[guru] Debian biztonsagi frissitesek
DATE: Wed, 04 Jan 2012 16:57:18 +0100
Több biztonsági hibát is javítottak az acpid-ben: túl sok kapcsolat nyitásával
a daemon DoS-olható, a powerbtn.sh script hibája miatt a támadó kódot futtathat
a rendszeren, illetve az egyes script-eket a daemon 0 umask értékkel idítja.
A tor heap buffer overflow hibát tartalmaz SOCKS proxy használata esetén.
A Debian X wrapper ellenőrzi, hogy a szerver csak a konzolról legyen indítható,
de ez az ellenőrzés kikerülhető.
Parancs beszúrási, hibás fájl jogosultsági, SQL injection, információ szivárgási
valamint XSS hibát találtak a dtc csomagban.
XSS, információ szivárgási valamint különböző jogosultás kikerülési hibát
találtak a mediawiki csomagban.
Információ szivárgási valamint DoS lehetőséget találtak az asterisk csomagban.
A lighttpd a base64 kezelés hibája miatt DoS-olható, illetve letilthatóvá
tették SSL-en belül a CBC ciper-eket a blockwise chosen-boundary attack (BCBA)
(másképpen az ismert exploit neve alapján BEAST) támadások lehetetlenné tételére.
A libsoup2.4 rutinkönyvtár directory traversal hibát tartalmaz.
Az unbound rekurzív DNS resolver több DoS hibát is tartalmaz.
Buffer overflow hibát találtak a heimdal telnetd szerverében, a hiba még az
azonosítás előtt kihasználható, így az anonim támadó root jogokkal kódot
futtathat a szerveren. Ugyanez a hiba megtalálható az inetutils, krb5 illetve
krb5-appl csomagokban is.
Az OpenIPMI túl bő jogosultsággal hozza létre a pidfájlt, a támadó így ennek
módosításával tetszőleges programot leállíthat a rendszeren.
Az előző movabletype-opensource csomag javítást kihozták Debian 5.0 (Lenny)
rendszerekre is.
Az openswan IKE daemon-ja (pluto) DoS-olható.
A cyrus imapd NULL deref hiba miatt DoS-olható.
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2362-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : acpid
Vulnerability : several
Problem type : remote
Debian-specific: partly
CVE ID : CVE-2011-1159 CVE-2011-2777 CVE-2011-4578
Multiple vulnerabilities were found in the acpid, the Advanced
Configuration and Power Interface event daemon:
CVE-2011-1159
Vasiliy Kulikov of OpenWall discovered that the socket handling
is vulnerable to denial of service.
CVE-2011-2777
Oliver-Tobias Ripka discovered that incorrect process handling in
the Debian-specific powerbtn.sh script could lead to local
privilege escalation. This issue doesn't affect oldstable. The
script is only shipped as an example in /usr/share/doc/acpid/examples.
See /usr/share/doc/acpid/README.Debian for details.
CVE-2011-4578
Helmut Grohne and Michael Biebl discovered that acpid sets a umask
of 0 when executing scripts, which could result in local privilege
escalation.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.8-1lenny4.
For the stable distribution (squeeze), this problem has been fixed in
version 1:2.0.7-1squeeze3.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your acpid packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7jMMMACgkQXm3vHE4uylpE1wCgzAGz7OTYHqPhuf1GVeQLizhh
s3EAoJ5PA+xv94YnKeic+HkFVEGmqKjS
=t4wv
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2363-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 16, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tor
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2778
It was discovered that Tor, an online privacy tool, incorrectly computes
buffer sizes in certain cases involving SOCKS connections. Malicious
parties could use this to cause a heap-based buffer overflow, potentially
allowing execution of arbitrary code.
In Tor's default configuration this issue can only be triggered by
clients that can connect to Tor's socks port, which listens only on
localhost by default.
In non-default configurations where Tor's SocksPort listens not only on
localhost or where Tor was configured to use another socks server for all of
its outgoing connections, Tor is vulnerable to a larger set of malicious
parties.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.2.1.32-1.
