+lenny4
0:1.0.13.0+OOo2.4.1+dfsg-1+lenny6
0:1.0+OOo2.4.1+dfsg-1+lenny5
0:1.1.13.0+OOo2.4.1+dfsg-1+lenny5
0:1.0+OOo2.4.1+dfsg-1+lenny4
0:1.4+OOo2.4.1+dfsg-1+lenny4
0:1.4+OOo2.4.1+dfsg-1+lenny6
0:0.7.6+OOo2.4.1+dfsg-1+lenny4
0:2.0.4.dfsg.2-7etch8
0:2.0.4.dfsg.2-7etch9
0:1.0.10.0+OOo2.4.1+dfsg-1+lenny5
0:2.4.1+dfsg-1+lenny4
0:1.4+OOo2.4.1+dfsg-1+lenny5
0:2.4.1+dfsg-1+lenny5
0:2.4.1+dfsg-1+lenny6
0:1.0.2+OOo2.4.1+dfsg-1+lenny4
0:1.5.26-4+lenny1
0:1.5.22-4+etch1
0:1.4.102-1+lenny4
0:2.6.26-24lenny1
0:1.14.29+b1-0
0:1.0.5-1+lenny1
4.0
0:3.1.3-4etch7
0:3.2.2+debian0-2+lenny2
0:3.6.7-5+lenny5
0:1:9.6.ESV.R4+dfsg-0+lenny1
0:2.7-18lenny6
0:0.9.8g-15+lenny9
0:0.8.7-4
0:1.8.13-3
0:4.2.5-1+lenny5
0:3.1.11-a-6.0.1+lenny1
0:0.29.17-1+lenny1
0:2.2.9-10+lenny9
0:3.12.3.1-0lenny2
0:2.02.39-8
0:0.2.1.29-1~lenny+1
0:1.7.0-1+lenny1
0:5.2.6.dfsg.1-1+lenny9
0:1.4.19-5+lenny2
0:3.0.STABLE8-3+lenny4
0:0.9.5+cvs20071020-1+lenny1
0:1.2.12+dfsg-8+lenny5
4:2.11.8.1-5+lenny6
0:5.0.3-3+lenny5
0:1.5.6.5-3+lenny3.2
0:2.3.7-2+lenny5
0:1.0.2-3+lenny10
0:4.2.5-1+lenny4
0:8.62.dfsg.1-3.2lenny4
0:6.6-3lenny6
2:3.2.5-4lenny13
0:2.9-1+lenny1
0:8.3.12-0lenny1
0:1.6.0.1-1+lenny1
0:0.9.8g-15+lenny8
0:3.1.1-6+lenny5
0:0.8.0-2+lenny1
0:5.0.51a-24+lenny5
0:5.2.6.dfsg.1-1+lenny13
2:1.4.15-4+lenny3.1
0:2.8.6.b-4+lenny1
0:1.6.dfsg.4~beta1-5lenny6
0:1:3.6.0-2+lenny3
1:2.2-1+lenny1
0:2.3.7-2+lenny2
0:1.9.0.19-2
0:1.6.dfsg.4~beta1-5lenny4
0:2.0.4-13lenny1
0:4.2.4.2-1+lenny1
0:2.6.26-25lenny1
0:1.0.4-4+lenny6
0:1.2-3+lenny1
0:1.7.1-3+lenny5
0:1.0.1-4+lenny1
0:0.058-2+lenny4
4:3.5.9-3+lenny3
0:1.8.13-2
0:1.0+OOo2.4.1+dfsg-1+lenny7
0:1.0.10.0+OOo2.4.1+dfsg-1+lenny7
0:1.4+OOo2.4.1+dfsg-1+lenny7
0:1.0.13.0+OOo2.4.1+dfsg-1+lenny7
0:1.0.2+OOo2.4.1+dfsg-1+lenny7
0:1.1.13.0+OOo2.4.1+dfsg-1+lenny7
0:0.7.6+OOo2.4.1+dfsg-1+lenny7
1:2.4.1+dfsg-1+lenny7
2:3.4.0-5
0:3.1.11-a-6+lenny1
0:1.6.9p17-3
1:9.6.ESV.R1+dfsg-0+lenny1
0:1.0.2-3+lenny11
0:1.5.1dfsg1-5
0:5.0.51a-24+lenny4
0:1.0.1-4+lenny2
0:1.2.15-1.1+lenny1
0:0.9.18-2+lenny1
0:0.8.7b-2.1+lenny3
0:8.3.11-0lenny1
0:1.0.5-1+lenny1
0:2.0.9-3.1+lenny1
0:0.14.0-1+lenny2
0:1.11-1+lenny1
2:3.2.5-4lenny12
0:1.9.0.19-3
0:1.2.27-2+lenny4
0:1.4.102-1+lenny1
5.0
0:1.0.2-3+lenny9
sparc
mips
ppc
hppa
mipsel
armel
s390x
arm
i686
ia64
alpha
x86-64