New queue packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 643-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 18th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : queue
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0555
"jaguar" of the Debian Security Audit Project has discovered several buffer overflows in queue, a transparent load balancing system.
For the stable distribution (woody) these problems have been fixed in version 1.30.1-4woody2.
For the unstable distribution (sid) these problems have been fixed in version 1.30.1-5.
We recommend that you upgrade your queue package.
New gallery packages are avaiable for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 642-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 17th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : gallery
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1106
BugTraq ID : 11602
Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2004-1106
Jim Paris discovered a cross site scripting vulnerability which allows code to be inserted by using specially formed URLs.
CVE-NOMATCH
The upstream developers of gallery have fixed several cases of possible variable injection that could trick gallery to unintended actions, e.g. leaking database passwords.
For the stable distribution (woody) these problems have been fixed in version 1.2.5-8woody3.
For the unstable distribution (sid) these problems have been fixed in version 1.4.4-pl4-1.
We recommend that you upgrade your gallery package.
NewsForge has posted an article on Debian From Scratch
New playmidi packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 641-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 17th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : playmidi
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0020
Erik Sjölund discovered that playmidi, a MIDI player, contains a setuid root program with a buffer overflow that can be exploited by a local attacker.
For the stable distribution (woody) this problem has been fixed in version 2.4-4woody1.
For the unstable distribution (sid) this problem has been fixed in version 2.4debian-3.
We recommend that you upgrade your playmidi package.
New gatos packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 640-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 17th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : gatos
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0016
Erik Sjölund discovered a buffer overflow in xatitv, one of the programs in the gatos package, that is used to display video with certain ATI video cards. xatitv is installed setuid root in order to gain direct access to the video hardware.
For the stable distribution (woody) this problem has been fixed in version 0.0.5-6woody3.
For the unstable distribution (sid) this problem has been fixed in version 0.0.5-15.
We recommend that you upgrade your gatos package.
New mc packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 639-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 14th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : mc
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091
CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176
Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:
CAN-2004-1004
Multiple format string vulnerabilities
CAN-2004-1005
Multiple buffer overflows
CAN-2004-1009
One infinite loop vulnerability
CAN-2004-1090
Denial of service via corrupted section header
CAN-2004-1091
Denial of service via null dereference
CAN-2004-1092
Freeing unallocated memory
CAN-2004-1093
Denial of service via use of already freed memory
CAN-2004-1174
Denial of service via manipulating non-existing file handles
CAN-2004-1175
Unintended program execution via insecure filename quoting
CAN-2004-1176
Denial of service via a buffer underflow
For the stable distribution (woody) these problems have been fixed in version 4.5.55-1.2woody5
For the unstable distribution (sid) these problems should already be fixed since they were backported from current versions.
We recommend that you upgrade your mc package.
New gopher packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 638-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 13th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : gopher
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0560 CAN-2004-0561
"jaguar" has discovered two security relevant problems in gopherd, the Gopher server in Debian which is part of the gopher package. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2004-0560
An integer overflow can happen when posting content of a specially calculated size.
CAN-2004-0561
A format string vulnerability has been found in the log routine.
For the stable distribution (woody) these problems have been fixed in version 3.0.3woody2.
The unstable distribution (sid) does not contain a gopherd package. It has been replaced by Pygopherd.
We recommend that you upgrade your gopherd package.
New exim-tls packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 637-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 13th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : exim-tls
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0021
Debian Bug : 289046
Philip Hazel announced a buffer overflow in the host_aton function in exim-tls, the SSL-enabled version of the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address.
For the stable distribution (woody) this problem has been fixed in version 3.35-3woody3.
In the unstable distribution (sid) this package does not exist anymore.
We recommend that you upgrade your exim-tls package.
New libc6 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 636-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 12th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : glibc
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0968
BugTraq ID : 11286
Debian Bug : 279680 278278 205600
Several insecure uses of temporary files have been discovered in support scripts in the libc6 package which provices the c library for a GNU/Linux system. Trustix developers found that the catchsegv script uses temporary files insecurely. Openwall developers discovered insecure temporary files in the glibcbug script. These scripts are vulnerable to a symlink attack.
For the stable distribution (woody) these problems have been fixed in version 2.2.5-11.8.
For the unstable distribution (sid) these problems have been fixed in version 2.3.2.ds1-20.
We recommend that you upgrade your libc6 package.
New exim packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 635-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 12th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : exim
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0021
Debian Bug : 289046
Philip Hazel announced a buffer overflow in the host_aton function in exim, the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address.
For the stable distribution (woody) this problem has been fixed in version 3.35-1woody4.