For the stable distribution (squeeze), this problem has been fixed in
version 0.2.2.35-1~squeeze+1.
For the unstable and testing distributions, this problem has been fixed in
version 0.2.2.35-1.
For the experimental distribution, this problem has has fixed in
version 0.2.3.10-alpha-1.
We recommend that you upgrade your tor packages.
Please note that the update for stable (squeeze) updates this package
from 0.2.1.31 to 0.2.2.35, a new major release of Tor, as upstream has
announced end-of-life for the 0.2.1.x tree for the near future. Please
check your Tor runs as expected after the upgrade.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7rfqsACgkQXm3vHE4uyloNFgCg13uxeX7ZD6ObLY/8N2qHrWQj
LUwAn3Yz04t0OxRDRmASSh/4DiIgsySi
=uuXX
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2364-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xorg
Vulnerability : incorrect permission check
Problem type : local
Debian-specific: yes
CVE ID : CVE-2011-4613
Debian Bug : 652249
The Debian X wrapper enforces that the X server can only be started from
a console. "vladz" discovered that this wrapper could be bypassed.
The oldstable distribution (lenny) is not affected.
For the stable distribution (squeeze), this problem has been fixed in
version 7.5+8+squeeze1.
For the unstable distribution (sid), this problem has been fixed in
version 1:7.6+10.
We recommend that you upgrade your xorg packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7uQtsACgkQXm3vHE4uylonHgCglExsT7v9Bhy9YpBp6mUbbZsS
bUcAoNYAylWZATVxFRTmKUkLwlwcIJ3L
=KtkR
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2365-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : dtc
Vulnerability : several
Problem type : local/remote
Debian-specific: no
CVE ID : CVE-2011-3195 CVE-2011-3196 CVE-2011-3197 CVE-2011-3198
CVE-2011-3199
Debian Bug : 637469 637477 637485 637584 637629 637630 637618 637537 637487 637632 637669
Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple
vulnerabilities in DTC, a web control panel for admin and accounting
hosting services:
CVE-2011-3195
A possible shell insertion has been found in the mailing list
handling.
CVE-2011-3196
Unix rights for the apache2.conf were set incorrectly (world
readable).
CVE-2011-3197
Incorrect input sanitising for the $_SERVER["addrlink"] parameter
could lead to SQL insertion.
CVE-2011-3198
DTC was using the -b option of htpasswd, possibly revealing
password in clear text using ps or reading /proc.
CVE-2011-3199
A possible HTML/javascript insertion vulnerability has been found
in the DNS & MX section of the user panel.
This update also fixes several vulnerabilities, for which no CVE ID
has been assigned:
It has been discovered that DTC performs insufficient input sanitising
in the package installer, leading to possible unwanted destination
directory for installed packages if some DTC application packages
are installed (note that these aren't available in Debian main).
DTC was setting-up /etc/sudoers with permissive sudo rights to
chrootuid.
Incorrect input sanitizing in the package installer could lead to
SQL insertion.
A malicious user could enter a specially crafted support ticket
subject leading to an SQL injection in the draw_user_admin.php.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.29.18-1+lenny2
The stable distribution (squeeze) doesn't include dtc.
For the unstable distribution (sid), this problem has been fixed in
version 0.34.1-1.
We recommend that you upgrade your dtc packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7uTYgACgkQXm3vHE4uylr/JACgl1mPf6jUuSjsmOR4XAAd7IfG
f+sAoKnzBNiOQmdsL+tuB3mbJW7Gtx2f
=dODf
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2366-1 security@debian.org
http://www.debian.org/security/ Jonathan Wiltshire
December 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : mediawiki
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1587
CVE-2011-4360 CVE-2011-4361
Debian Bug : 650434
Several problems have been discovered in mediawiki, a website engine for
collaborative work.
CVE-2011-1578 CVE-2011-1587
Masato Kinugawa discovered a cross-site scripting (XSS) issue, which
affects Internet Explorer clients only, and only version 6 and
earlier. Web server configuration changes are required to fix this
issue. Upgrading MediaWiki will only be sufficient for people who use
Apache with AllowOverride enabled.
