---------------------------------------------------------------------------
Debian Security Advisory DSA 660-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 26th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : kdebse
Vulnerability : missing return value check
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0078
Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances. This can be exploited by an attacker with physical access to the workstation to take over the desktop session.
For the stable distribution (woody) this problem has been fixed in version 2.2.2-14.9.
This problem has been fixed upstream in KDE 3.0.5 and is therefore fixed in the unstable (sid) and testing (sarge) distributions already.
We recommend that you upgrade your kscreensaver package.
---------------------------------------------------------------------------
Debian Security Advisory DSA 659-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 26th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : libpam-radius-auth
Vulnerability : information leak, integer underflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1340 CAN-2005-0108
Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module. The Common Vulnerabilities and Exposures Project identifies the following problems:
CAN-2004-1340
The Debian package accidently installed its configuration file /etc/pam_radius_auth.conf world-readable. Since it may possibly contain secrets all local users are able to read them if the administrator hasn't adjusted file permissions. This problem is Debian specific.
CAN-2005-0108
Leon Juranic discoverd an integer underflow in the mod_auth_radius module for Apache which is also present in libpam-radius-auth.
For the stable distribution (woody) these problems have been fixed in version 1.3.14-1.3.
For the unstable distribution (sid) these problems have been fixed in version 1.3.16-3.
We recommend that you upgrade your libpam-radius-auth package.
OSNews has posted a new article on Debian GNU/Linux
New libdbi-perl packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 658-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 25th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : libdbi-perl
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0077
Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a tmporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library.
For the stable distribution (woody) this problem has been fixed in version 1.21-2woody2.
For the unstable distribution (sid) this problem has been fixed in version 1.46-6.
We recommend that you upgrade your libdbi-perl package.
New xine-lib packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 657-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 25th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : xine-lib
Vulnerability : buffer overflow
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CAN-2004-1379
BugTraq ID : 11205
A heap overflow has been discovered in the DVD subpicture decoder of xine-lib. An attacker could cause arbitrary code to be executed on the victims host by supplying a malicious MPEG. By tricking users to view a malicious network stream, this is remotely exploitable.
For the stable distribution (woody) this problem has been fixed in version 0.9.8-2woody2.
For the unstable distribution (sid) this problem has been fixed in version 1-rc6a-1.
We recommend that you upgrade your libxine packages.
New vdr packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 656-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 25th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : vdr
Vulnerability : insecure file access
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0071
Javier Fernández-Sanguino Peña from the Debian Security Audit Team has discovered that the vdr daemon which is used for video disk recorders for DVB cards can overwrite arbitrary files.
For the stable distribution (woody) this problem has been fixed in version 1.0.0-1woody2.
For the unstable distribution (sid) this problem has been fixed in version 1.2.6-6.
We recommend that you upgrade your vdr package.
Dotdeb.org was down because of a server crash. Some of the packages are back online.
New zhcon packages has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 655-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 25th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : zhcon
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0072
Erik Sjölund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files.
For the stable distribution (woody) this problem has been fixed in version 0.2-4woody3.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your zhcon package.
Backports.org has released a backport of the latest Debian Kernel 2.4.27 package for Debian GNU/Linux 3.0
New enscript packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 654-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 21st, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : enscript
Vulnerability : several
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2004-1184
Unsanitised input can cause the execution of arbitrary commands via EPSF pipe support. This has been disabled, also upstream.
CAN-2004-1185
Due to missing sanitising of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed.
CAN-2004-1186
Multiple buffer overflows can cause the program to crash.
Usually, enscript is only run locally, but since it is executed inside of viewcvs some of the problems mentioned above can easily be turned into a remote vulnerability.
For the stable distribution (woody) these problems have been fixed in version 1.6.3-1.3.
For the unstable distribution (sid) these problems have been fixed in version 1.6.4-6.
We recommend that you upgrade your enscript package.
New ethereal packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 653-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 21st, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : ethereal
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0084
A buffer overflow has been detected in the X11 dissector of ethereal, a commonly used network traffic analyser. A remote attacker may be able to overflow a buffer using a specially crafted IP packet. More problems have been discovered which don't apply to the version in woody but are fixed in sid as well.
