[SECURITY] [DSA 4538-1] wpa security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4538-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez September 29, 2019https://www.debian.org/security/faq - - Package: wpa CVE ID : CVE-2019-13377 CVE-2019-16275 Debian Bug : 934180 940080 Two vulnerabilities were found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point). CVE-2019-13377 A timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves could be used by an attacker to retrieve the password. CVE-2019-16275 Insufficient source address validation for some received Management frames in hostapd could lead to a denial of service for stations associated to an access point. An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network. For the oldstable distribution (stretch), these problems have been fixed in version $stretch_VERSION. For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u1. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl2QuGQACgkQ3rYcyPpX RFtKAAf9Fv7lhUQD2TC7HjEavULALsOuku5mFLQTUygj1IwsTjWkhC4cGFNgrOho xWqxSE1YP4LdtSLAo9btfSXPYPHhdlNthxHSu4HSkSasoXgFgrF0xQSxhRHABdMZ MVH3+xpMKrwMk1UEIxtcYXpesN8N9+3wVv7I1tk3L+yL25EBxHHijt1SXpeBF6dw ps7q5HaAxpwC9S2PtILvwsEs0ocHupbMTsJtkr0bsvOvg+gx40yQDZLQxZyR+xQZ HZmMbH87ElCG9JuXlCSGdmdLIEH08i7Yy9JKTpPHg20jAo/KsOIygRF2B0rTmn9O JdR8hkAiqGQ2lZiAcSJZio7ojLD5MQ== =Agz+ -END PGP SIGNATURE-
[SECURITY] [DSA 4450-1] wpa security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4450-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez May 24, 2019 https://www.debian.org/security/faq - - Package: wpa CVE ID : CVE-2019-11555 Debian Bug : 927463 A vulnerability was found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point). The EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) doesn't properly validate fragmentation reassembly state when receiving an unexpected fragment. This could lead to a process crash due to a NULL pointer derefrence. An attacker in radio range of a station or access point with EAP-pwd support could cause a crash of the relevant process (wpa_supplicant or hostapd), ensuring a denial of service. For the stable distribution (stretch), this problem has been fixed in version 2:2.4-1+deb9u4. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlzn/TEACgkQ3rYcyPpX RFspSAf/YMVZvCbELRqK4sZ42zqtP5UCpTx2usFHGakULukrdYOv4Jh9uHjME/VX WAzY9sNIBGIlTpCW/P3qnIbwQaZLcVlZ9fF4JrepuArBC+Cr8Q3sYmUVoiPUTvTv Sm9nj0M3A9yDukRSw8gPWPSjk8z1r4J2LMnCwyxNxug3Iqphr7CMdhTvOzowaEk6 hP18tVx4MHhemzag5zKCo7pLCuVxWyJYL9ndEpFuSl1si7EDUIeWkX9gWeLouIAN zfExE2zUwfgdAzPdH3k4JvYABn7azTp1NgMSlzTTtT9r4yUkg80ilHi5mpeV0oLj 5G4VKNeNRoBOPjNOmOIa1tq6C2rS7g== =hAb9 -END PGP SIGNATURE-
[SECURITY] [DSA 4430-1] wpa security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4430-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez April 10, 2019https://www.debian.org/security/faq - - Package: wpa CVE ID : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 Debian Bug : 926801 Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found multiple vulnerabilities in the WPA implementation found in wpa_supplication (station) and hostapd (access point). These vulnerability are also collectively known as "Dragonblood". CVE-2019-9495 Cache-based side-channel attack against the EAP-pwd implementation: an attacker able to run unprivileged code on the target machine (including for example javascript code in a browser on a smartphone) during the handshake could deduce enough information to discover the password in a dictionary attack. CVE-2019-9497 Reflection attack against EAP-pwd server implementation: a lack of validation of received scalar and elements value in the EAP-pwd-Commit messages could result in attacks that would be able to complete EAP-pwd authentication exchange without the attacker having to know the password. This does not result in the attacker being able to derive the session key, complete the following key exchange and access the network. CVE-2019-9498 EAP-pwd server missing commit validation for scalar/element: hostapd doesn't validate values received in the EAP-pwd-Commit message, so an attacker could use a specially crafted commit message to manipulate the exchange in order for hostapd to derive a session key from a limited set of possible values. This could result in an attacker being able