Debian 9859 Published by

The following updates has been released for Debian GNU/Linux: [SECURITY] [DSA 2525-1] expat security update, [SECURITY] [DSA 2524-1] openttd security update, and [SECURITY] [DSA 2523-1] globus-gridftp-server security update



[SECURITY] [DSA 2525-1] expat security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-2525-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 06, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : expat
Vulnerability : several
Problem type : local
Debian-specific: no
CVE ID : CVE-2012-0876 CVE-2012-1148

It was discovered that Expat, a C library to parse XML, is vulnerable
to denial of service through hash collisions and a memory leak in
pool handling.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.1-7+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 2.1.0~beta3-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.1.0~beta3-1.

We recommend that you upgrade your expat packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

[SECURITY] [DSA 2524-1] openttd security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2524-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 06, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openttd
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0049 CVE-2012-3436

Two denial of service vulnerabilities have been discovered in the server
component of OpenTTD, a free reimplementation of Transport Tycoon Deluxe.

For the stable distribution (squeeze), this problem has been fixed in
version 1.0.4-6.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your openttd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
[SECURITY] [DSA 2523-1] globus-gridftp-server security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2523-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 06, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : globus-gridftp-server
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-3292

It was discovered that the GridFTP component from the Globus Toolkit, a
toolkit used for building Grid systems and applications performed
insufficient validation of a name lookup, which could lead to privilege
escalation.

For the stable distribution (squeeze), this problem has been fixed in
version 3.23-1+squeeze1 of the globus-gridftp-server source package
and in version 0.43-1+squeeze1 of the globus-gridftp-server-control
source package

For the testing distribution (wheezy) and the unstable distribution (sid),
this problem has been fixed in version 6.5-1.

We recommend that you upgrade your globus-gridftp-server packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/