[guru] Debian biztonsagi frissitesek
DATE: Tue, 17 Jan 2012 14:24:37 +0100
Különböző kód futtatást eredményező biztonsági hibákat találtak az ffmpeg
csomag Matroska, QDM2, VP3, VP5, VP6, VMD és SVQ1 formátum kezelőiben.
Az MIT Kerberos implementáció DoS-olható, a program assert-be kergethető az LDAP
valamint a DB backend-ek használatakor, illetve ugyanezen backend-ek egy másik
NULL deref hibát is tartalmaznak.
A foomatic-filters shell parancs befecskendezési hibákat tartalmaz.
A squid3 csomag IPv6 kódja nem megfelelően kezel bizonyos DNS válaszokat, erre
érvénytelen memóriaterületet szabadít fel.
Az eCryptfs fájlrendszer fel és lecsatolásakor nem megfelelően ellenőrzi a
jogosultságot. Felcsatoláskor a támadó olyan állományokhoz férhet hozzá,
amihez nem lenne joga, míg lecsatoláskor DoS-olhatja a rendszert. Ezenkívül a
támadó a kedvére hamisíthatja az mtab állományt, új felhasználó felvételekor
manipulálhatja a kulcsokat, recovery alatt más felhasználók állományaihoz
férhet hozzá, illetve a lock számláló hibája miatt állományokat írhat felül.
Buffer overflow hibát találtak a Super program syslog naplózó kódjában.
Több XSS és SQL befecskendezési (injection) hibát is találtak a cacti csomagban.
A pdns (PowerDNS) a válasz csomagokra is válaszol, így ha a támadó egy másik
DNS szerver címét hamisítja forrásnak, akkor végtelen ciklusban képesek
ping-pongozni.
A simpleSAMLphp XSS hibát tartalmaz.
Az openttd játkék több buffer overflow hibát is tartalmaz.
Számtalan biztonsági hibát (heap buffer overflow, érvénytelen mutató hivatkozás,
felszabadítás utáni memóriahasználat stb.) találtak a t1lib rutinkönyvtárban.
Több biztonsági hibát is találtak az openssl csomagban: a DTLS csak akkor
hajtja végre a MAC ellenőrzést, ha a padding érvényes, ez támadási lehetőséget
nyújt. A X509_V_FLAG_POLICY_CHECK engedélyezése esetén dupla memóriaterület
felszabadítás léphet fel, ami kód futtatást eredményezhet. 32 bites rendszereken
a P-256 és P-384 NIST elliptikus görbe algoritmusok implementációs hibája miatt
az ECC kulcs kiszivároghat a TLS szerverből. Az SSL 3.0 implementációban a
blokk titkosítók nem inicializálják a feltöltésre váró területet, így információ
szivárgás léphet fel. A Server Gated Cryptography (SGC) esetén a handshake
újrakezdését nem megfelelően kezeli, így a rendszer CPU fogyasztással DoS-olható.
Kihozták a linux kernel 2.6 verziójának a javítását: kritikus versenyhelyzetet
találtak a KVM KSM alrendszerében, ettől a rendszer DoS-olható, az IPv4
diagnosztikai rutinok nem ellenőrzik a kéréseket, a támadó magas CPU használatot
érhet el, információ szivárgási hibát találtak a raw packet socket felületen, a
FUSE kernel modullal a fájlrendszer felcsatolásakor a rendszer DoS-olható, buffer
overflow hibát találtak az XFS fájlrendszerben, NULL deref hibát találtak a
security alrendszer felhasználó által definiált kulcsainak kezelésekor, a SCSI
alrendszer ioctl hibája miatt aki hozzáfér egy partícióhoz, az hozzáférhet a
teljes diszkhez is, a POWER7 rendszerek perf támogatása DoS-olható, a KVM PIT
időzítőinek hibájából a rendszer DoS-olható, illetve az X.25 ROSE protokoll
meghajtóban több kód futtatást is lehetővé tevő hibát találtak.