to complete authentication and gain access to the network. CVE-2019-9499 EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant doesn't validate values received in the EAP-pwd-Commit message, so an attacker could use a specially crafted commit message to manipulate the exchange in order for wpa_supplicant to derive a session key from a limited set of possible values. This could result in an attacker being able to complete authentication and operate as a rogue AP. Note that the Dragonblood moniker also applies to CVE-2019-9494 and CVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not enabled in Debian stretch builds of wpa, which is thus not vulnerable by default. Due to the complexity of the backporting process, the fix for these vulnerabilities are partial. Users are advised to use strong passwords to prevent dictionary attacks or use a 2.7-based version from stretch-backports (version above 2:2.7+git20190128+0c1e29f-4). For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u3. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlyu2lQACgkQ3rYcyPpX RFtamggAlq8telLPhKzD1+Ns+Pci+Y+WkOAmUpn4XQ0TOmG18sDU1iS2xNHF+buA lXVKLp7zgE4VFJsclHAJXtp8anyo7YU99NzUcSF6vboRm3msifL4eE3S7IS9fAaH 0WWCHwlHMf9IGHqBn9mkwiYySwlId8ps3lvoVV2EOB4wJqa4Y6d4YrqPyFzWop56 jKTlTcJqvQBUFo/y9In/sx8QgONhNwnNAKcrBfiVwn8QHuMRA4c4UJz+NN38ctyt djA/zqT/uXwWhr8Mfl7J+rfdsC5TFPl45qr/gbmB7GRlU2la0dGJv/l0afbINrrG NoAgpOeMrwijIdDJ9vG6O3YVV6bIkg== =OkO5 -END PGP SIGNATURE-
[SECURITY] [DSA 4387-2] openssh security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4387-2 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez March 02, 2019https://www.debian.org/security/faq - - Package: openssh CVE ID : CVE-2019-6111 Debian Bug : 923486 It was found that a security update (DSA-4387-1) of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol. For the stable distribution (stretch), this problem has been fixed in version 1:7.4p1-10+deb9u6. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlx6gTYACgkQ3rYcyPpX RFvzzggAhGG3BeLCP8rhn4LRHh7yHURoWFGJEy0AKKNE0s158TXnsIaEcAysHTnE V4U7dDYailQym2Q9E6Unehi83hxLdoIX9z4D8yhauIxSNGGgXq9mEC0SOQ/3rKbY SMNPd9gNwy5hTQq7OhSCmF0hD2+HHjCLtI++0YuzeDO2/8I6aNfq/VSeH7a5hcnO 4ELbxuFWSvglZX93ygcQ126wpm9nGRzxNhGHVeBPXKzWVoq5jqC/lImv97zMale3 7t1fu+FQegNFvHNSPy2c8O0hJrEsOauaa/nvshtozwaNLaXIIU0bJBwGmusnDaaH EhYvPok/CcxM1D9JivaJ63Jev0UKYw== =kbp6 -END PGP SIGNATURE-
[SECURITY] [DSA 4387-1] openssh security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4387-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez February 09, 2019 https://www.debian.org/security/faq - - Package: openssh CVE ID : CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 Debian Bug : 793412 919101 Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol. CVE-2018-20685 Due to improper directory name validation, the scp client allows servers to modify permissions of the target directory by using empty or dot directory name. CVE-2019-6109 Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred. CVE-2019-6111 Due to scp client insufficient input validation in path names sent by server, a malicious server can do arbitrary file overwrites in target directory. If the recursive (-r) option is provided, the server can also manipulate subdirectories as well. . The check added in this version can lead to regression if the client and the server have differences in wildcard expansion rules. If the server is trusted for that purpose, the check can be disabled with a new -T option to the scp client. For the stable distribution (stretch), these problems have been fixed in version 1:7.4p1-10+deb9u5. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxe0w0ACgkQ3rYcyPpX RFs85AgA0GrSHO4Qf5FVsE3oXa+nMkZ4U6pbOA9dHotX54DEyNuIJrOsOv01cFxQ t2Z6uDkZptmHZT4uSWg2xIgMvpkGo9906ziZfHc0LTuHl8j++7cCDIDGZBm/iZaX ueQfl85gHDpte41JvUtpSBAwk1Bic7ltLUPDIGEiq6nQboxHIzsU7ULVb1l0wNxF sEFDPWGBS01HTa+QWgQaG/wbEhMRDcVz1Ck7dqpT2soQRohDWxU01j14q1EKe9O9 GHiWECvFSHBkkI/v8lNfSWnOWYa/+Aknri0CpjPc/bqh2Yx9rgp/Q5+FJ/FxJjmC bHFd+tbxB1LxEO96zKguYpPIzw7Kcw== =5Fd8 -END PGP SIGNATURE-
