A new security update for Debian GNU/Linux has been released

DSA-223-1 geneweb -- information exposure

A security issue has been discovered by Daniel de Rauglaudre, upstream author of geneweb, a genealogical software with web interface. It runs as a daemon on port 2317 by default. Paths are not properly sanitized, so a carefully crafted URL lead geneweb to read and display arbitrary files of the system it runs on.

For the current stable distribution (woody) this problem has been fixed in version 4.06-2.

The old stable distribution (potato) is not affected.

For the unstable distribution (sid) this problem has been fixed in version 4.09-1.

Download

A new security update for Debian GNU/Linux has been released

DSA-222-1 xpdf -- integer overflow

iDEFENSE discovered an integer overflow in the pdftops filter from the xpdf package that can be exploited to gain the privileges of the target user. This can lead to gaining privileged access to the 'lp' user if the pdftops program is part of the print filter.

For the current stable distribution (woody) this problem has been fixed in version 1.00-3.1.

For the old stable distribution (potato) this problem has been fixed in version 0.90-8.1.

For the unstable distribution (sid) this problem has been fixed in version 2.01-2.

Read more

An updated pine package is now available for Red Hat Linux 6.2 - 8.0

A new security update for Debian GNU/Linux is available

DSA-221-1 mhonarc -- cross site scripting

Earl Hood, author of mhonarc, a mail to HTML converter, discovered a cross site scripting vulnerability in this package. A specially crafted HTML mail message can introduce foreign scripting content in archives, by-passing MHonArc's HTML script filtering.

For the current stable distribution (woody) this problem has been fixed in version 2.5.2-1.3.

For the old stable distribution (potato) this problem has been fixed in version 2.4.4-1.3.

For the unstable distribution (sid) this problem has been fixed in version 2.5.14-1.

Read more

SuSE AG has released 3 security updates for SuSE Linux:

fetchmail: remote compromise
cups: local and remote privilege escalation
mysql: remote command execution

A new squirrelmail security update for Debian GNU/Linux has been released

Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and RFC1541 compliant DHCP client daemon, that runs with root privileges on client machines. A malicious administrator of the regular or an untrusted DHCP server may execute any command with root privileges on the DHCP client machine by sending the command enclosed in shell metacharacters in one of the options provided by the DHCP server.

This problem has been fixed in version 1.3.17pl2-8.1 for the old stable distribution (potato) and in version 1.3.22pl2-2 for the testing (sarge) and unstable (sid) distributions. The current stable distribution (woody) does not contain a dhcpcd package.

Read more

Red Hat has released updated sendmail packages for Red Hat Linux 6.2 - 8.0, which fix a security issue in Sendmail

A security for bugzilla under Debian GNU/Linux has been released

A new security update for Debian GNU/Linux has been released:

DSA-217-1 typespeed -- buffer overflow
A problem has been discovered in the typespeed, a game that lets you measure your typematic speed. By overflowing a buffer a local attacker could execute arbitrary commands under the group id games.

For the current stable distribution (woody) this problem has been fixed in version 0.4.1-2.1.

For the old stable distribution (potato) this problem has been fixed in version 0.4.0-5.1.

For the unstable distribution (sid) this problem has been fixed in version 0.4.2-2.

We recommend that you upgrade your typespeed package.

Download

Fetchmail/cyrus-imapd updates for Debian GNU/Linux has been released

Fetchmail

Stefan Esser of e-matters discovered a buffer overflow in fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When fetchmail retrieves a mail all headers that contain addresses are searched for local addresses. If a hostname is missing, fetchmail appends it but doesn't reserve enough space for it. This heap overflow can be used by remote attackers to crash it or to execute arbitrary code with the privileges of the user running fetchmail.

Read more

cyrus-imapd

Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server.

Read more

A new security update for Debian GNU/Linux is available:

DSA-214-1 kdnetwork -- buffer overflows

Olaf Kirch from SuSE Linux AG discovered another vulnerability in the klisa package, that provides a LAN information service similar to "Network Neighbourhood". The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well as any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In addition, a remote attacker potentially may be able to gain access to a victim's account by using an "rlan://" URL in an HTML page or via another KDE application.

This problem has been fixed in version 2.2.2-14.5 for the current stable distribution (woody) and in version 2.2.2-14.20 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn't contain a kdenetwork package.

Download

Red Hat has released an updated Net-SNMP package for Red Hat Linux 8.0

Ensim has released a security update for Ensim WEBpplance 3.1.1

MandrakeSoft has released two security updates for Mandrake Linux:

Apache

A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache.

All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied.

Read more

MySQL

Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '

Read more

A libpng security update for Debian GNU/Linux has been released

A MySQL security update is available for Debian GNU/Linux

Red Hat has released updated Fetchmail packages for Red Hat Linux 6.2 - 8.0

SECURITY HOLES DISCOVERED in the MySQL open source database and client software could allow an attacker to launch a denial of service attack against machines running affected MySQL components or gain administrative access to the database server, according to an alert posted by German security company e-matters GmbH.

Read more

Debian.org has released 4 new security updates for Debian GNU/Linux

DSA-211 micq - denial of service
DSA-210 lynx - CRLF injection
DSA-209 wget - directory traversal
DSA-208 perl - broken safe compartment