An updated toolchain-source package has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 679-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 14th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : toolchain-source
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: yes
CVE ID : CAN-2005-0159
Sean Finney discovered several insecure temporary file uses in toolchain-source, the GNU binutils and GCC source code and scripts. These bugs can lead a local attacker with minimal knowledge to trick the admin into overwriting arbitrary files via a symlink attack. The problems exist inside the Debian-specific tpkg-* scripts.
For the stable distribution (woody) these problems have been fixed in version 3.0.4-1woody1.
For the unstable distribution (sid) these problems have been fixed in version 3.4-5.
We recommend that you upgrade your toolchain-source package.
New netkit-rwho packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 678-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 11th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : netkit-rwho
Vulnerability : missing input validation
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1180
"Vlad902" discovered a vulnerability in the rwhod program that can be used to crash the listening process. The broadcasting one is unaffected. This vulnerability only affects little endian architectures (i.e. on Debian: alpha, arm, alpha, ia64, i386, mipsel and s390).
For the stable distribution (woody) this problem has been fixed in version 0.17-4woody2.
For the unstable distribution (sid) this problem has been fixed in version 0.17-8.
We recommend that you upgrade your rwhod package.
SysCP 1.2.7 has been released
New sympa packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 677-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 11th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : sympa
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0073
Erik Sjölund discovered that a support script of sympa, a mailing list manager, is running setuid sympa and vulnerable to a buffer overflow. This could potentially lead to the execution of arbitrary code under the sympa user id.
For the stable distribution (woody) this problem has been fixed in version 3.3.3-3woody2.
For the unstable distribution (sid) this problem will be fixed soon.
New xpcd packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 676-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 11th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : xpcd
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0074
Erik Sjölund discovered a buffer overflow in pcdsvgaview, an SVGA PhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display graphics on the Linux console for which root permissions are required. A malicious user could overflow a fixed-size buffer and may cause the program to execute arbitrary code with elevated privileges.
For the stable distribution (woody) this problem has been fixed in version 2.08-8woody3.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your xpcd-svga package immediately.
Another mailman update is available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 674-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 11th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : mailman
Vulnerability : cross-site scripting, directory traversal
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1177 CAN-2005-0202
Due to an error the last mailman update was slightly broken and had to be corrected. This advisory only updates the packages updated with DSA 674-1. For completeness below is the original advisory text:
Two security related problems have been discovered in mailman, web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems:
CAN-2004-1177
Florian Weimer discovered a cross-site scripting vulnerability in mailman's automatically generated error messages. An attacker could craft an URL containing JavaScript (or other content embedded into HTML) which triggered a mailman error page that would include the malicious code verbatim.
CAN-2005-0202
Several listmasters have noticed unauthorised access to archives of private lists and the list configuration itself, including the users passwords. Administrators are advised to check the webserver logfiles for requests that contain "/...../" and the path to the archives or cofiguration. This does only seem to affect installations running on web servers that do not strip slashes, such as Apache 1.3.
For the stable distribution (woody) these problems have been fixed in version 2.0.11-1woody10.
For the unstable distribution (sid) these problems have been fixed in version 2.1.5-6.
We recommend that you upgrade your mailman package.
New hztty packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 675-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 10th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : hztty
Vulnerability : privilege escalation
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0019
Erik Sjölund discovered that hztty, a converter for GB, Big5 and zW/HZ Chinese encodings in a tty session, can be triggered to execute arbitrary commands with group utmp privileges.
For the stable distribution (woody) this problem has been fixed in version 2.0-5.2woody2.
For the unstable distribution (sid) this problem has been fixed in version 2.0-6.1.
We recommend that you upgrade your hztty package.
New mailman packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 674-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 10th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : mailman
Vulnerability : cross-site scripting, directory traversal
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1177 CAN-2005-0202
Two security related problems have been discovered in mailman, web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems:
CAN-2004-1177
Florian Weimer discovered a cross-site scripting vulnerability in mailman's automatically generated error messages. An attacker could craft an URL containing JavaScript (or other content embedded into HTML) which triggered a mailman error page that would include the malicious code verbatim.
CAN-2005-0202
Several listmasters have noticed unauthorised access to archives of private lists and the list configuration itself, including the users passwords. Administrators are advised to check the webserver logfiles for requests that contain "/...../" and the path to the archives or cofiguration. This does only seem to affect installations running on web servers that do not strip slashes, such as Apache 1.3.
For the stable distribution (woody) these problems have been fixed in version 2.0.11-1woody9.
For the unstable distribution (sid) these problems have been fixed in version 2.1.5-6.
We recommend that you upgrade your mailman package.
New evolution packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 673-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 10th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : evolution
Vulnerability : integer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0102
BugTraq ID : 12354
Max Vozeler discovered an integer overflow in a helper application inside of Evolution, a free grouware suite. A local attacker could cause the setuid root helper to execute arbitrary code with elevated privileges.
For the stable distribution (woody) this problem has been fixed in version 1.0.5-1woody2.
For the unstable distribution (sid) this problem has been fixed in version 2.0.3-1.2.
We recommend that you upgrade your evolution package.
New xview packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 672-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 9th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : xview
Vulnerability : buffer overflows
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0076
Erik Sjölund discovered that programs linked against xview are vulnerable to a number of buffer overflows in the XView library. When the overflow is triggered in a program which is installed setuid root a malicious user could perhaps execute arbitrary code as privileged user.
For the stable distribution (woody) these problems have been fixed in version 3.2p1.4-16woody2.
For the unstable distribution (sid) these problems have been fixed in version 3.2p1.4-19.
