Debian 9844 Published by

The following updates has been released for Debian GNU/Linux:

[DLA 117-1] qt4-x11 security update
[DLA 118-1] linux-2.6 security update
[DLA 119-1] subversion security update
[DSA 3109-1] firebird2.5 security update



[DLA 117-1] qt4-x11 security update

Package : qt4-x11
Version : 4:4.6.3-4+squeeze2
CVE ID : CVE-2011-3193 CVE-2011-3194

CVE-2011-3193

Check for buffer overflow in Lookup_MarkMarkPos that may cause crash
in this function with certain fonts.

CVE-2011-3194

Fix tiff reader to handle TIFFTAG_SAMPLESPERPIXEL for grayscale
images. The reader uses QImage::Format_Indexed8, but since the samples
per pixel value this should be (non-existent) QImage::Format_Indexed16,
causing memory corruption. The fix falls back to the "normal" way of
reading tiff images.

[DLA 118-1] linux-2.6 security update

Package : linux-2.6
Version : 2.6.32-48squeeze10
CVE ID : CVE-2014-3185 CVE-2014-3687 CVE-2014-3688 CVE-2014-6410
CVE-2014-7841 CVE-2014-8709 CVE-2014-8884

Non-maintainer upload by the Squeeze LTS and Kernel Teams.

New upstream stable release 2.6.32.65, see
http://lkml.org/lkml/2014/12/13/81 for more information.

The stable release 2.6.32.65 includes the following new commits compared
to the previous 2.6.32-48squeeze9 package:

- USB: whiteheat: Added bounds checking for bulk command response
(CVE-2014-3185)
- net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687)
- net: sctp: fix remote memory pressure from excessive queueing
(CVE-2014-3688)
- udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410)
- net: sctp: fix NULL pointer dereference in af->from_addr_param on
malformed packet (CVE-2014-7841)
- mac80211: fix fragmentation code, particularly for encryption
(CVE-2014-8709)
- ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)

We recommend that you upgrade your linux-2.6 packages.



We apologize for a minor cosmetic glitch:

The following commits were already included in 2.6.32-48squeeze9 despite
claims in debian/changelog they were only fixed in 2.6.32-48squeez10:

- vlan: Don't propagate flag changes on down interfaces.
- sctp: Fix double-free introduced by bad backport in 2.6.32.62
- md/raid6: Fix misapplied backport in 2.6.32.64
- block: add missing blk_queue_dead() checks
- block: Fix blk_execute_rq_nowait() dead queue handling
- proc connector: Delete spurious memset in proc_exit_connector()


[DLA 119-1] subversion security update

Package : subversion
Version : 1.6.12dfsg-7+deb6u1
CVE ID : CVE-2014-3580
Debian Bug : 773263

Evgeny Kotkov discovered a NULL pointer dereference while processing
REPORT requests in mod_dav_svn, the Subversion component which is used
to serve repositories with the Apache web server. A remote attacker
could abuse this vulnerability for a denial of service.

We recommend that you upgrade your subversion packages.

[DSA 3109-1] firebird2.5 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3109-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 21, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firebird2.5
CVE ID : CVE-2014-9323
Debian Bug : 772880

Dmitry Kovalenko discovered that the Firebird database server is prone
to a denial of service vulnerability. An unauthenticated remote attacker
could send a malformed network packet to a firebird server, which would
cause the server to crash.

For the stable distribution (wheezy), this problem has been fixed in
version 2.5.2.26540.ds4-1~deb7u2.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 2.5.3.26778.ds4-5.

For the unstable distribution (sid), this problem has been fixed in
version 2.5.3.26778.ds4-5.

We recommend that you upgrade your firebird2.5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/