For the stable distribution (woody) this problem has been fixed in version 0.9.4-1woody11.
For the unstable distribution (sid) this problem has been fixed in version 0.10.9-1.
We recommend that you upgrade your ethereal package.
DotDeb.org has released updated MySQL 4.0.23 and 4.1.8 packages for Debian GNU/Linux 3.0
---------------------------------------------------------------------------
Debian Security Advisory DSA 652-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 21st, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : unarj
Vulnerability : several
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CAN-2004-0947 CAN-2004-1027
Debian Bug : 281922
Several vulnerabilities have been discovered in unarj, a non-free ARJ unarchive utility. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:
CAN-2004-0947
A buffer overflow has been discovered when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when being extracted by a victim.
CAN-2004-1027
A directory traversal vulnerability has been found so that an attacker could create a specially crafted archive which would create files in the parent directory when being extracted by a victim. When used recursively, this vulnerability could be used to overwrite critical system files and programs.
For the stable distribution (woody) these problems have been fixed in version 2.43-3woody1.
For the unstable distribution (sid) these problems don't apply since unstable/non-free does not contain the unarj package.
We recommend that you upgrade your unarj package.
---------------------------------------------------------------------------
Debian Security Advisory DSA 651-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 20th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : squid
Vulnerability : buffer overflow, integer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0094 CAN-2005-0095
Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:
CAN-2005-0094
"infamous41md" discovered a buffer overflow in the parser for Gopher responses which will lead to memory corruption and usually crash Squid.
CAN-2005-0095
"infamous41md" discovered an integer overflow in the receiver of WCCP (Web Cache Communication Protocol) messages. An attacker could send a specially crafted UDP datagram that will cause Squid to crash.
For the stable distribution (woody) these problems have been fixed in version 2.4.6-2woody5.
For the unstable distribution (sid) these problems have been fixed in version 2.5.7-4.
We recommend that you upgrade your squid package.
---------------------------------------------------------------------------
Debian Security Advisory DSA 650-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 20th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : sword
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0015
Ulf Härnhammar discovered that due to missing input sanitising in diatheke, a CGI script for making and browsing a bible website, it is possible to execute arbitrary commands via a specially crafted URL.
For the stable distribution (woody) this problem has been fixed in version 1.5.3-3woody2.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your diatheke package.
New xtrlock packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 649-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 20th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : xtrlock
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0079
Debian Bug : 278190 278191
A buffer overflow has been discovered in xtrlock, a minimal X display lock program which can be exploited by a malicious local attacker to crash the lock program and take over the desktop session.
For the stable distribution (woody) this problem has been fixed in version 2.0-6woody2.
For the unstable distribution (sid) this problem has been fixed in version 2.0-9.
We recommend that you upgrade your xtrlock package.
New xpdf packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 648-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 19th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : xpdf
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0064
iDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 1.00-3.4.
For the unstable distribution (sid) this problem has been fixed in version 3.00-12.
We recommend that you upgrade your xpdf package.
New MySQL packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 647-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 19th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : mysql
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0004
Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discoverd a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.
For the stable distribution (woody) this problem has been fixed in version 3.23.49-8.9.
For the unstable distribution (sid) this problem has been fixed in version 4.0.23-3 of mysql-dfsg and in version 4.1.8a-6 of mysql-dfsg-4.1.
We recommend that you upgrade your mysql packages.
New ImageMagick packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 646-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 19th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : imagemagick
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0005
Andrei Nigmatulin discovered a buffer overflow in the PSD image-decoding module of ImageMagick, a commonly used image manipulation library. Remote exploition with a carefully crafted image could lead to the execution of arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 5.4.4.5-1woody5.
For the unstable distribution (sid) this problem has been fixed in version 6.0.6.2-2.
We recommend that you upgrade your imagemagick packages.
New chbg packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 644-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 18th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : chbg
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-1264
Debian Bug : 285904
Danny Lungstrom discoverd a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.
For the stable distribution (woody) this problem has been fixed in version 1.5-1woody1.
For the unstable distribution (sid) this problem has been fixed in version 1.5-4.
We recommend that you upgrade your chbg package.
