An iptables update has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 580-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 1st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : iptables
Vulnerability : missing initialisation
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0986
Debian Bug : 219686
Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on it own as it was supposed to. This could lead to firewall rules not being loaded on system startup. This caused a failure in connection with rules provided by lokkit at least.
For the stable distribution (woody) this problem has been fixed in version 1.2.6a-5.0woody2.
For the unstable distribution (sid) this problem has been fixed in version 1.2.11-4.
We recommend that you upgrade your iptables package.
New abiword packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 579-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 1st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : abiword
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0645
A buffer overflow vulnerability has been disovered in the wv library, used for converting and previewing word documents. On exploition an attacker could execute arbitrary code with the privileges of the user running the vulnerable application.
For the stable distribution (woody) this problem has been fixed in version 1.0.2+cvs.2002.06.05-1woody2.
The package in the unstable distribution (sid) is not affected.
We recommend that you upgrade your abiword package.
New mpg123 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 578-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 1st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : mpg123
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0982
Carlos Barros has discovered a buffer overflow in the HTTP authentication routine of mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player. If a user opened a malicious playlist or URL, an attacker might execute arbitrary code with the rights of the calling user.
For the stable distribution (woody) this problem has been fixed in version 0.59r-13woody4.
For the unstable distribution (sid) this problem has been fixed in version 0.59r-17.
We recommend that you upgrade your mpg123 package.
New postgresql packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 577-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 29th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : postgresql
Vulnerability : local
Problem-Type : insecure temporary file
Debian-specific: no
CVE ID : CAN-2004-0977
Debian Bug : 278336
Trustix Security Engineers identified insecure temporary file creation in a script included in the postgresql suite, an object-relational SQL database. This could lead an attacker to trick a user to overwrite arbitrary files he has write access to.
For the stable distribution (woody) this problem has been fixed in version 7.2.1-2woody6.
For the unstable distribution (sid) this problem has been fixed in version 7.4.6-1.
We recommend that you upgrade your postgresql packages.
New Squid packages are avaiable for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 576-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 29th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : squid
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-1999-0710 CAN-2004-0918
Debian Bug : 133131
Several security vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-1999-0710
It is possible to bypass access lists and scan arbitrary hosts and ports in the network through cachemgr.cgi, which is installed by default. This update disables this feature and introduces a configuration file (/etc/squid/cachemgr.conf) to control this behavier.
CAN-2004-0918
The asn_parse_header function (asn1.c) in the SNMP module for Squid allows remote attackers to cause a denial of service via certain SNMP packets with negative length fields that causes a memory allocation error.
For the stable distribution (woody) these problems have been fixed in version 2.4.6-2woody4.
For the unstable distribution (sid) these problems have been fixed in version 2.5.7-1.
We recommend that you upgrade your squid package.
New catdoc packages are available for Debian GNU/Linux
--------------------------------------------------------------------------
Debian Security Advisory DSA 575-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 28th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : catdoc
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2003-0193
Debian Bug : 183525
A temporary file problem has been discovered in xlsview from the catdoc suite, convertors from Word to TeX and plain text, which could lead to local users being able to overwrite arbitrary files via a symlink attack on predictable temporary file names.
For the stable distribution (woody) this problem has been fixed in version 0.91.5-1.woody3.
For the unstable distribution (sid) this problem has been fixed in version 0.91.5-2.
We recommend that you upgrade your catdoc package.
New cabextract packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 574-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 28th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : cabextract
Vulnerability : missing directory sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0916
Debian Bug : 277522
The upstream developers discovered a problem in cabextract, a tool to extract cabinet files. The program was able to overwrite files in upper directories. This could lead an attacker to overwrite arbitrary files.
For the stable distribution (woody) this problem has been fixed in version 0.2-2b.
For the unstable distribution (sid) this problem has been fixed in version 1.1-1.
We recommend that you upgrade your cabextract package.
Revision 3 of Debian GNU/Linux 3.0 has been released:
This is the third update of Debian GNU/Linux 3.0 (codename `woody') which mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
Please note that this update does not produce a new version of Debian GNU/Linux 3.0 but only adds a few updated packages to it. There is no need to throw away 3.0 CDs but only to update against ftp.debian.org after an installation, in order to incorporate those late changes.
Upgrading to this revision online is usually done by pointing the `apt' package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
http://www.debian.org/distrib/ftplist
A new cupsys package has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 573-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 21st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : cupsys
Vulnerability : integer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0888
Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document.
For the stable distribution (woody) these problems have been fixed in version 1.1.14-5woody10.
For the unstable distribution (sid) these problems have been fixed in version 1.1.20final+rc1-10.
We recommend that you upgrade your CUPS packages.
New ecartis packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 572-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 21st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : ecartis
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0913
A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings.
For the stable distribution (woody) this problem has been fixed in version 0.129a+1.0.0-snap20020514-1.3.
For the unstable distribution (sid) this problem has been fixed in version 1.0.0+cvs.20030911-8.
We recommend that you upgrade your ecartis package.
New libpng3 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 571-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 20th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : libpng3
Vulnerability : buffer overflows, integer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0955
Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
For the stable distribution (woody) these problems have been fixed in version 1.2.1-1.1.woody.9.