[SECURITY] [DSA 4373-1] coturn security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4373-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez January 28, 2019 https://www.debian.org/security/faq - - Package: coturn CVE ID : CVE-2018-4056 CVE-2018-4058 CVE-2018-4059 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not possible to easily filter outside access and this security update completely disable the web interface. Users should use the local, command line interface instead. CVE-2018-4058 Default configuration enables unsafe loopback forwarding. A remote attacker with access to the TURN interface can use this vulnerability to gain access to services that should be local only. CVE-2018-4059 Default configuration uses an empty password for the local command line administration interface. An attacker with access to the local console (either a local attacker or a remote attacker taking advantage of CVE-2018-4058) could escalade privileges to administrator of the coTURN server. For the stable distribution (stretch), these problems have been fixed in version 4.5.0.5-1+deb9u1. We recommend that you upgrade your coturn packages. For the detailed security status of coturn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/coturn Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxOsDoACgkQ3rYcyPpX RFtMMggAwiUy/jxys1Zk6WRtk34AYckq0KxS/v0UK46X1mjIXJ3E1/HhwG0cz3tF /kVY7328a/rRO5frjWnCt2aHzieYWRA1HuxMBgialHvm45J0HTVxT6eGvzOAQNay evp3ibDXPQuBieYITkUwYevU/Piqf8FQ3ntmY0z8CK0gDFwICA5Z6LZ+/2mX/QNq 0lrOLWE6sk6hxdSRMTsShM9Ec4QOblVqDD6g4+G3RBSozy9BzpaoPrsKut/ipg4m 8tkrxLB0N1OrOim1cbuV7QK1P+yHxpWY0btYTInHZrNPuELoCjbdOXu4AC6zxuWK 5HEkYgq/fzboD9Q3fyiokZq7jOBxmA== =JvPB -END PGP SIGNATURE-
[SECURITY] [DSA 4371-1] apt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4371-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez January 22, 2019 https://www.debian.org/security/faq - - Package: apt CVE ID : CVE-2019-3462 Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesn't properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicous content in the HTTP connection. This content could then be recognized as a valid package by APT and used later for code execution with root privileges on the target machine. Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using: apt -o Acquire::http::AllowRedirect=false update apt -o Acquire::http::AllowRedirect=false upgrade This is known to break some proxies when used against security.debian.org. If that happens, people can switch their security APT source to use: deb http://cdn-fastly.deb.debian.org/debian-security stable/updates main For the stable distribution (stretch), this problem has been fixed in version 1.4.9. We recommend that you upgrade your apt packages. Specific upgrade instructions: If upgrading using APT without redirect is not possible in your situation, you can manually download the files (using wget/curl) for your architecture using the URL provided below, verifying that the hashes match. Then you can install them using dpkg -i. Source archives: http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9.dsc Size/SHA256 checksum: 2549 986d98b00caac809341f65acb3d14321d645ce8e87e411c26c66bf149a10dfea http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9.tar.xz Size/SHA256 checksum: 2079572 d4d65e7c84da86f3e6dcc933bba46a08db429c9d933b667c864f5c0e880bac0d Architecture independent files: http://security.debian.org/pool/updates/main/a/apt/apt-doc_1.4.9_all.deb Size/SHA256 checksum: 365094 8880640591f64ab7b798f0421d18cba618512ca61ed7c44f6140423551d5 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_1.4.9_all.deb Size/SHA256 checksum: 1004234 42f4c5945c4c471c3985db1cec7adcac516cc21a497a438f3ea0a2bfa7ffe036 amd64 architecture: http://security.debian.org/pool/updates/main/a/apt/apt-dbgsym_1.4.9_amd64.deb Size/SHA256 checksum: 4450936 1da507155c7b1ad140739c62fdacceaf5b5ee3765b1a00c3a3527d9d82a8d533 http://security.debian.org/pool/updates/main/a/apt/apt-transport-https-dbgsym_1.4.9_amd64.deb Size/SHA256 checksum: 292612 59f3e1c91664fe3b47048794560ebe9c41f1eeccbdd95f7715282f8cbe449060 http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_amd64.deb Size/SHA256 checksum: 170820 c8c4366d1912ff8223615891397a78b44f313b0a2f15a970a82abe48460490cb http://security.debian.org/pool/updates/main/a/apt/apt-utils-dbgsym_1.4.9_amd64.deb Size/SHA256 checksum: 1289344 e3e157c291b05b2899a545331c7597ab36ca04e02cd9010562b9985b76af60db http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_amd64.deb Size/SHA256 checksum: 409958 