For details of the required configuration changes, see the upstream
announcements:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html
CVE-2011-1579
Wikipedia user Suffusion of Yellow discovered a CSS validation error
in the wikitext parser. This is an XSS issue for Internet Explorer
clients, and a privacy loss issue for other clients since it allows
the embedding of arbitrary remote images.
CVE-2011-1580
MediaWiki developer Happy-Melon discovered that the transwiki import
feature neglected to perform access control checks on form submission.
The transwiki import feature is disabled by default. If it is enabled,
it allows wiki pages to be copied from a remote wiki listed in
$wgImportSources. The issue means that any user can trigger such an
import to occur.
CVE-2011-4360
Alexandre Emsenhuber discovered an issue where page titles on private
wikis could be exposed bypassing different page ids to index.php. In the
case of the user not having correct permissions, they will now be redirected
to Special:BadTitle.
CVE-2011-4361
Tim Starling discovered that action=ajax requests were dispatched to the
relevant function without any read permission checks being done. This could
have led to data leakage on private wikis.
For the oldstable distribution (lenny), these problems have been fixed in
version 1:1.12.0-2lenny9.
For the stable distribution (squeeze), these problems have been fixed in
version 1:1.15.5-2squeeze2.
For the unstable distribution (sid), these problems have been fixed in
version 1:1.15.5-5.
We recommend that you upgrade your mediawiki packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7vdLMACgkQXm3vHE4uylqtlQCcDQVg0t2VIxQu7YYivt/Qa0Jm
26YAoLK//wg/L42tHVdN1WGDhVBRlcM3
=YKql
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2367-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 19, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : asterisk
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4597 CVE-2011-4598
Debian Bug :
Several vulnerabilities have been discovered in Asterisk, an Open
Source PBX and telephony toolkit:
CVE-2011-4597
Ben Williams discovered that it was possible to enumerate SIP
user names in some configurations. Please see the upstream
advisory for details:
http://downloads.asterisk.org/pub/security/AST-2011-013.html
This update only modifies the sample sip.conf configuration
file. Please see README.Debian for more information on how
to update your installation.
CVE-2011-4598
Kristijan Vrban discovered that Asterisk can be crashed with
malformed SIP packets if the "automon" feature is enabled.
For the oldstable distribution (lenny), this problem has been fixed in
version 1:1.4.21.2~dfsg-3+lenny6.
For the stable distribution (squeeze), this problem has been fixed in
version 1:1.6.2.9-2+squeeze4.
For the unstable distribution (sid), this problem has been fixed in
version 1:1.8.8.0~dfsg-1.
We recommend that you upgrade your asterisk packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7vfTgACgkQXm3vHE4uylrWWQCfYKjpcyNYLZimQkB2XrqlfHQP
qrgAn0NwesjM+b6yo6xP3J4b+uF0zb+E
=U/2x
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Security Advisory DSA-2368-1 security@debian.org
http://www.debian.org/security/ Nico Golde
Dec 20th, 2011 http://www.debian.org/security/faq
- ---------------------------------------------------------------------------
Package : lighttpd
Vulnerability : multiple
Problem type : remote
Debian-specific: no
Debian bug : 652726
CVE IDs : CVE-2011-4362 CVE-2011-3389
Several vulnerabilities have been discovered in lighttpd, a small and fast
webserver with minimal memory footprint.
CVE-2011-4362
Xi Wang discovered that the base64 decoding routine which is used to
decode user input during an HTTP authentication, suffers of a signedness
issue when processing user input. As a result it is possible to force
lighttpd to perform an out-of-bounds read which results in Denial of
Service conditions.
CVE-2011-3389
When using CBC ciphers on an SSL enabled virtual host to communicate with
certain client, a so called "BEAST" attack allows man-in-the-middle
attackers to obtain plaintext HTTP traffic via a blockwise
chosen-boundary attack (BCBA) on an HTTPS session. Technically this is
no lighttpd vulnerability. However, lighttpd offers a workaround to
mitigate this problem by providing a possibility to disable CBC ciphers.