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2378-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 03, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ffmpeg
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4351 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579
Several vulnerabilities have been discovered in ffmpeg, a multimedia
player, server and encoder. Multiple input validations in the decoders
for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of
arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in
version 4:0.5.6-3.
For the unstable distribution (sid), this problem has been fixed in
version 4:0.7.3-1 of the libav source package.
We recommend that you upgrade your ffmpeg packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8DbYoACgkQXm3vHE4uylrBFgCffjBtnGpVL0rDLXmAud6Bguyf
W+8AoKmTyTgtZRk3tYduJ2CccCD6LwHt
=HgJa
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2379-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
January 04, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : krb5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1528 CVE-2011-1529
It was discovered that the Key Distribution Center (KDC) in Kerberos 5
crashes when processing certain crafted requests:
CVE-2011-1528
When the LDAP backend is used, remote users can trigger
a KDC daemon crash and denial of service.
CVE-2011-1529
When the LDAP or Berkeley DB backend is used, remote users
can trigger a NULL pointer dereference in the KDC daemon
and a denial of service.
The oldstable distribution (lenny) is not affected by these problems.
For the stable distribution (squeeze), these problems have been fixed
in version 1.8.3+dfsg-4squeeze5.
For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.10+dfsg~alpha1-1.
We recommend that you upgrade your krb5 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPBKCaAAoJEL97/wQC1SS+/3kIAKdxHCj0h0Bc6Xe+YisGXSA2
xiZjxy0aZILMW+h8/K+5TZb3WhM3mEdVybk9eyDn12mdxquAVlAlEr5VHk3Lraz4
DPnV9KrVvoXwuP008QWLNp97UNtm6sUBF9tqf2hzjn0dOWMIuMb4vxkC1pMP87qr
fW0p0W3hWqrTR13cmTS9k0iRcGwPexwa1CYv+TeGY2S2T5FNsjisyfKVogN4txFp
OxykTkq7I2o26j0kpIyjsOuj0+g+pW/8qvQaIJ//UtLCV8JuNvCPgwThuklrqo9e
1Z+lbeuNirZvoR9TQc+FbUpm9fSJKCt+DguB8lr0GQPG8WqKyxU0Q7WI0Ogp3tU=
=yG6H
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2380-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
January 04, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : foomatic-filters
Vulnerability : shell command injection
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2697 CVE-2011-2964
Debian Bug : 635549
It was discovered that the foomatic-filters, a support package for
setting up printers, allowed authenticated users to submit crafted
print jobs which would execute shell commands on the print servers.
CVE-2011-2697 was assigned to the vulnerability in the Perl
implementation included in lenny, and CVE-2011-2964 to the
vulnerability affecting the C reimplementation part of squeeze.
For the oldstable distribution (lenny), this problem has been fixed in
version 3.0.2-20080211-3.2+lenny1.
For the stable distribution (squeeze), this problem has been fixed in
version 4.0.5-6+squeeze1.
For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 4.0.9-1.
We recommend that you upgrade your foomatic-filters packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPBLxbAAoJEL97/wQC1SS+mp0H/jSmC8YAOiGfuoqh6kXFqs6c
3A5d/OWdt/PmxiGB50uU5PUMRtvf0YsH8zdBnsLxodP8BT/67UEVvlBjcLZ3X8vX
e6auNGP1irGOSIgYb7MWtw+0lCspqv49dc5gK0if/kHBv0ExcHavoR4IMaIvsP6w
YOZcd3FL5rTdgIyIMB+KEbMTJW/sR26GjPbAO/N5WWtwbs3IyctM1YK/DTAu9Yji
opNrQG/vCJIQSWlGEjdQ1oto74WiwEExLPsKgZ7hgv0NL4tKnihFnK3Llox5xFvN
Tx57zt4N916uaPGV20GXin0Vlg2x5IwrLy6S8uAljN/3NnMCobzkCFOP4sc/lp0=
=kTKo
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2381-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
January 06, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : squid3
Vulnerability : invalid memory deallocation
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4096
It was discovered that the IPv6 support code in Squid does not
properly handle certain DNS responses, resulting in deallocation of an
invalid pointer and a daemon crash.
