New gtk+2.0 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 549-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 17th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : gtk+2.0
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0782 CAN-2004-0783 CAN-2004-0788
Chris Evans discovered several problems in gdk-pixbuf, the GdkPixBuf library used in Gtk. It is possible for an attacker to execute arbitrary code on the victims machine. Gdk-pixbuf for Gtk+1.2 is an external package. For Gtk+2.0 it's part of the main gtk package.
The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:
CAN-2004-0782
Heap-based overflow in pixbuf_create_from_xpm.
CAN-2004-0783
Stack-based overflow in xpm_extract_color.
CAN-2004-0788
Integer overflow in the ico loader.
For the stable distribution (woody) these problems have been fixed in version 2.0.2-5woody2.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your Gtk packages.
New imlib packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 548-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 16th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : imlib
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0817
Marcus Meissner discovered a heap overflow error in imlib, an imaging library for X and X11, that could be abused by an attacker to execute arbitrary code on the vicims machine.
For the stable distribution (woody) this problem has been fixed in version 1.9.14-2wody1.
For the unstable distribution (sid) this problem has been fixed in version 1.9.14-17 of imlib and in version 1.9.14-16 of imlib+png2.
We recommend that you upgrade your imlib1 packages.
New Imagemagic packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 547-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 16th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : imagemagic
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0827
Debian Bug : 268357
Marcus Meissner from SUSE has discovered several buffer overflows in the ImageMagick graphics library. An attacker could create a malicious image or video file in AVI, BMP, or DIB format that could crash the reading process. It might be possible that carefully crafted images could also allow to execute arbitrary code with the capabilities of the invoking process.
For the stable distribution (woody) this problem has been fixed in version 5.4.4.5-1woody3.
For the unstable distribution (sid) this problem has been fixed in version 6.0.6.2-1.
We recommend that you upgrade your imagemagick packages.
FSN.hu has released new Debian Sarge/SID (testing/unstable) snapshots.
Debian GNU/Linux 3.1 "Sarge"CD images:
#1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 #13 #14 #15DVD images:
#1 #2 #3 Package overviewDebian GNU/Linux 20040914 "Sid" (unstable)CD images:
#1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 #13 #14 #15 #16DVD images:
#1 #2 #3 Package overview
Updated gdk-pixbuf packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 546-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 16th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : gdk-pixbuf
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0753 CAN-2004-0782 CAN-2004-0788
Chris Evans discovered several problems in gdk-pixbuf, the GdkPixBuf library used in Gtk. It is possible for an attacker to execute arbitrary code on the victims machine. Gdk-pixbuf for Gtk+1.2 is an external package. For Gtk+2.0 it's part of the main gtk package.
The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:
CAN-2004-0753
Denial of service in bmp loader.
CAN-2004-0782
Heap-based overflow in pixbuf_create_from_xpm.
CAN-2004-0788
Integer overflow in the ico loader.
For the stable distribution (woody) these problems have been fixed in version 0.17.0-2woody2.
For the unstable distribution (sid) these problems have been fixed in version 0.22.0-7.
We recommend that you upgrade your gdk-pixbuf packages.
New cupsys packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 545-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 15th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : cupsys
Vulnerability : denial of service
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0558
Alvaro Martinez Echevarria discovered a problem in CUPS, the Common UNIX Printing System. An attacker can easily disable browsing in CUPS by sending a specially crafted UDP datagram to port 631 where cupsd is running.
For the stable distribution (woody) this problem has been fixed in version 1.1.14-5woody6.
For the unstable distribution (sid) this problem has been fixed in version cupsys_1.1.20final+rc1-6.
We recommend that you upgrade your cups packages.
Updated webmin packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 544-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 14th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : webmin
Vulnerability : insecure temporary directory
Problem-Type : root
Debian-specific: no
CVE ID : CAN-2004-0559
Ludwig Nussel discovered a problem in webmin, a web-based
administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside.
For the stable distribution (woody) this problem has been fixed in version 0.94-7woody3.
For the unstable distribution (sid) this problem has been fixed in version 1.160-1 of webmin and 1.090-1 of usermin.