fb227d1c4615197a6263e7312851ac3601d946221cfd85f20427a15ab9658d15 http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_amd64.deb Size/SHA256 checksum: 1231594 dddf4ff686845b82c6c778a70f1f607d0bb9f8aa43f2fb7983db4ff1a55f5fae http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0-dbgsym_1.4.9_amd64.deb Size/SHA256 checksum: 221646 0e66db1f74827f06c55ac36cc961e932cd0a9a6efab91b7d1159658bab5f533e http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_amd64.deb Size/SHA256 checksum: 192382 a099c57d20b3e55d224433b7a1ee972f6fdb79911322882d6e6f6a383862a57d http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_amd64.deb Size/SHA256 checksum: 235220 cfb0a03ecd22aba066d97e75d4d00d791c7a3aceb2e5ec4fbee7176389717404 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0-dbgsym_1.4.9_amd64.deb Size/SHA256 checksum: 6076102 cdb03ddd57934e773a579a89f32f11567710a39d6ac289e73efb20e8825874d1 http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_amd64.deb Size/SHA256 checksum: 916448 03281e3d1382826d5989c12c77a9b27f5f752b0f6aa28b524a2df193f7296e0b arm64 architecture: http://security.debian.org/pool/updates/main/a/apt/apt-dbgsym_1.4.9_arm64.deb Size/SHA256 checksum: 4420208 c20e28d760cf99005ef16851f3f0c25b576ceaf6e6658a233066800a98c00025 http://security.debian.org/pool
[SECURITY] [DSA 4309-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4309-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez October 01, 2018 https://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2018-17540 Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1). An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resulting in a crash of the daemon. While arbitrary code execution is not completely ruled out because of the heap buffer overflow, due to the form of the data written to the buffer it seems difficult to actually exploit it in such a way. For the stable distribution (stretch), this problem has been fixed in version 5.5.1-4+deb9u4. We recommend that you upgrade your strongswan packages. For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAluzH80ACgkQ3rYcyPpX RFvI5wf8DILbxELj4t7YjgZyT0pKzqSm2fDVO/Xjl6hj0Fnf6XidEvNx764NFoCo x6MBILJohIAbzZo/3sT41vAuKKMfiasuUY0KSz4hHgRlwLqiNBOOTuKrR1PhrtmS BKJg9PRfi0a+dwb2J0+UkKcaZQYMItqEBCjsZkF46lBFSx+dgs6spbSy3MmiY0ve szxg/JyRLS6WLE87R8AUrBskPwcYu3jhjg53E02VnpKB+UXXb6NWC9D2zlpWRilx 9RQPofwjWNYoM7pM1QITPuUeFR5ia+7X7BA9SL7McMV6BWGimVCDEMZshTpqRTME dOx9vpXrO5JZwMFk2hkxhFoA6ewo2g== =L68k -END PGP SIGNATURE-
[SECURITY] [DSA 4305-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4305-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez September 24, 2018https://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2018-16151 CVE-2018-16152 Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and during IKE authentication. While the gmp plugin doesn't allow arbitrary data after the ASN.1 structure (the original Bleichenbacher attack), the ASN.1 parser is not strict enough and allows data in specific fields inside the ASN.1 structure. Only installations using the gmp plugin are affected (on Debian OpenSSL plugin has priority over GMP one for RSA operations), and only when using keys and certificates (including ones from CAs) using keys with an exponent e = 3, which is usually rare in practice. CVE-2018-16151 The OID parser in the ASN.1 code in gmp allows any number of random bytes after a valid OID. CVE-2018-16152 The algorithmIdentifier parser in the ASN.1 code in gmp doesn't enforce a NULL value for the optional parameter which is not used with any PKCS#1 algorithm. For the stable distribution (stretch), these problems have been fixed in version 5.5.1-4+deb9u3. We recommend that you upgrade your strongswan packages. For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAluo4U0ACgkQ3rYcyPpX RFv1HQf9Fn8JyDrflvxIsTb0vkgyTPMn6d1QKsO58I00HNh+AWL3RvK1k7uFCHgr C+pZDxbE5LdEypZ8hHdhxRH1hrnWlYCZjLrm8RojuPo7E6N9w9AnXdztSpqHR3G/ PFm/u4FC+l/Qh9imKZoUjGGItDOT5WGvKNeS+cZNIVmz1uoOwdJuEaDSBlv4pSeh tDi3GtXdLjPzLk/sw0o732zpyPd9RCQqABryamK6dco4EI9BmFHwwhaepXV0pH7W JEk7Cqow1XYUnPAZg1CqHE/vYdWu2SCEBetvAyhchTp+ZmG1icHy6zQA48pOQ7VP 8ezE8lP9+j/2ZGmORCsyyua5FYaLbA== =4jkg -END PGP SIGNATURE-