The squid package and the version of squid3 shipped in lenny lack IPv6
support and are not affected by this issue.
For the stable distribution (squeeze), this problem has been fixed in
version 3.1.6-1.2+squeeze2.
For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 3.1.18-1.
We recommend that you upgrade your squid3 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPBwcOAAoJEL97/wQC1SS+m9IH/jRWc9kKuku8KXGpihVK5TCB
boq81hmIlO74Oa9ZSlF3lEAVU4ZqlFtkCnrWxW3ieRP5zK22P/OvMSdM+RxsWu/M
gFi4gueXBKD2a1wks26c5kVcOaeg2cgz4uBQowdSAkwg+vXR9x2ZGr0Ed4CeMziO
OqcYiMkfX8/niCV1xCQuF+9QlLD24EFOQpp49elH34aBZmjnhZGNMf1ok2aISydV
8/LO4PRYhVjSM1cCqtiVc/6kyCgpCVezluhAsfFhn4+GcslI5/deaf3xlgybH0Mz
4WFT6y0U/iHn8SvbzXQAL4c8Q0UiIMSRKBsxiGv+jIDLkaOBL0cd1Sp63/AWptM=
=7lar
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2382-1 security@debian.org
http://www.debian.org/security/ Jonathan Wiltshire
January 07, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ecryptfs-utils
Vulnerability : multiple
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835
CVE-2011-1837 CVE-2011-3145
Several problems have been discovered in ecryptfs-utils, a cryptographic
filesystem for Linux.
CVE-2011-1831
Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
incorrectly validated permissions on the requested mountpoint. A local
attacker could use this flaw to mount to arbitrary locations, leading
to privilege escalation.
CVE-2011-1832
Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
incorrectly validated permissions on the requested mountpoint. A local
attacker could use this flaw to unmount to arbitrary locations, leading
to a denial of service.
CVE-2011-1834
Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly
handled modifications to the mtab file when an error occurs. A local
attacker could use this flaw to corrupt the mtab file, and possibly
unmount arbitrary locations, leading to a denial of service.
CVE-2011-1835
Marc Deslauriers discovered that eCryptfs incorrectly handled keys when
setting up an encrypted private directory. A local attacker could use
this flaw to manipulate keys during creation of a new user.
CVE-2011-1837
Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled
lock counters. A local attacker could use this flaw to possibly overwrite
arbitrary files.
We acknowledge the work of the Ubuntu distribution in preparing patches
suitable for near-direct inclusion in the Debian package.
For the oldstable distribution (lenny), these problems have been fixed in
version 68-1+lenny1.
For the stable distribution (squeeze), these problems have been fixed in
version 83-4+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid),
these problems have been fixed in version 95-1.
We recommend that you upgrade your ecryptfs-utils packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPCJaDAAoJEL97/wQC1SS+eKAH/3TKaU7EDHYi53WPas0ZRH7a
HLS/BToZs2DrMHPzW8IMvCWNavFUy5WnEdRNZgpRPcULonK4Iabsp0XskUFMlJOZ
vbWrjdupnDRFYiQWdcrXdmYBM0xKVaXuwND/ZZUL6KWWGUIL5QF+q03nHE4kWSHc
sRORBQ5gqNWqYtrkVjUDntccASW9vLYaVFixGzNy8lol79ps+laRC58TTjLv5s6Q
fTsPyY/tf7Nsmm5mMyihpJ+WKDUZDOfjxkyIwnnInoomwmLJhKorMA0D6Ry6Mud7
2DLuShV/jR8sEkXBPpoa29CIIrW8P/LSvEbJKIGUi55fMDWwkz1DE7ACVU+hRK4=
=xE87
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2383-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : super
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2776
Robert Luberda discovered a buffer overflow in the syslog logging code of
Super, a tool to execute scripts (or other commands) as if they were root.