This updates includes this option by default. System administrators
are advised to read the NEWS file of this update (as this may break older
clients).
For the oldstable distribution (lenny), this problem has been fixed in
version 1.4.19+lenny3.
For the stable distribution (squeeze), this problem has been fixed in
version 1.4.28-2+squeeze1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.30-1.
We recommend that you upgrade your lighttpd packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7xIiYACgkQHYflSXNkfP+EtACePVGqAp8vS1tLFBMMChh8+7Ti
w0kAnRVtvsb+ax9FXApntgSnnRVV0rS+
=ahLb
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Security Advisory DSA-2368-1 security@debian.org
http://www.debian.org/security/ Nico Golde
Dec 20th, 2011 http://www.debian.org/security/faq
- ---------------------------------------------------------------------------
Package : lighttpd
Vulnerability : multiple
Problem type : remote
Debian-specific: no
Debian bug : 652726
CVE IDs : CVE-2011-4362 CVE-2011-3389
Several vulnerabilities have been discovered in lighttpd, a small and fast
webserver with minimal memory footprint.
CVE-2011-4362
Xi Wang discovered that the base64 decoding routine which is used to
decode user input during an HTTP authentication, suffers of a signedness
issue when processing user input. As a result it is possible to force
lighttpd to perform an out-of-bounds read which results in Denial of
Service conditions.
CVE-2011-3389
When using CBC ciphers on an SSL enabled virtual host to communicate with
certain client, a so called "BEAST" attack allows man-in-the-middle
attackers to obtain plaintext HTTP traffic via a blockwise
chosen-boundary attack (BCBA) on an HTTPS session. Technically this is
no lighttpd vulnerability. However, lighttpd offers a workaround to
mitigate this problem by providing a possibility to disable CBC ciphers.
This updates includes this option by default. System administrators
are advised to read the NEWS file of this update (as this may break older
clients).
For the oldstable distribution (lenny), this problem has been fixed in
version 1.4.19+lenny3.
For the stable distribution (squeeze), this problem has been fixed in
version 1.4.28-2+squeeze1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.30-1.
We recommend that you upgrade your lighttpd packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7xJ1MACgkQHYflSXNkfP+N5ACgtImneTJSdyEiCLnWTFA0uxzz
qP0An07LJwL5K3NmrMRfKeCVpigpn1zR
=QU3k
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Security Advisory DSA-2369-1 security@debian.org
http://www.debian.org/security/ Nico Golde
Dec 21th, 2011 http://www.debian.org/security/faq
- ---------------------------------------------------------------------------
Package : libsoup2.4
Vulnerability : insufficient input sanitization
Problem type : remote
Debian-specific: no
Debian bug : 635837
CVE IDs : CVE-2011-2524
It was discovered that libsoup2.4, a HTTP library implementation in C, is
not properly validating input when processing requests made to SoupServer.
A remote attacker can exploit this flaw to access system files via a
directory traversal attack.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.4.1-2+lenny1.
For the stable distribution (squeeze), this problem has been fixed in
version 2.30.2-1+squeeze1.
For the testing distribution (squeeze), this problem has been fixed in
version 2.34.3-1.
For the unstable distribution (sid), this problem has been fixed in
version 2.34.3-1.
We recommend that you upgrade your libsoup2.4 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7yY/AACgkQHYflSXNkfP9hJgCeJ+MjF2y08qtblQhwggu5833e
s5sAnjcAW04K2ZhlmB+AZXjs0B+VTfy5
=WbZ2
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2370-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
December 22, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : unbound
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4528 CVE-2011-4869
It was discovered that Unbound, a recursive DNS resolver, would crash
when processing certain malformed DNS responses from authoritative DNS
servers, leading to denial of service.
CVE-2011-4528
Unbound attempts to free unallocated memory during processing
of duplicate CNAME records in a signed zone.
CVE-2011-4869
Unbound does not properly process malformed responses which
lack expected NSEC3 records.
For the oldstable distribution (lenny), these problems have been fixed in
version 1.4.6-1~lenny2.