We recommend that you upgrade your xview packages.
New xemacs21 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 671-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 8th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : xemacs21
Vulnerability : format string
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0100
Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail.
For the stable distribution (woody) these problems have been fixed in version 21.4.6-8woody2.
For the unstable distribution (sid) these problems have been fixed in version 21.4.16-2.
We recommend that you upgrade your emacs packages.
New emacs20 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 670-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 8th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : emacs20
Vulnerability : format string
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0100
Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail.
For the stable distribution (woody) these problems have been fixed in version 20.7-13.3.
The unstable distribution (sid) does not contain an Emacs20 package anymore.
We recommend that you upgrade your emacs packages.
New php3 packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 669-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 7th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : php3
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE IDs : CAN-2004-0594 CAN-2004-0595
Two vulnerabilities have been discovered in php4 which also apply to the version of php3 in the stable Debian distribution. The Common Vulnerabilities and Exposures project identifies the following problems:
CAN-2004-0594
The memory_limit functionality allows remote attackers to execute arbitrary code under certain circumstances.
CAN-2004-0595
The strip_tags function does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by some web browsers which could lead to cross-site scripting (XSS) vulnerabilities.
For the stable distribution (woody) these problems have been fixed in version 3.0.18-23.1woody2.
For the unstable distribution (sid) these problems have been fixed in version 3.0.18-27.
We recommend that you upgrade your php3 packages.
---------------------------------------------------------------------------
Debian Security Advisory DSA 667-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 4th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : postgresql
Vulnerability : privilege escalation
Problem-Type : local
Debian-specific: no
Debian Bug : 293125
John Heasman and others discovered a bug in the PostgreSQL engine which would allow any user load an arbitrary local library into it.
For the stable distribution (woody) this problem has been fixed in version 7.2.1-2woody7.
For the unstable distribution (sid) this problem has been fixed in version 7.4.7-1.
We recommend that you upgrade your postgresql packages.
---------------------------------------------------------------------------
Debian Security Advisory DSA 667-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 4th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : squid
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE IDs : CAN-2005-0173 CAN-2005-0175 CAN-2005-0194 CAN-2005-0211
Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2005-0173
LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access controls or confusing accounting.
CAN-2005-0175
Cache pollution/poisening via HTTP response splitting has been discovered.
CAN-2005-0194
The meaning of the access controls becomes somewhat confusing if any of the referenced ACLs (access control lists) is declared empty, without any members.
CAN-2005-0211
The length argument of the WCCP recvfrom() call is larger than it should be. An attacker may send a larger than normal WCCP packet that could overflow a buffer.
For the stable distribution (woody) these problems have been fixed in version 2.4.6-2woody6.
For the unstable distribution (sid) these problems have been fixed in version 2.5.7-7.
We recommend that you upgrade your squid package.
---------------------------------------------------------------------------
Debian Security Advisory DSA 666-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 4th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : python2.2
Vulnerability : design flaw
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0089
The Python development team has discovered a flaw in their language packge. The SimpleXMLRPCServer library module could permit remote attackers unintended access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method. Servers using only register_function() are not affected.
For the stable distribution (woody) this problem has been fixed in version 2.2.1-4.7. No other version of Python in woody is affected.
For the testing (sarge) and unstable (sid) distributions the following matrix explains which version will contain the correction in which version:
testing unstable
Python 2.2 2.2.3-14 2.2.3-14
Python 2.3 2.3.4-20 2.3.4+2.3.5c1-2
Python 2.4 2.4-5 2.4-5
We recommend that you upgrade your Python packages.
New cpio packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 664-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 2nd, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : cpio
Vulnerability : broken file permissions
Problem-Type : local
Debian-specific: no
CVE ID : CAN-1999-1572
It has been discovered, that cpio, a program to manage archives of files, creates output files with -O and -F with broken permissions due to a reset zero umask which allows local users to read or overwrite those files.
For the stable distribution (woody) this problem has been fixed in version 2.4.2-39woody1
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your cpio package.
New prozilla packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 663-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 1st, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : prozilla
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1120
BugTraq ID : 11734
Several buffer overflows have been discovered in prozilla, a multi-threaded download accelerator which could be exploited by a remote attacker to execute arbitrary code on the victim's machine. An exploit for prozilla is already in the wild.
For the stable distribution (woody) these problems have been fixed in version 1.3.6-3woody1.
For the unstable distribution (sid) these problems have been fixed in version 1.3.7.3-1
We recommend that you upgrade your prozilla package.
A new squirrelmail package is available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 662-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 1st, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : squirrelmail
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0104 CAN-2005-0152
Debian Bug : 292714
Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems:
CAN-2005-0104
Upstream developers noticed that an unsanitised variable could lead to cross site scripting.
CAN-2005-0152
Grant Hollingworth discovered that under certain circumstances URL manipulation could lead to the execution of arbitrary code with the privileges of www-data. This problem only exists in version 1.2.6 of Squirrelmail.
For the stable distribution (woody) these problems have been fixed in version 1.2.6-2.
For the unstable distribution (sid) the problem that affects unstable has been fixed in version 1.4.4-1.
We recommend that you upgrade your squirrelmail package.
New f2c packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 661-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 27th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : f2c
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0017 CAN-2005-0018
Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that f2c and fc, which are both part of the f2c package, a fortran 77 to C/C++ translator, open temporary files insecurely and are hence vulnerable to a symlink attack. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CAN-2005-0017
Multiple insecure temporary files in the f2c translator.
CAN-2005-0018
Two insecure temporary files in the f2 shell script.
For the stable distribution (woody) these problems have been fixed in version 20010821-3.1
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your f2c package.