[SECURITY] [DSA 4299-1] texlive-bin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4299-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez September 21, 2018https://www.debian.org/security/faq - - Package: texlive-bin CVE: not yet available Nick Roessler from the University of Pennsylvania has found a buffer overflow in texlive-bin, the executables for TexLive, the popular distribution of TeX document production system. This buffer overflow can be used for arbitrary code execution by crafting a special type1 font (.pfb) and provide it to users running pdf(la)tex, dvips or luatex in a way that the font is loaded. For the stable distribution (stretch), this problem has been fixed in version 2016.20160513.41080.dfsg-2+deb9u1. We recommend that you upgrade your texlive-bin packages. For the detailed security status of texlive-bin please refer to its security tracker page at: https://security-tracker.debian.org/tracker/texlive-bin Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAluk64kACgkQ3rYcyPpX RFtpsAf+MmGxNM/qTfNTuIKqdIN6CIZ5MVao9QT8rR/O3gMJFlohigKMLNNBcAgF 6mHjZ/MicWmDttkSM8Vf664UFayqHlvtCqD5syVm0ddBpJ6qvmx0rId3Ni0m3Y4N z5JfbcNqhFVu91H9+hs+CMa2r5U9LgRxmOA1K+SfX7rKm4oUZ2BJXNLh4kvt4zEm u0bzGl00mFhbB7N0EDJqvx3bxtsU269cwwpR6nMFjwBPOtgo1spKhaMIIKoRDeJX ppIHrZhsiYG+OVKKVFrBkgIcABltVXH+7bmR/+OA0gJ7ebX8VE62LBXEsgoglhbv idDtwMdhynNUy4NAtdJFHQVPzLphUg== =vc7q -END PGP SIGNATURE-
[SECURITY] [DSA 4291-1] mgetty security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4291-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez September 11, 2018https://www.debian.org/security/faq - - Package: mgetty CVE ID : CVE-2018-16741 Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user. For the stable distribution (stretch), this problem has been fixed in version 1.1.36-3+deb9u1. We recommend that you upgrade your mgetty packages. For the detailed security status of mgetty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mgetty Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAluYHA0ACgkQ3rYcyPpX RFsyTQf/Q45bXa/UwHC3bEaDlSEdEqkK2IlT0LUFnbd6wNllIf+Ja9pEsJRYK1u2 fUiBr1qalQUSC77Ayzb6cAIH8aAzSumkwdoeBzIAJhSjMTHIyaO6q27QSd/VBXmO Ul5zZbzS03BIGQdj5uyG7/OWjXerfqzdXM5peFfOeofkRCVxMrCgWtXiVz/NtA9p 9+dMVuZmCl/DN76Fl658RU3Dnp2Bzv7Via3pARAzbX+NORkolvSYmaRRlwOihzmL 7I2yU6y6vOmPK0uzas12HXDccajt06gMH/6pMdcNLtDmZN1cPLzvUzvkKoMbS/FR +vB8dEZEQJE6MHLigBNaeS+Pwk6fxw== =ZMxH -END PGP SIGNATURE-
[SECURITY] [DSA 4229-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4229-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez June 14, 2018 https://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2018-5388 CVE-2018-10811 Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default configuration. CVE-2018-10811 A missing variable initialization in IKEv2 key derivation could lead to a denial of service (crash of the charon IKE daemon) if the openssl plugin is used in FIPS mode and the negotiated PRF is HMAC-MD5. For the oldstable distribution (jessie), these problems have been fixed in version 5.2.1-6+deb8u6. For the stable distribution (stretch), these problems have been fixed in version 5.5.1-4+deb9u2. We recommend that you upgrade your strongswan packages. For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlsk0n4ACgkQ3rYcyPpX RFsjxQf/fduO/tPZxJEza4JBLLCzPCTgMGAZwOjUWhHAQ/qYQuooMmo4OZIT5Tf1 mMsSDJ0H9AmDTyP4mvmb40St0T4ZpZK+OmPfHUoZMlS2mCN/032qXVYbTA1C/z0N YdAHp75dDNVHh5Z8LQfJknYOZVIw74GUjsPZg9u+VYNIlnGKbyeC3EMgJry8frZe gxXCf8pKW2aDOVxrzRVitgbIMCFT0kCQYLb2qf/SvUp/IxAyjeDy6hnfVfvWFkxW 5tNRSTrW1Xcl0Eeh30LfN2FgZAYmfT+8BCgjszSVz3xh5dYaqFv+LMTMZu2n2D3n /HvX/mDRrmN+UsRrpZfJyx8snvFaKQ== =sH3t -END PGP SIGNATURE-
[SECURITY] [DSA 4169-1] pcs security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4169-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez April 11, 2018https://www.debian.org/security/faq - - Package: pcs CVE ID : CVE-2018-1086 Debian Bug : 895313 Cédric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn't allow passing --debug parameter to prevent information leak, but the check wasn't sufficient. For the stable distribution (stretch), this problem has been fixed in version 0.9.155+dfsg-2+deb9u1. We recommend that you upgrade your pcs packages. For the detailed security status of pcs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pcs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlrNxsYACgkQ3rYcyPpX RFsDlggAy2SHmo+lw4mEkodTH6bISba9cSLBBkalg4bhPmWLHnDw9PFIrUKV6HzB RoNzoMrsJsi4NDutw0aV9YjyuLYd/OmX8rMP/4zaI/bA4wMkz2EBQ6TkTGIlbYl7 ljTZWSBflfAqU18zIf1gH7jkDN+M3EkWfyJJVCj3KRRwMOCJtgL0GLAJLDB3jn41 Np56spr5F2i+iscpPYVDpJLrPp7A0d+HaVTMLhdlpTK09iUiLiH42MdvYgfdU3z3 LV77zWBR4VgUkqbYcfx2GHupstwC5toYDg771Ukaj69T2N/45wOthlUcSY4dQZlH 8g9WbQwWVJBR4P01nKeUuN/FWgpHtA== =oRuL -END PGP SIGNATURE-