We recommend that you upgrade your webmin packages.
Updated krb5 packages are available for Debian GNU/linux
--------------------------------------------------------------------------
Debian Security Advisory DSA 543-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 31st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : krb5
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772
CERT advisory : VU#795632 VU#866472 VU#550464 VU#350792
The MIT Kerberos Development Team has discovered a number of vulnerabilities in the MIT Kerberos Version 5 software. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2004-0642 [VU#795632]
A double-free error may allow unauthenticated remote attackers to execute arbitrary code on KDC or clients.
CAN-2004-0643 [VU#866472]
Several double-free errors may allow authenticated attackers to execute arbitrary code on Kerberos application servers.
CAN-2004-0644 [VU#550464]
A remotely eploitable denial of service vulnerability has been found in the KDC and libraries.
CAN-2004-0772 [VU#350792]
Several double-free errors may allow remote attackers to execute arbitrary code on the server. This does not affect the version in woody.
For the stable distribution (woody) these problems have been fixed in version 1.2.4-5woody6.
For the unstable distribution (sid) these problems have been fixed in version 1.3.4-3.
We recommend that you upgrade your krb5 packages.
New python2.2 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 458-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
Aughst 31st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : python2.2
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2004-0150
BugTraq ID : 9836
Debian Bug : 248946
This security advisory corrects DSA 458-1 which caused some segmentation faults in gethostbyaddr with non-localhost input. This update also disables IPv6 on all architectures.
The original advisory said:
Sebastian Schmidt discovered a buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.
This bug only exists in python 2.2 and 2.2.1, and only when IPv6 support is disabled. The python2.2 package in Debian woody meets these conditions (the 'python' package does not).
For the stable distribution (woody), this bug has been fixed in version 2.2.1-4.5.
The testing and unstable distribution (sid) are not affected by this problem.
We recommend that you update your python2.2 package.
New qt packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 542-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 30th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : qt-copy
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0691 CAN-2004-0692 CAN-2004-0693
Debian Bug : 267092
Several vulnerabilities were discovered in recent versions of Qt, a commonly used graphic widget set, used in KDE for example. The first problem allows an attacker to execute arbitrary code, while the other two only seem to pose a denial of service danger. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2004-0691:
Chris Evans has discovered a heap-based overflow when handling 8-bit RLE encoded BMP files.
CAN-2004-0692:
Marcus Meissner has discovered a crash condition in the XPM handling code, which is not yet fixed in Qt 3.3.
CAN-2004-0693:
Marcus Meissner has discovered a crash condition in the GIF handling code, which is not yet fixed in Qt 3.3.
For the stable distribution (woody) this problem has been fixed in version 3.0.3-20020329-1woody2.
For the unstable distribution (sid) this problem has been fixed in version 3.3.3-4 of qt-x11-free.
We recommend that you upgrade your qt packages.
FreeNX packages are available for Debian GNU/Linux. Thanks Spunz.
Hello, we have intermittent server hassles (migrating to a different box: changing dns, moving the data, etc). I hope we'll be back up fully operational tonight. In the meanwhile, there is the news item from the site:
23.08.2004: FreeNX packages in experimental
The long awaited FreeNX server is finally here! Apt-get it from:
deb http://www.freedesktop.org/~mornfall/debian/ experimental main
After installing it (by =apt-get install nxserver=), run, as root =nxsetup=, then add your users (again as root), like "nxserver --adduser username" and "nxserver --passwd username". The user must exist in the system database first. When you have done this, you can run nxclient (get it from http://www.nomachine.com).
An icecast-server update has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 541-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 24th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : icecast-server
Vulnerability : missing escape
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0781
Markus Wörle discovered a cross site scripting problem in status-display (list.cgi) of the icecast internal webserver, an MPEG layer III streaming server. The UserAgent variable is not properly html_escaped so that an attacker could cause the client to execute arbitrary Java script commands.
For the stable distribution (woody) this problem has been fixed in version 1.3.11-4.2.
For the unstable distribution (sid) this problem has been fixed in version 1.3.12-8.
We recommend that you upgrade your icecast-server package.