The default Debian configuration is not affected.
For the oldstable distribution (lenny), this problem has been fixed in
version 3.30.0-2+lenny1. Due to a technical limitation in the Debian
archive scripts this update cannot be released synchronously with the
stable update. It will be available shortly.
For the stable distribution (squeeze), this problem has been fixed in
version 3.30.0-3+squeeze1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your super packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8KCgUACgkQXm3vHE4uylrOAgCdEuhBgPagfmydqsZHdnQIxVtK
mPYAn2ceqOKWXqAtytksovcRczKd3GOQ
=IKgA
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2384-1 security@debian.org
http://www.debian.org/security/ Luk Claes
January 09, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : cacti
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545
CVE-2011-4824
Several vulnerabilities have been discovered in cacti, a graphing tool
for monitoring data. Multiple cross site scripting issues allow remote
attackers to inject arbitrary web script or HTML. An SQL injection
vulnerability allows remote attackers to execute arbitrary SQL commands.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.8.7b-2.1+lenny4.
For the stable distribution (squeeze), this problem has been fixed in
version 0.8.7g-1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in
version 0.8.7i-2.
We recommend that you upgrade your cacti packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPCzo5AAoJEL97/wQC1SS+dHIH/3ucFAVBmeSUVc+i3z94aZ7C
jY0SsdkTEBl8Mk61z33K43NVcxScXK3dyXIF4ns1Zd/CV/KCZ61nQ2CtPiCiiK0G
Lg6oyR0ezwFxaBXl8fHPOtGQxaQO0l4VoyTphsWIVRKZzNz9u/RQq+kir/FXq6zF
6R/nVejnf/xXywisjnUpOr+kpTfCDo4V2iPZb6MX1vdz2WPlOJUme4UEc7QQLuMW
9y807Jh8UYTs+3ZxB3cI2whq5k74gh8Ba75VLZUHDabrxsMT/d87qTT26vsvk2UD
8X3Lzozlbcqd3/fVolZwt7Lv+i9iSc/T9j6qBMALzQgsEdH15bHptrGVzibEhFo=
=2HDx
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2385-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
January 10, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : pdns
Vulnerability : packet loop
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0206
Ray Morris discovered that the PowerDNS authoritative sever responds
to response packets. An attacker who can spoof the source address of
IP packets can cause an endless packet loop between a PowerDNS
authoritative server and another DNS server, leading to a denial of
service.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.9.21.2-1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in
version 2.9.22-8+squeeze1.
For the testing distribution (wheezy) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your pdns packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPDIQ5AAoJEL97/wQC1SS+nz8H/1qB4Rzmu8X91C82/AUoaKjQ
6yKU85D7e+/iBtjHN8qAec7xGJugGonJCmHK+IgenoCksvaI4rJEZgymj2W83LDC
HB/0KYq3Js7YFLmtTrJkz/xzgwFUB1bh59dzQWWfphgzjw8Nnz4EWkWNbF4ZhuHJ
JYAIkbmipLukNs2ioiu8GaNcE/r5pa/w8sAP/h+E4fKsYC/gcVhQI5/mRTG3jjqF
4Jt7ZrxmRD9hjHclTcmRt2gAql0Q70TsM8gZl66tW+I8HzSc26mYWgRMgRe0mdN6
WN8gfx7FhGF8EnTTv27GDtysnmS61N2akIFr6v/BboyqYQ1qAu9H1rxBzu0jWr8=
=k1Um
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2387-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
January 11, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : simplesamlphp
Vulnerability : insufficient input sanitation
Problem type : remote
Debian-specific: no
timtai1 discovered that simpleSAMLphp, an authentication and federation
platform, is vulnerable to a cross site scripting attack, allowing a
remote attacker to access sensitive client data.