[SECURITY] [DSA 4120-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4120-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez February 22, 2018 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2017-5715 CVE-2017-5754 CVE-2017-13166 CVE-2018-5750 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated in the Linux kernel for the Intel x86-64 architecture by using the 'retpoline' compiler feature which allows indirect branches to be isolated from speculative execution. CVE-2017-5754 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is addressed in the Linux kernel on the powerpc/ppc64el architectures by flushing the L1 data cache on exit from kernel mode to user mode (or from hypervisor to kernel). This works on Power7, Power8 and Power9 processors. CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 IOCTL handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing . This bug could be exploited by an attacker to overwrite kernel memory from an unprivileged userland process, leading to privilege escalation. CVE-2018-5750 An information leak has been found in the Linux kernel. The acpi_smbus_hc_add() prints a kernel address in the kernel log at every boot, which could be used by an attacker on the system to defeat kernel ASLR. Additionnaly to those vulnerability, some mitigations for CVE-2017-5753 are included in this release. CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated in the Linux kernel architecture by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. For the stable distribution (stretch), these problems have been fixed in version 4.9.82-1+deb9u2. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlqO5kYACgkQ3rYcyPpX RFtjkgf9HK7sq/xNOFjZsc3iaVNdzDhDEth8ql/Q9WsbDP9JmlrwmlTsD/QAgXgx m9zIIJzyI9Dry60bVvYZHFrtYhQXX5zp9DYa89oinHv+1UxzaYHTHsNoh326k86n QUcDLYe2+JJgi/2KjLqfFfa5zgMqUNj3C6iBDezs0tCfE/QZAmAX7aA7A3mTJYLB 3v2tSoEeW0fb9M5Ic2QHJD1TW6NU+j6zaUeJRyhj7lthmyOcNxwTIrt2CswDnLUI tCMtzdce6OWAW5xXQxHwzzf5+vRvmm/f+wM2V3WTcA1Q0tfA5cZGFe2SMOhyGKtf KG1ziLYIY0OdCtdxj0K/wEzpe6cikg== =B81o -END PGP SIGNATURE-
[SECURITY] [DSA 4078-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4078-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez January 04, 2018 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2017-5754 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is addressed in the Linux kernel for the Intel x86-64 architecture by a patch set named Kernel Page Table Isolation, enforcing a near complete separation of the kernel and userspace address maps and preventing the attack. This solution might have a performance impact, and can be disabled at boot time by passing `pti=off' to the kernel command line. We also identified a regression for ancient userspaces using the vsyscall interface, for example chroot and containers using (e)glibc 2.13 and older, including those based on Debian 7 or RHEL/CentOS 6. This regression will be fixed in a later update. The other vulnerabilities (named Spectre) published at the same time are not addressed in this update and will be fixed in a later update. For the oldstable distribution (jessie), this problem will be fixed in a separate update. For the stable distribution (stretch), this problem has been fixed in version 4.9.65-3+deb9u2. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlpOqZMACgkQ3rYcyPpX RFuTTQf/btBqg9/I3XlnJFyGAmd4eQolTcU5cfDJqNhD4TZoyMocghvw1kYtu7z9 bYVhwCRukJym8O8AXJOxvlcsP7g0ANXqVDHpzCN8byKYgzigVP9brfOu/zDa4uYY EYf8V3pc2QzNo5OV4G+sK5ZklkDnNIde+OxUfU0Otl9fUG2rS5JTFvaRgvGazlbb cN5wltoHD6DBeSRnfadwYPHQR5U+KAJNImh34Y6T73i7n5dGTnNhs6E7n0wlJL9O SQLwoqQeiDpcE7C4TZ1pb4AbFCZXaic+1ONbWy8D7erKNA7kV1U2LQDmPDw9kmua Lc5heEX026Xfdy83v6NAPwR+NU8stg== =GGyG -END PGP SIGNATURE-