For the unstable distribution (sid) this problem has been fixed in version 3.36-13 of exim and 4.34-10 of exim4.
We recommend that you upgrade your exim and exim4 packages.
New hylafax packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 634-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 11th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : hylafax
Vulnerability : weak hostname and username validation
Problem-Type : local/remote
Debian-specific: no
CVE ID : CAN-2004-1182
Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system.
Some installations of hylafax may actually utilise the weak hostname and username validation for authorized uses. For example, hosts.hfaxd entries that may be common are
192.168.0
username:uid:pass:adminpass
user@host
After updating, these entries will need to be modified in order to continue to function. Respectively, the correct entries should be
192.168.0.[0-9]+
username@:uid:pass:adminpass
user@host
Unless such maching of "username" with "otherusername" and "host" with "hostname" is desired, the proper form of these entries should include the delimiter and markers like this
@192.168.0.[0-9]+$
^username@:uid:pass:adminpass
^user@host$
For the stable distribution (woody) this problem has been fixed in version 4.1.1-3.1.
For the unstable distribution (sid) this problem has been fixed in version 4.2.1-1.
We recommend that you upgrade your hylafax packages.
A new bmv package has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 633-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 11th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : bmv
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2003-0014
Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for SVGAlib, discovered that temporary files are created in an insecure fashion. A malicious local user could cause arbitrary files to be overwritten by a symlink attack.
For the stable distribution (woody) this problem has been fixed in version 1.2-14.2.
For the unstable distribution (sid) this problem has been fixed in version 1.2-17.
We recommend that you upgrade your bmv packages.
New lipopup packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 632-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 10th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : linpopup
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1282
Debian Bug : 287044
Stephen Dranger discovered a buffer overflow in linpopup, an X11 port of winpopup, running over Samba, that could lead to the execution of arbitrary code when displaying a maliciously crafted message.
For the stable distribution (woody) this problem has been fixed in version 1.2.0-2woody1.
For the unstable distribution (sid) this problem has been fixed in version 1.2.0-7.
We recommend that you upgrade your linpopup package.
New kdelibs packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 631-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 10th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : kdelibs
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1165
BugTraq ID : 11827
Debian Bug : 287201
Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.
For the stable distribution (woody) this problem has been fixed in version 2.2.2-13.woody.13.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your kdelibs3 package.
New lintian packages are available for Debian GNU/Linux 3.0
---------------------------------------------------------------------------
Debian Security Advisory DSA 630-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 10th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : lintian
Vulnerability : insecure temporary directory
Problem-Type : local
Debian-specific: yes
CVE ID : CAN-2004-1000
Debian Bug : 286681
Jeroen van Wolffelaar discovered a problem in lintian, the Debian package checker. The program removes the working directory even if it wasn't created at program start, removing an unrelated file or directory a malicious user inserted via a symlink attack.
For the stable distribution (woody) this problem has been fixed in version 1.20.17.1.
For the unstable distribution (sid) this problem has been fixed in version 1.23.6.
We recommend that you upgrade your lintian package.
New SysCP packages are available for Debian Woody and Debian Sarge
New kerberos packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 629-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 7th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : krb5
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1189
CERT advisory : VU#948033
A buffer overflow has been discovered in the MIT Kerberos 5 administration library (libkadm5srv) that could lead to the execution of arbitrary code upon exploition by an authenticated user, not necessarily one with administrative privileges.
For the stable distribution (woody) this problem has been fixed in version 1.2.4-5woody7.
For the unstable distribution (sid) this problem has been fixed in version 1.3.6-1.
We recommend that you upgrade your krb5 packages.
VHCS 2.2 testing packages are now available for Debian GNU/Linux 3.1 (Sarge)
New imlib2 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 628-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 6th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : imlib2
Vulnerability : integer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1026
Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib and imlib2, imaging libraries for X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib or imlib2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project identifies the following problems:
CAN-2004-1025
Multiple heap-based buffer overflows. No such code is present in imlib2.
CAN-2004-1026
Multiple integer overflows in the imlib library.
For the stable distribution (woody) these problems have been fixed in version 1.0.5-2woody2.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your imlib2 packages.
New namazu2 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 627-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 6th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : namazu2
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1318
A cross-site scripting vulnerability has been discovered in namazu2, a full text search engine. An attacker could prepare specially crafted input that would not be sanitised by namazu2 and hence displayed verbatim for the victim.
For the stable distribution (woody) this problem has been fixed in version 2.0.10-1woody3.
For the unstable distribution (sid) this problem has been fixed in version 2.0.14-1.
We recommend that you upgrade your namazu2 package.