For the unstable distribution (sid) these problems have been fixed in version 1.2.5.0-9.
We recommend that you upgrade your libpng3 packages.
New libpng packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 570-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 20th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : libpng
Vulnerability : integer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0955
Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
For the stable distribution (woody) this problem has been fixed in version 1.0.12-3.woody.9.
For the unstable distribution (sid) this problem has been fixed in version 1.0.15-8.
We recommend that you upgrade your libpng packages.
Another netkit-telnet package for Debian GNU/Linux has been released
---------------------------------------------------------------------------
Debian Security Advisory DSA 556-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
XXXXX 8th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : netkit-telnet
Vulnerability : invalid free(3)
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2004-0911
Debian Bug : 273694
This is an update for DSA 556-1 which was intended to fix a denial of service situation in netkit-telnet but didn't. The update for unstable did fix the problem. For completeness below is the original advisory text:
Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer. This causes the telnet server process to crash, leading to a straightforward denial of service (inetd will disable the service if telnetd is crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user).
For the unstable distribution (sid) this problem has been fixed in version 0.17-26.
For the stable distribution (woody) this problem has been fixed in version 0.17-18woody2.
We recommend that you upgrade your netkit-telnet-ssl package.
New netkit-telnet-ssl packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 569-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 18th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : netkit-telnet-ssl
Vulnerability : invalid free(3)
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2004-0911
Debian Bug : 273694
Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer. This causes the telnet server process to crash, leading to a straightforward denial of service (inetd will disable the service if telnetd is crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user).
For the stable distribution (woody) this problem has been fixed in version 0.17.17+0.1-2woody2
For the unstable distribution (sid) this problem has been fixed in version 0.17.24+0.1-4.
We recommend that you upgrade your netkit-telnet-ssl package.
New cyrus-sasl-mit packages has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 568-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 16th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : cyrus-sasl-mit
Vulnerability : unsanitised input
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0884
Debian Bug : 275498
A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.
The MIT version of the Cyrus implementation of the SASL library provides bindings against MIT GSSAPI and MIT Kerberos4.
For the stable distribution (woody) this problem has been fixed in version 1.5.24-15woody3.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your libsasl packages.
New libtiff packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 567-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 15th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : tiff
Vulnerability : heap overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0803 CAN-2004-0804 CAN-2004-0886
Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash. The Common Vulnerabilities and Exposures Project has identified the following problems:
CAN-2004-0803
Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution.
CAN-2004-0804
Matthias Clasen discovered a division by zero through an integer overflow.
CAN-2004-0886
Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption.
For the stable distribution (woody) these problems have been fixed in version 3.5.5-6woody1.
For the unstable distribution (sid) these problems have been fixed in version 3.6.1-2.
We recommend that you upgrade your libtiff package.
New CUPS packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 566-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 14th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : cupsys
Vulnerability : unsanitised input
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0923
CERT advisory : VU#557062
An information leak has been detected in CUPS, the Common UNIX Printing System, which may lead to the disclosure of sensitive information, such as user names and passwords which are written into log files.
The used patch only eliminates the authentication information in the device URI which is logged in the error_log file. It does not eliminate the URI from the environment and process table, which is why the CUPS developers recommend that system administrators do not code authentication information in device URIs in the first place.
For the stable distribution (woody) this problem has been fixed in version 1.1.14-5woody7.
For the unstable distribution (sid) this problem has been fixed in version 1.1.20final+rc1-9.
We recommend that you upgrade your CUPS package.
Another cyrus-sasl update is available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 563-3 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 14th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : cyrus-sasl
Vulnerability : unsanitised input
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0884
Debian Bug : 275498
This advisory is an addition to DSA 563-1 and 563-2 which weren't able to supersede the library on sparc and arm due to a different version number for them in the stable archive. Other architectures were updated properly. Another problem was reported in connection with sendmail, though, which should be fixed with this update as well.
For the stable distribution (woody) this problem has been fixed in version 1.5.27-3.1woody5.
For reference the advisory text follows:
A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.
For the unstable distribution (sid) this problem has been fixed in version 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of cyrus-sasl2.
We recommend that you upgrade your libsasl packages.
New sox packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 565-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 13th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : sox
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0557
Debian Bug : 262083
Ulf Harnhammar has reported two vulnerabilities in SoX, a universal sound sample translator, which may be exploited by malicious people to compromise a user's system with a specially crafted .wav file.
For the stable distribution (woody) these problems have been fixed in version 12.17.3-4woody2.
For the unstable distribution (sid) these problems have been fixed in version 12.17.4-9.
We recommend that you upgrade your sox package.
New mpg123 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 564-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 13th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : mpg123
Vulnerability : missing user input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0805
License : non-free
Davide Del Vecchio discovered a vulnerability mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player. A malicious MPEG layer 2/3 file could cause the header checks in mpg123 to fail, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123.
For the stable distribution (woody) this problem has been fixed in version 0.59r-13woody3.
For the unstable distribution (sid) this problem has been fixed in version 0.59r-16.
We recommend that you upgrade your mpg123 package.