[SECURITY] [DSA 4051-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4051-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez November 29, 2017 https://www.debian.org/security/faq - - Package: curl CVE ID : CVE-2017-8816 CVE-2017-8817 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8817 Fuzzing by the OSS-Fuzz project led to the discovery of a read out of bounds flaw in the FTP wildcard function in libcurl. A malicious server could redirect a libcurl-based client to an URL using a wildcard pattern, triggering the out-of-bound read. For the oldstable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u8. For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u3. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAloekh0ACgkQ3rYcyPpX RFvPYQf+Mm7HZwKKv7g7s6UV0vmD6/EfKJwGeLgBgs2QKdUjqJOXjtKYRBjHNSFt ye555SeTlD7wLWYXgJmPSAJxacKVTBo9wMW1gM/KOUELmPCrAQTBcvYiupg01oak L5M69d/Z+w2uzBoH55Jl/jQ9mDgrzsCUuuyRKBmBHlFRZt9VCd5uCbK1+I7bl2HG uhFJIn7FSq7q+E1HJ8JTzfnOuuzbJjBYsO/DaJCfdYI9Uh0GVcmxwuVwA3ommLif pycyVvF7MidbtwV9vzcd20jx40nje8rl6Pkfxw6yI3W567Qv+cJCwTuGrgZLQXJQ uPsZWlarqHnLb3Wd2h7HuIWC8u/SUA== =DvR1 -END PGP SIGNATURE-
[SECURITY] [DSA 4044-1] swauth security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4044-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez November 21, 2017 https://www.debian.org/security/faq - - Package: swauth CVE ID : CVE-2017-16613 Debian Bug : 882314 A vulnerability has been discovered in swauth, an authentication system for Swift, a distributed virtual object store used in Openstack. The authentication token for an user is saved in clear text to the log file, which could enable an attacker with access to the logs to bypass the authentication provided by swauth. For the stable distribution (stretch), this problem has been fixed in version 1.2.0-2+deb9u1. We recommend that you upgrade your swauth packages. For the detailed security status of swauth please refer to its security tracker page at: https://security-tracker.debian.org/tracker/swauth Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAloUSQoACgkQ3rYcyPpX RFutNAf/aMZwvT4w6JFji9JIMFrmhyFVqcoRy7F4lTkW3X+87RDUgDUEJafzYg88 FGoVX78jVAFIM9f0tRAtlJjHBpclX8nGxsG8OYYf5Gruaz5bpR9HD6ZOf0YIAFnq k7afT4WAx1qg41KH5IVNDMGvYF434Emf9AnYga7VlI+PURMrqczHeuNsLBzgP/RF TeLVgN4AF7Vx4lygT1cL8ypWjeow0mkSstDzafjfB0pKF+ZTivfxmf6Xf1000WHn gbGHveZvTCUfeSIZBd2zL+S7j/GtkyN6q09tO2MwqTQxtFy/oXm2AaaVRLVSJzlC imWRg0pOOJc5rt02ofjveM+EFc1lGg== =Td0m -END PGP SIGNATURE-
[SECURITY] [DSA 3999-1] wpa security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3999-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez October 16, 2017 https://www.debian.org/security/faq - - Package: wpa CVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. More information can be found in the researchers's paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake CVE-2017-13078: reinstallation of the group key in the Four-way handshake CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake CVE-2017-13080: reinstallation of the group key in the Group Key handshake CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame For the oldstable distribution (jessie), these problems have been fixed in version 2.3-1+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1. For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1. For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1. We recommend that you upgrade your wpa packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlnkeBwACgkQ3rYcyPpX RFtQLAgAv5ntBMhlw9vrNGPxIrnFZiqI6rOCeiu9fw1ijrGKDmuIdewuIO8IY+KA lYbxd5f+4X6nV2kwG6NwLzxV/Tl16hs8vRC9OGWEPPn9eW8XJE8jNU/m4Ca9cBGF JaNT2ntdCHrSlORaMf2wv8AaV799Dh3ZRiO0+IyAtQQucfEndwmUHEGO+igTElJ3 aBrfRRs+SFjYsSSw+JOM7jwk9XPX/0Isg05JNMYYUbo5vjidjiCLkSIYQp7ssMlj 8ObfHdQzxGiyDHCeA0SJv34X4LYEOs2PT7krRCaFms+6A3o8AJx9Tw6K8iO24cYs ttgxTMQRvkOyYBaV4h2rI7IOW2ViAA== =/khK -END PGP SIGNATURE-
[SECURITY] [DSA 3994-1] nautilus security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3994-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez October 07, 2017 https://www.debian.org/security/faq - - Package: nautilus CVE ID : CVE-2017-14604 Debian Bug : 860268 Christian Boxdörfer discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An user would then trust it and open the file, and Nautilus would in turn execute the malicious content. Nautilus protection of only trusting .desktop files with executable permission can be bypassed by shipping the .desktop file inside a tarball. For the oldstable distribution (jessie), this problem has not been fixed yet. For the stable distribution (stretch), this problem has been fixed