For the stable distribution (squeeze), these problems have been fixed in
version 1.4.6-1+squeeze2.
For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.4.14-1.
We recommend that you upgrade your unbound packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJO84AiAAoJEL97/wQC1SS+o7MIALCSkqwBIcOdsT10ltH6nHvB
+Of40Vs6QNCDhplmX8+Y6e5Ha6UG5hZLdV/PALok3OkMj0Oyd2cIs6EXXT+QICg9
BgFgDwFtpFSZw5/X9WN3AensVmp2RXmIowM9CQ1MigHCrc08BIRVqiYKK9ZoQZ6m
4zE2ZDbug92pIK4ax1qUBzPoxESlw8E1zgcntZxS7AgaaLvKrEFXPlymsu+Eavv/
E3qyyXAEtE+DQ1Sl9X2w0o59CR9SKgWbTahsY2kS5tO631e3N3/RmApYGxssWl4h
IGKJaONRjyOh13HVK1FZ7Um2y0KCXNlEtiKbTrCstx0Aa9Ka04LRfHSUPdEpeIs=
=cEIS
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2372-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
December 25, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : heimdal
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4862
It was discovered that the Kerberos support for telnetd contains a
pre-authentication buffer overflow, which may enable remote attackers
who can connect to the Telnet to execute arbitrary code with root
privileges.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.2.dfsg.1-2.1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in
version 1.4.0~git20100726.dfsg.1-2+squeeze1.
For the testing distribution (wheezy) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your heimdal packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJO91W9AAoJEL97/wQC1SS+uJEH/RwR3du5TUtcMldjkZHy7TYm
syw6NYwqu1mHNtQwxNghqcJzODFxFwtfaS4rrbGusokT/ZytZ2LOvT3es/2NS9N6
0cfGNrpOYPnf9O/KBG/qDKS4wkIzhET8TXc/bm/IZWSSuSqT1zdZiepDLCV2KyFi
9C/1pPUByKcEUJSqBN/3Yn9AUFWFgu+kdJhq4BX2rU8T7eiTDHG5OtJZAHF6tCxP
ADhxDb88iFuaPZLiAMouAEdeAIBxycvuPH1UcMxAVEkIQHyugkvJlwJyVBxmNxTu
NGxUZkhPsxrltPPcdSyOXVKtd6zV67ZpQwlDeC/URlQSC0QgdOyORZbM/1itLSI=
=aUt6
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2373-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
December 25, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : inetutils
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4862
It was discovered that the Kerberos support for telnetd contains a
pre-authentication buffer overflow, which may enable remote attackers
who can connect to the Telnet to execute arbitrary code with root
privileges.
For the oldstable distribution (lenny), this problem has been fixed in
version 2:1.5.dfsg.1-9+lenny1.
For the stable distribution (squeeze), this problem has been fixed in
version 2:1.6-3.1+squeeze1.
For the testing distribution (wheezy) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your inetutils packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJO91XCAAoJEL97/wQC1SS+6XcH/iiEPh9fJIlA721vvYHyJVXM
m/YKIr1mvzf7EWBTaCGRrGeL7hb3942PsPGvDwVVI5Ewtqq3bYimERZsbA/s/pIW
SpDyr/fWfQEpuol36b0QpkUYSlRWHRT2M7NUrmkD6mKNWq6eeYxPWoIF9luBlY3v
6Z+WnUGKoV3/2trx0g5o8tttNidCNjeLu/jf6b6b/owLyIT7zgNtXdiZRySWT6Sk
4K5/gycscLwf8XfVnyHZP1xptm8kk43BTo5d2EcqA4RkK9TuLr6IqsPMozgF5+MA
1T/Png7IdI33F8TpmMANVXzi2L0GmPJmAhN83uod9WtWXDvORBFZ44sYtwq1if8=
=yGPu
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2374-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 26, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openswan
Vulnerability : implementation error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4073
Debian Bug : 650674
The information security group at ETH Zurich discovered a denial of
service vulnerability in the crypto helper handler of the IKE daemon
pluto. More information can be found in the upstream advisory at
http://openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt
For the oldstable distribution (lenny), this problem has been fixed in
version 1:2.4.12+dfsg-1.3+lenny4.