HP supports now Debian GNU/Linux on selected servers. Thanks Spunz.
Updated MySQL packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 540-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 18th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : mysql
Vulnerability : insecure file creation
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0457
Jeroen van Wolffelaar jeroen@wolffelaar.nl discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method which is part of the mysql-server packge
For the stable distribution (woody) this problem has been fixed in version 3.23.49-8.7 of mysql.
For the unstable distribution (sid) this problem has been fixed in version 4.0.20-11 of mysql-dfsg.
We recommend that you upgrade your mysql-server package.
New kdelibs packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 539-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 17th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : kdelibs
Vulnerability : temporary directory vulnerability
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0689
The SUSE security team was alerted that in some cases the integrity of symlinks used by KDE are not ensured and that these symlinks can be pointing to stale locations. This can be abused by a local attacker to create or truncate arbitrary files or to prevent KDE applications from functioning correctly.
For the stable distribution (woody) this problem has been fixed in version 2.2.2-13.woody.12.
For the unstable distribution (sid) this problem has been fixed in version 3.3.0-1.
We recommend that you upgrade your kde packages.
Updated rsync packages are avilable for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 538-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 17th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : rsync
Vulnerability : unsanitised input processing
Problem-Type : remote
Debian-specific: no
Debian Bug : 265662
The rsync developers have discoverd a security related problem in rsync, a fast remote file copy program, which offers an attacker to access files outside of the defined directory. To exploit this path-sanitizing bug, rsync has to run in daemon mode with the chroot option being disabled. It does not affect the normal send/receive filenames that specify what files should be transferred. It does affect certain option paths that cause auxilliary files to be read or written.
For the stable distribution (woody) this problem has been fixed in version 2.5.5-0.6.
For the unstable distribution (sid) this problem has been fixed in version 2.6.2-3.
We recommend that you upgrade your rsync package.
Updated roby packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 537-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 16th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ruby
Vulnerability : insecure file permissions
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0755
Debian Bug : 260779
Andres Salomon no ticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore (and presumably PStore, but not in Debian woody) implementations store session information insecurely. They simply create files, ignoring permission issues. This can lead an attacker who has also shell access to the webserver to take over a session.
For the stable distribution (woody) this problem has been fixed in version 1.6.7-3woody3.
For the unstable and testing distributions (sarge and sid) this problem has been fixed in version 1.8.1+1.8.2pre1-4.
We recommend that you upgrade your libruby package.
Release Candidate 1 of the new Debian installer has been released
New libpng, libpng3 packages has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 536-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
August 4th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : libpng
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE Ids : CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768
Chris Evans discovered several vulnerabilities in libpng:
CAN-2004-0597 - Multiple buffer overflows exist, including when handling transparency chunk data, which could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed
CAN-2004-0598 - Multiple NULL pointer dereferences in png_handle_iCPP() and elsewhere could be exploited to cause an application to crash when a specially crafted PNG image is processed
CAN-2004-0599 - Multiple integer overflows in png_handle_sPLT(), png_read_png() nctions and elsewhere could be exploited to cause an application to crash, or potentially arbitrary code to be executed, when a specially crafted PNG image is processed
In addition, a bug related to CAN-2002-1363 was fixed:
CAN-2004-0768 - A buffer overflow could be caused by incorrect calculation of buffer offsets, possibly leading to the execution of arbitrary code
For the current stable distribution (woody), these problems have been fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version 1.0.12-3.woody.7.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you update your libpng and libpng3 packages.
Updated squirrelmail packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 535-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
August 2nd, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : squirrelmail
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2004-0519 CAN-2004-0520 CAN-2004-0521 CAN-2004-0639
Four vulnerabilities were discovered in squirrelmail:
CAN-2004-0519 - Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
CAN-2004-0520 - Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
CAN-2004-0521 - SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
CAN-2004-0639 - Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
For the current stable distribution (woody), these problems have been fixed in version 1:1.2.6-1.4.
For the unstable distribution (sid), these problems have been fixed in 2:1.4.3a-0.1 and earlier versions.
We recommend that you update your squirrelmail package.