The oldstable distribution (lenny) does not contain a simplesamlphp
package.
For the stable distribution (squeeze), this problem has been fixed in
version 1.6.3-3.
For the unstable distribution (sid), this problem has been fixed in
version 1.8.2-1.
We recommend that you upgrade your simplesamlphp packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJPDdkuAAoJEOxfUAG2iX57HB0H/jMz8Q0ihRk45qfXlJoOYZK9
QlpCWWB0U3bYTMHI0xAMXYa46+iSoD1he+xnsiXjuqBWox0XuRjDWItIjz71W7nQ
oMG5j288dwo8euyo+wnaAEPSUcJBAEMH3b7ZGYLh/AF1Bp2thZ0I4o29irmynZY/
eKIx7Hukwsony1m+czw0ouUv47ZfRchFtQUyDNBqMOIWhDdpf5JNPP22QBPWL+hQ
UWQEUDygvNx8dsUMyv5XsWg8//ErC55a7wjzPgCM/ekC5960QLxPFTZgmXWkNO0e
S5MfXkiFY78cV184gbulDmeZ3cSgJCX9f0hehP4JNvuslJXRBWrY6NgFx1wEVaA=
=JllB
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2386-1 security@debian.org
http://www.debian.org/security/
January 10, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openttd
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3341 CVE-2011-3342 CVE-2011-3343
Several vulnerabilities have been discovered in openttd, a transport
business simulation game. Multiple buffer overflows and off-by-one
errors allow remote attackers to cause denial of service.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.6.2-1+lenny4.
For the stable distribution (squeeze), this problem has been fixed in
version 1.0.4-4.
For the unstable distribution (sid), this problem has been fixed in
version 1.1.4-1.
We recommend that you upgrade your openttd packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPDd6sAAoJEL97/wQC1SS+yJEIAJ3yq/lj8/HAcG3hD8A9Ax5K
oi5mpb69q2EggUBWy81wew3uQwen25rraNKZ1qmaxbWZfcd1AGetjT1wigVYpSuv
jufb0Z9AyLCTFxKuf+XYv7wGzWOfFT4V4Aa3Ubw56sXsQMI511vfAHh929Y4iDQJ
lUkmJM9sngvFzuBfgcXpxMwfsb1gCGSgO8PMMD1Ucyvu7P0egmTWDGeK/JrwG9df
xf63FnOAeidA+7tfC7a4TFfsMbGtppaz8SuvLPValvbS8SI4D9a1U5sVmcIodiIk
a5NSo5GIcwa5Lg7U38XSfJOBEVsheQYJsTl2/n4zV6cK8Y8+DiLfXeTZQi2HqJ0=
=qKb+
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2388-1 security@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
January 14, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : t1lib
Vulnerability : several
Problem type : local
Debian-specific: no
CVE ID : CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552
CVE-2011-1553 CVE-2011-1554
Debian Bug : 652996
Several vulnerabilities were discovered in t1lib, a Postscript Type 1
font rasterizer library, some of which might lead to code execution
through the opening of files embedding bad fonts.
CVE-2010-2642
A heap-based buffer overflow in the AFM font metrics parser
potentially leads to the execution of arbitrary code.
CVE-2011-0433
Another heap-based buffer overflow in the AFM font metrics
parser potentially leads to the execution of arbitrary code.
CVE-2011-0764
An invalid pointer dereference allows execution of arbitrary
code using crafted Type 1 fonts.
CVE-2011-1552
Another invalid pointer dereference results in an application
crash, triggered by crafted Type 1 fonts.
CVE-2011-1553
A use-after-free vulnerability results in an application
crash, triggered by crafted Type 1 fonts.
CVE-2011-1554
An off-by-one error results in an invalid memory read and
application crash, triggered by crafted Type 1 fonts.
For the oldstable distribution (lenny), this problem has been fixed in
version 5.1.2-3+lenny1.