For the stable distribution (squeeze), this problem has been fixed in
version 1:2.6.28+dfsg-5+squeeze1.
For the unstable distribution (sid), this problem has been fixed in
version 1:2.6.37-1.
We recommend that you upgrade your openswan packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk74aSoACgkQXm3vHE4uyloTDQCgobh8B9WHUz0ayT4KJvi9C00J
1wYAoOdI8X4m6qEWn1cY2JKT/NERWBeJ
=1tWK
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2375-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
December 26, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : krb5, krb5-appl
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4862
It was discovered that the encryption support for BSD telnetd contains
a pre-authentication buffer overflow, which may enable remote
attackers who can connect to the Telnet port to execute arbitrary code
with root privileges.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny7 of the krb5 package.
For the stable distribution (squeeze), this problem has been fixed in
version 1:1.0.1-1.2 of the krb5-appl package.
For the testing distribution (wheezy) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your krb5 and krb5-appl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJO+G20AAoJEL97/wQC1SS+o5sIAJqmXPSliVzHi8rB4o5/L7/5
7Pv6UUR0+ktCSC/bGdPl+cUBIlrqYxoCugAR+AfsY6LsjYUro5q6f8EPvotD4+Gl
IhiDphnHtY+XRT3ybDJSAQFlptt1D9ab+G1UHd6gcbhXI0F5vNuXdR+sZu5iEJEE
5ubiCIWhcICt5jxYFr8kHP8/u0j2HrkL0dRsyvTu8CTdg4XwJqhaBkqWdGXDb5qv
QrQaZRukHE/zxx7D/ZzDOz9qm1+9lu25URdwUN4Wnd9j0mdAAeQO6hFp2fd9aU+/
VPvmrxTG029aVlQhooGkNDPpON8YUOY2SeN988CotX7q9MIiaDO/EeamBBEE23w=
=7SZG
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2376-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 30, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ipmitool
Vulnerability : insecure pid file
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-4339
Debian Bug : 651917
It was discovered that OpenIPMI, the Intelligent Platform Management
Interface library and tools, used too wide permissions PID file,
which allows local users to kill arbitrary processes by writing to
this file.
For the stable distribution (squeeze), this problem has been fixed in
version 1.8.11-2+squeeze2.
For the unstable distribution (sid), this problem has been fixed in
version 1.8.11-5.
We recommend that you upgrade your ipmitool packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJO/Wc/AAoJEOxfUAG2iX57/aEIAI7UnI1v9h9vQVZ4tHF93TQC
RXDdTyLH1cu2AWGb416oSmLwHCKp2GvwihLwHmtUX4OJu21gChfHr7wkZZy2xNVg
qcisZ2zxa66rzg3jFkhC8D9bYbcVIQhC33RwOPxuQngybun+haqPELLuFT6ZXEhz
eTt2rf6/kd1MmZ23wlL+DMgSSqr0up04nj6pZS8Bo7theKZRw2ds6ezWRyhJquP6
uiTuyBVXqEFSyHsdvI93/zXs1g02ltuFztt12pnPaZzu3D1UtRItYX1ylhP5osie
VVOC2Nz4zNDFUun5zrEffcIHPCgD4KMhOJU9f/dENMELcV5eVEm1e1tCrBjojiY=
=DrU8
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2263-2 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 30, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : movabletype-opensource
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : not yet available
Debian Bug : 627936
Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny'
suite at that time. This update adds that package. The original advisory
text follows.
It was discovered that Movable Type, a weblog publishing system,
contains several security vulnerabilities:
A remote attacker could execute arbitrary code in a logged-in users'
web browser.
A remote attacker could read or modify the contents in the system
under certain circumstances.
For the oldstable distribution (lenny), these problems have been fixed in
version 4.2.3-1+lenny3.
For the stable distribution (squeeze), these problems have been fixed in
version 4.3.5+dfsg-2+squeeze2.
