Another cyrus-sasl package has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 563-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 12th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : cyrus-sasl
Vulnerability : unsanitised input
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0884
Debian Bug : 275498
This advisory corrects DSA 563-1 which contained a library that caused other programs to fail unindented.
For the stable distribution (woody) this problem has been fixed in version 1.5.27-3woody3.
For reference the advisory text follows:
A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.
For the unstable distribution (sid) this problem has been fixed in version 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of cyrus-sasl2.
We recommend that you upgrade your libsasl packages.
New cyrus-sasl packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 563-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 12th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : cyrus-sasl
Vulnerability : unsanitised input
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0884
Debian Bug : 275498
A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.
For the stable distribution (woody) this problem has been fixed in version 1.5.27-3woody2.
For the unstable distribution (sid) this problem has been fixed in version 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of cyrus-sasl2.
We recommend that you upgrade your libsasl packages.
New python2.2 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 458-3 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 10th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : python2.2
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2004-0150
BugTraq ID : 9836
Debian Bug : 248946 269548
This security advisory corrects DSA 458-2 which caused a problem in the gethostbyaddr routine.
The original advisory said:
Sebastian Schmidt discovered a buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.
This bug only exists in python 2.2 and 2.2.1, and only when IPv6 support is disabled. The python2.2 package in Debian woody meets these conditions (the 'python' package does not).
For the stable distribution (woody), this bug has been fixed in version 2.2.1-4.6.
The testing and unstable distribution (sid) are not affected by this problem.
We recommend that you update your python2.2 packages.
VHCS - Virtual Hosting Control System 2.0, a free webhosting control panel, has been released for Debian GNU/Linux
New lesstif packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 560-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 7th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : lesstif1-1
Vulnerability : integer and stack overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0687 CAN-2004-0688
CERT advisory : VU#537878 VU#882750
Chris Evans discovered several stack and integer overflows in the libXpm library which is included in LessTif.
For the stable distribution (woody) this problem has been fixed in version 0.93.18-5.
For the unstable distribution (sid) this problem has been fixed in version 0.93.94-10.
We recommend that you upgrade your lesstif packages.
Updated Samba packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 600-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 7th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : samba
Vulnerability : arbitrary file access
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0815
A vulnerability has been discovered in samba, a commonly used LanManager-like file and printer server for Unix. A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection, though.
For the stable distribution (woody) this problem has been fixed in version 2.2.3a-14.1.
In the unstable (sid) and testing (sarge) distributions this problem was not present.
We recommend that you upgrade your samba packages.
New net-acct packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 559-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 6th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : net-acct
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0851
Debian Bug : 270359
Stefan Nordhausen has identified a local security hole in net-acct, a user-mode IP accounting daemon. Old and redundant code from some time way back in the past created a temporary file in an insecure fashion.
For the stable distribution (woody) this problem has been fixed in version 0.71-5woody1.
For the unstable distribution (sid) this problem has been fixed in version 0.71-7.
We recommend that you upgrade your net-acct package.
New libapache-mod-dav packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 558-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 6th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : libapache-mod-dav
Vulnerability : null pointer dereference
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0809
Julian Reschke reported a problem in mod_dav of Apache 2 in connection with a NULL pointer dereference. When running in a threaded model, especially with Apache 2, a segmentation fault can take out a whole process and hence create a denial of service for the whole server.
For the stable distribution (woody) this problem has been fixed in version 1.0.3-3.1.
For the unstable distribution (sid) this problem has been fixed in version 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of Apache 2.
We recommend that you upgrade your mod_dav packages.
New rp-pppoe packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 557-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 4th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : rp-pppoe, pppoe
Vulnerability : missing privilegue dropping
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0564
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system.
For the stable distribution (woody) this problem has been fixed in version 3.3-1.2.
For the unstable distribution (sid) this problem has been fixed in version 3.5-4.
We recommend that you upgrade your pppoe package.
LinuxBeta.com has posted a screenshot slideshow of the latest version of the new Debian installer
Updated netkit-telnet packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 556-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
October 2nd, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : netkit-telnet
Vulnerability : invalid free(3)
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2004-0911
Debian Bug : 273694
Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer. This causes the telnet server process to crash, leading to a straightforward denial of service (inetd will disable the service if telnetd is crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user).