For the stable distribution (squeeze), this problem has been fixed in
version 5.1.2-3+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in
version 5.1.2-3.3.
For the unstable distribution (sid), this problem has been fixed in
version 5.1.2-3.3.
We recommend that you upgrade your t1lib packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPEqtaAAoJEL97/wQC1SS++s4H/1V+Q5spiTcrjuLqFrwyljqz
YtEtm2jVuZKNJwXmntLA3hpyO6cAbw7yZVfimcJagGb7Vc8PkeCR4L+U7Hl7FGk2
4QELdzlMYeM7bJdchBmrmrv0Jd7jhqAek4MMO2gMJyaNxDwnjvWpjWtf1wYzPlJ5
3kopGxF0nKf47IsFd6fFwu5mkCl+RwhG5b0JVuyPYqxr2ir64iS3rcMIxCS3yBOc
IgYhNwNW+WQaJP5MwXelLnzkKJJGmugk9SrLaazVlIRGOXu34RZfziByxbQQQCF6
jGKm2L9ZcWfkDBHsoldEyP1J3WQLNUEqyxzLEib78D/28jEiuAu0GWNCkE+sO78=
=uEYD
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2390-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
January 15, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssl
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4108 CVE-2011-4109 CVE-2011-4354
CVE-2011-4576 CVE-2011-4619
Several vulnerabilities were discovered in OpenSSL, an implementation
of TLS and related protocols. The Common Vulnerabilities and
Exposures project identifies the following vulnerabilities:
CVE-2011-4108
The DTLS implementation performs a MAC check only if certain
padding is valid, which makes it easier for remote attackers
to recover plaintext via a padding oracle attack.
CVE-2011-4109
A double free vulnerability when X509_V_FLAG_POLICY_CHECK is
enabled, allows remote attackers to cause applications crashes
and potentially allow execution of arbitrary code by
triggering failure of a policy check.
CVE-2011-4354
On 32-bit systems, the operations on NIST elliptic curves
P-256 and P-384 are not correctly implemented, potentially
leaking the private ECC key of a TLS server. (Regular
RSA-based keys are not affected by this vulnerability.)
CVE-2011-4576
The SSL 3.0 implementation does not properly initialize data
structures for block cipher padding, which might allow remote
attackers to obtain sensitive information by decrypting the
padding data sent by an SSL peer.
CVE-2011-4619
The Server Gated Cryptography (SGC) implementation in OpenSSL
does not properly handle handshake restarts, unnecessarily
simplifying CPU exhaustion attacks.
For the oldstable distribution (lenny), these problems have been fixed
in version 0.9.8g-15+lenny15.
For the stable distribution (squeeze), these problems have been fixed
in version 0.9.8o-4squeeze5.
For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.0.0f-1.
We recommend that you upgrade your openssl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPEzckAAoJEL97/wQC1SS+I6QH/3m+WwIZkLVOuxIvLG4fH/6E
FI7YeN7o0fC4bCtJp+k8QJIMUZ0oYIbGC15/zMgW04nnnDi4zfn+c7sSb4Ja1bbo
yF5i8Zl0JAzkjvGp4JnSYEnRZb/ctRYanWrI+O1FuR9GNI+DPhGoOxSU2ksI0niO
HPZjyN1oRyGU6+4/Z2AaPoslDqeZvRyL1mLPsm/zgyY3I6WwKFeVd7xgUMNdE5Dw
rCBNxtPEN1E/ftmkE05u0mjGGGJZlEZadYL4K1JLdQN2dYYPM1Amqmj4YE7ipy1D
YyTcb/BWRPMeC5H/0ZSbyd+304pIcAZJaIGdd+pFIu1o/CdMCC1ZRI88e21KuEQ=
=gWrz
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-2389-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
January 15, 2012 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2011-2183 CVE-2011-2213 CVE-2011-2898 CVE-2011-3353
CVE-2011-4077 CVE-2011-4110 CVE-2011-4127 CVE-2011-4611
CVE-2011-4622 CVE-2011-4914
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2011-2183
Andrea Righi reported an issue in KSM, a memory-saving de-duplication
feature. By exploiting a race with exiting tasks, local users can cause
a kernel oops, resulting in a denial of service.