For the testing distribution (wheezy) and for the unstable
distribution (sid), these problems have been fixed in version
4.3.6.1+dfsg-1.
We recommend that you upgrade your movabletype-opensource packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJO/W15AAoJEOxfUAG2iX579YAH/iHvmSvkzHQj5mrg48eEw8XI
RCWvrYvCmnvPSJWia0c0p66KuncfABjWO3vN2MQR231TYlFH1UXGhwDQ6pyIxM9S
jjvxmpoJD3DJm9VDlviSJfUulz9f47xyNbOMnB1griTlueOotYZR98B3MnbYzaB/
hemCTK7eC5tHgUj2LK3iVClmmL+OL9ykhFT7gYwJ+k4SX7zh82jrvghzktFoM9RV
nbsVx6uqI341SVIuM/hbDuIHhWnobSPZyEcGEXoU1YcojezwLz/HMyEm929OsWTl
t0SurJvEEGvSQwiIO1cp0/S9txZZtuZQrLFpnFBdnC5YFihdM8TQN2sIZ0y3izA=
=E15M
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2376-2 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 31, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ipmitool
Vulnerability : insecure pid file
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-4339
Debian Bug : 651917
It was discovered that OpenIPMI, the Intelligent Platform Management
Interface library and tools, used too wide permissions PID file,
which allows local users to kill arbitrary processes by writing to
this file.
The original announcement didn't contain corrections for the Debian
5.0 "lenny" distribution. This update adds packages for lenny.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.8.9-2+squeeze1. (Although the version number contains the
string "squeeze", this is in fact an update for lenny.)
For the stable distribution (squeeze), this problem has been fixed in
version 1.8.11-2+squeeze2.
For the unstable distribution (sid), this problem has been fixed in
version 1.8.11-5.
We recommend that you upgrade your ipmitool packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJO/v4FAAoJEOxfUAG2iX57ZxIH/3VOGKFEqkiYJyAeB96EA9d1
QKwRWxJmc+gsCB4cruNUWihCZpvgUVYHY7sRUqC+z5q5CidCehT6MRc+aBtbq0CI
mroBMkTfMl135wYXtEabThDx/gHY+gKgzkqnalPEDAAsY6hMi3YGHeB7VXFClH/c
mManIlimI9qbvBM/FvLCx0e43oBzNgdgbyhZpZO22CugMXwGQjZNfvAE+hfW2n25
fScxAtJTKcg9Wp2buuE7HYvn0dh9m/y8uw/mFwIYr7DLvwWRAcA+NdvCY4o863KT
0eJuPtK685CLFRwKGBKzuBflUBtb7fTpg2hW4GhhHQUF0aHz6Vz0Cpgf715I/bA=
=xZPT
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Security Advisory DSA-2377-1 security@debian.org
http://www.debian.org/security/ Nico Golde
Jan 1st, 2012 http://www.debian.org/security/faq
- ---------------------------------------------------------------------------
Package : cyrus-imapd-2.2
Vulnerability : NULL pointer dereference
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2011-3481
It was discovered that cyrus-imapd, a highly scalable mail system designed
for use in enterprise environments, is not properly parsing mail headers
when a client makes use of the IMAP threading feature. As a result, a NULL
pointer is dereferenced which crashes the daemon. An attacker can trigger
this by sending a mail containing crafted reference headers and access the
mail with a client that uses the server threading feature of IMAP.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.2.13-14+lenny6.
For the stable distribution (squeeze), this problem has been fixed in
version 2.2.13-19+squeeze3.
For the testing (wheezy) and unstable (sid) distributions, this problem has been
fixed in cyrus-imapd-2.4 version 2.4.11-1.
We recommend that you upgrade your cyrus-imapd-2.2 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8A8YAACgkQHYflSXNkfP9PUgCdHyIvbhX7YHHnPFIPCp6/NuBm
VaIAni78Ldp2sREH8INj7sQ3pgSzvZc9
=I+kA
-----END PGP SIGNATURE-----
--- End Message ---