For the stable distribution (woody) this problem has been fixed in version 0.17-18woody1.
For the unstable distribution (sid) this problem has been fixed in version 0.17-26.
We recommend that you upgrade your netkit-telnetpackage.
New frenet6 packages are available for Debian GNU/Linux 3.0
---------------------------------------------------------------------------
Debian Security Advisory DSA 555-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 30th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : freenet6
Vulnerability : wrong file permissions
Problem-Type : local
Debian-specific: yes
CVE ID : CAN-2004-0563
Debian Bug : 254709
Simon Josefsson noticed that the tspc.conf configuration file in freenet6, a client to configure an IPv6 tunnel to freenet6.net, is set world readable. This file can contain the username and the password used to contact the IPv6 tunnelbroker freenet6.net.
For the stable distribution (woody) this problem has been fixed in version 0.9.6-1woody2.
For the unstable distribution (sid) this problem has been fixed in version 1.0-2.2.
We recommend that you upgrade your freenet6 package.
DotDeb.org has released PHP 5.0.2 packages for Debian GNU/Linux 3.0
Add the following to your /etc/apt/sources.list:
deb http://packages.dotdeb.org ./
New Sendmail packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 554-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 27th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : sendmail
Vulnerability : pre-set password
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2004-0833
Hugo Espuny discovered a problem in sendmail, a commonly used program to deliver electronic mail. When installing "sasl-bin" to use sasl in connection with sendmail, the sendmail configuration script use fixed user/pass information to initialise the sasl database. Any spammer with Debian systems knowledge could utilise such a sendmail installation to relay spam.
For the stable distribution (woody) this problem has been fixed in version 8.12.3-7.1.
For the unstable distribution (sid) this problem has been fixed in version 8.13.1-13.
We recommend that you upgrade your sendmail package.
DotDeb.org has released PHP 4.3.9 and MySQL 4.0.21 packages for Debian GNU/Linux 3.0
New getmail packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 553-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 27th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : getmail
Vulnerability : symlink vulnerability
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0880 CAN-2004-0881
Debian Bug : 272561
A security problem has been discovered in getmail, a POP3 and APOP mail gatherer and forwarder. An attacker with a shell account on the victims host could utilise getmail to overwrite arbitrary files when it is running as root.
For the stable distribution (woody) this problem has been fixed in version 2.3.7-2.
For the unstable distribution (sid) this problem has been fixed in version 3.2.5-1.
We recommend that you upgrade your getmail package.
Steve Langasek has posted a status update on the upcoming Debian 3.1 release
New imlib2 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 552-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 22nd, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : imlib2
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0802
Debian Bug : 271375
Marcus Meissner discovered a heap overflow error in imlib2, an imaging library for X and X11 and the successor of imlib, that may be utilised by an attacker to execute arbitrary code on the victims machine.
For the stable distribution (woody) this problem has been fixed in version 1.0.5-2woody1.
For the unstable distribution (sid) this problem has been fixed in version 1.1.0-12.4.
We recommend that you upgrade your imlib2 packages.
New lukemftpd packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 551-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 21st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : lukemftpd
Vulnerability : incorrect internal variable handling
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0794
Przemyslaw Frasunek discovered a vulnerability in tnftpd or lukemftpd respectively, the enhanced ftp daemon from NetBSD. An attacker could utilise this to execute arbitrary code on the server.
For the stable distribution (woody) this problem has been fixed in version 1.1-1woody2.
For the unstable distribution (sid) this problem has been fixed in version 1.1-2.2.
We recommend that you upgrade your lukemftpd package.
New wv packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 550-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 20th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : wv
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0645
Debian Bug : 264972
iDEFENSE discovered a buffer overflow in the wv library, used to convert and preview Microsoft Word documents. An attacker could create a specially crafted document that could lead wvHtml to execute arbitrary code on the victims machine.
For the stable distribution (woody) this problem has been fixed in version 0.7.1+rvt-2woody3.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your wv package.