CVE-2011-2213
Dan Rosenberg discovered an issue in the INET socket monitoring interface.
Local users could cause a denial of service by injecting code and causing
the kernel to execute an infinite loop.
CVE-2011-2898
Eric Dumazet reported an information leak in the raw packet socket
implementation.
CVE-2011-3353
Han-Wen Nienhuys reported a local denial of service issue issue in the FUSE
(Filesystem in Userspace) support in the linux kernel. Local users could
cause a buffer overflow, leading to a kernel oops and resulting in a denial
of service.
CVE-2011-4077
Carlos Maiolino reported an issue in the XFS filesystem. A local user
with the ability to mount a filesystem could corrupt memory resulting
in a denial of service or possibly gain elevated privileges.
CVE-2011-4110
David Howells reported an issue in the kernel's access key retention
system which allow local users to cause a kernel oops leading to a denial
of service.
CVE-2011-4127
Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough
support for SCSI devices. Users with permission to access restricted
portions of a device (e.g. a partition or a logical volume) can obtain
access to the entire device by way of the SG_IO ioctl. This could be
exploited by a local user or privileged VM guest to achieve a privilege
escalation.
CVE-2011-4611
Maynard Johnson reported an issue with the perf support on POWER7 systems
that allows local users to cause a denial of service.
CVE-2011-4622
Jan Kiszka reported an issue in the KVM PIT timer support. Local users
with the permission to use KVM can cause a denial of service by starting
a PIT timer without first setting up the irqchip.
CVE-2011-4914
Ben Hutchings reported various bounds checking issues within the ROSE
protocol support in the kernel. Remote users could possibly use this
to gain access to sensitive memory or cause a denial of service.
For the stable distribution (squeeze), this problem has been fixed in version
2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution
(lenny) will be available soon.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+39squeeze1
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJPEz16AAoJEBv4PF5U/IZAgUYP/0vzIc/bZJ1WTirzoElrzXpL
VSN+apE3WHyjHyVzEEncKgXM3HglNjhs+HXlaiWFQsa6bDuzHB3R4GMaj+uUt6jC
jLIVWiuPn3EWGUTRKA2wNtqMYl+nKAU2uYCo0aXV5WXii9rr3GBqxjShsgkE8Ak3
X4s25KePGwNF0dU9gg6ylhv97gtyilp1rDhiIOgJcSkY2Mi93E4+p030cwZlxnKB
Mm5Pr94K6JASyIbBEILLZDEc6qJilkoem81b8Pds2O9FagGbTd9QfwwaEwwUUqZp
fXbEHtd+9tvz3db5VFrp48UmV7Oi9lx30kW5h3tdV0R0P15W8QFaIxvwwuLNtcnL
rYK0mF4pqJS9x5aA+vzZSxsETcFCa7NzE468mt8RF4d5kXjd1hGZ/8w3QYlYp95c
wg1fIbNe3ChdypT3XxmkUDKyzMHPzjyxCoyEg3SQBDn8wJqrQ1SvUB3aBfv/7ju6
6gNEqoyrcMXrnChWDzz8Fc2fXLHMv1w3wNFchl2GSCkP2SpapvqPF/N55FhM/eZd
TI1iOnHUFMgAyLcWFDav3yePQSh+SmMF4jftjFuc+XBgZvalTIbiPdUsQ7/AJmdg
PnQwFULq8kV7zrsBYaK97hjgH83k73IGa40WrIfs1dX+2bCccnIFYFqMrCYQUNVW
2FCy34dWqbQlEpgRK0Az
=rgcP
-----END PGP SIGNATURE-----
--- End Message ---