The following Debian updates has been released:
[DLA 234-1] ipsec-tools security update
[DLA 235-1] ruby1.9.1 security update
[DSA 3269-2] postgresql-9.1 regression update
[DSA 3275-1] fusionforge security update
[DLA 234-1] ipsec-tools security update
[DLA 235-1] ruby1.9.1 security update
[DSA 3269-2] postgresql-9.1 regression update
[DSA 3275-1] fusionforge security update
[DLA 234-1] ipsec-tools security update
Package : ipsec-tools
Version : 1:0.7.3-12+deb6u1
CVE ID : CVE-2015-4047
Debian Bug : 785778
Javantea discovered a NULL pointer dereference flaw in racoon, the
Internet Key Exchange daemon of ipsec-tools. A remote attacker can use
this flaw to cause the IKE daemon to crash via specially crafted UDP
packets, resulting in a denial of service.
[DLA 235-1] ruby1.9.1 security update
Package : ruby1.9.1
Version : 1.9.2.0-2+deb6u4
CVE ID : CVE-2011-0188 CVE-2011-2705 CVE-2012-4522 CVE-2013-0256
CVE-2013-2065 CVE-2015-1855
CVE-2011-0188
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in
Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7
and other platforms, does not properly allocate memory, which allows
context-dependent attackers to execute arbitrary code or cause a
denial of service (application crash) via vectors involving creation
of a large BigDecimal value within a 64-bit process, related to an
"integer truncation issue."
CVE-2011-2705
use upstream SVN r32050 to modify PRNG state to prevent random number
sequence repeatation at forked child process which has same pid.
Reported by Eric Wong.
CVE-2012-4522
The rb_get_path_check function in file.c in Ruby 1.9.3 before
patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent
attackers to create files in unexpected locations or with unexpected
names via a NUL byte in a file path.
CVE-2013-0256
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before
4.0.0.preview2.1, as used in Ruby, does not properly generate
documents, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via a crafted URL.
CVE-2013-2065
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426,
and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for
native functions, which allows context-dependent attackers to bypass
intended $SAFE level restrictions.
CVE-2015-1855
OpenSSL extension hostname matching implementation violates RFC 6125
[DSA 3269-2] postgresql-9.1 regression update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3269-2 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
May 31, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : postgresql-9.1
Debian Bug : 786874
The update for postgresql-9.1 in DSA-3269-1 introduced a regression
which can causes PostgreSQL to refuse to restart after an unexpected
shutdown or when restoring from a binary backup. Updated packages are
now available to address this regression. Please refer to the upstream
Bug FAQ for additional information:
https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug
For reference, the original advisory text follows.
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL
database system.
CVE-2015-3165 (Remote crash)
SSL clients disconnecting just before the authentication timeout
expires can cause the server to crash.
CVE-2015-3166 (Information exposure)
The replacement implementation of snprintf() failed to check for
errors reported by the underlying system library calls; the main
case that might be missed is out-of-memory situations. In the worst
case this might lead to information exposure
CVE-2015-3167 (Possible side-channel key exposure)
In contrib/pgcrypto, some cases of decryption with an incorrect key
could report other error message texts. Fix by using a
one-size-fits-all message.
For the oldstable distribution (wheezy), this problem has been fixed
in version 9.1.16-0+deb7u2.
We recommend that you upgrade your postgresql-9.1 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[DSA 3275-1] fusionforge security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3275-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : fusionforge
CVE ID : CVE-2015-0850
Ansgar Burchardt discovered that the Git plugin for FusionForge, a
web-based project-management and collaboration software, does not
sufficiently validate user provided input as parameter to the method to
create secondary Git repositories. A remote attacker can use this flaw
to execute arbitrary code as root via a specially crafted URL.
For the stable distribution (jessie), this problem has been fixed in
version 5.3.2+20141104-3+deb8u1.
For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your fusionforge packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