in version 3.22.3-1+deb9u1. For the testing distribution (buster), this problem has been fixed in version 3.26.0-1. For the unstable distribution (sid), this problem has been fixed in version 3.26.0-1. We recommend that you upgrade your nautilus packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlnZ2WoACgkQ3rYcyPpX RFuGGQgAhAXOUOKT1Tv++ii3vJ79UoCDoxZT1E/JJKDBwae45hjG2bzAU6QqY93x cOUTah0iS8h8PYbkilQMzkjuDDxaItu7hsQV0AukyrOx0y2h0QycEctVnfxtGwY1 Cje5ItKVYmzFdygGM9F0WIMnNodSDnaBlSHUOG8NwF9Kl6Ym0sThTh7Gls4Sz1+L NKyEC1IrUwFzlAogvfU1++2+pZhAv4gtCQ6gcuAHVDHN6AcNUbVzXBVIdDl5F3Av eqp7lTO3B+kOYiwj+WCCt+dFsEiuDYUVE2HJ9NkL+e/mSpCv40RxzJbBp5YTseXg NpZRCYwDru2FDr2v3N0SszC2SjvkPQ== =1Ew3 -END PGP SIGNATURE-
[SECURITY] [DSA 3962-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3962-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez September 03, 2017https://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2017-11185 Debian Bug : 872155 A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. The gmp plugin in strongSwan had insufficient input validation when verifying RSA signatures. This coding error could lead to a null pointer dereference, leading to process crash. For the oldstable distribution (jessie), this problem has been fixed in version 5.2.1-6+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 5.5.1-4+deb9u1. For the testing distribution (buster), this problem has been fixed in version 5.6.0-1. For the unstable distribution (sid), this problem has been fixed in version 5.6.0-1. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEl0WwInMjgf6efq/1bdtT8qZ1wKUFAlmr/jQACgkQbdtT8qZ1 wKVE7Qf8Coj8LA6YWjPOyOxCrevipzaH9Az/BXLHF6lNkN+oyfaGjcSpSwha5Uw0 ItGWc4aIlQjiICZp8LMPEcQSajZwgJN6EvumQb/sxR88laQLUP28sEr+ADziE0Bl qsitCUf8J0YVhZ+xOEu+HF15MI/oDsbYNlMhyw1ZBimcMqsAMpDC7nvsIzf5l2Xp qiF+VVs+TxVQto4GHlQGm9V5DCDXA2QujnzGsOcdutgeHG0p6Eb9mnXN5TF0UqfO WTILsRFesEy3RZsUvzboqjtD/gn0NVJlxI6k/eFjrxSaLYVXDvgOWLlX+yK6hiOu +x/JYiOkOsKfRfRHi5ZnBI2WXMN5OA== =rYat -END PGP SIGNATURE-
[SECURITY] [DSA 3904-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3904-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez July 08, 2017 https://www.debian.org/security/faq - - Package: bind9 CVE ID : CVE-2017-3142 CVE-2017-3143 Debian Bug : 866564 Clément Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: - providing an AXFR of a zone to an unauthorized recipient - accepting bogus NOTIFY packets CVE-2017-3143 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. For the oldstable distribution (jessie), these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u12. For the stable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.4. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEl0WwInMjgf6efq/1bdtT8qZ1wKUFAllg1V0ACgkQbdtT8qZ1 wKXMiQgAkvKV919VTYzDG2Sa9qMF8zbHhbjwF2VwBl9M+IK/lPoQK407465ZWEmd N3xaaKkbtNEZELrz5tkFy3ZRJq2lWIwxF38hegp2+nCll0K+giTRckW/oh0l592h pkchKlGBcpwNrDGEAYQRjUzY6J3MwMZkn4EaoC2S2kmF30HSJcx9W93Q5GdnOf7m MA301faXKc5zicbiu05iPtqqP/i6+EmlHIYSW+Hu0nYEYPIvVQcrdsjnpZLaqxGS 58Ge5/hy0qqvIV+fyqlyQBPwyT3DvtAQVChKtFojvZ/JRIvx+hwKj3CKa3uihU9A w2agXaZd3BobRVdUmjndYcrHrZTDBA== =20aK -END PGP SIGNATURE-
[SECURITY] [DSA 3866-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3866-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez May 30, 2017 https://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2017-9022 CVE-2017-9023 Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. CVE-2017-9022 RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. CVE-2017-9023 ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate. A fix for a build failure was additionally included in the 5.2.1-6+deb8u4 revision of the strongSwan package. For the stable distribution (jessie), these problems have been fixed in version 5.2.1-6+deb8u3. For the upcoming stable distribution (stretch), these problems have been fixed in version 5.5.1-4 For the unstable distribution (sid), these problems have been fixed in version 5.5.1-4. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEl0WwInMjgf6efq/1bdtT8qZ1wKUFAlktX04ACgkQbdtT8qZ1 wKWTFQf+MMdSFvrdeXksFRmtKWWtTaQew4NwDU0EOK8yYAKqpiCGICnP7+6cCAQf UqpD8ZD67gdqLA4E+sAhM3HDuuC+kIx3r+7Qk65zim8RpdRBViZIGCAi46gWoIAU 4w7M+VKWbMZGLzNlde6OApEorQYCBQSpRIi8wTBs9PN/n2UaDlESrc+plGBI/mn2 /ShzEDc6MJxhAuFv+Pvq4OGrHpd2s0FrSn83jkkFm9MIGxEOIyy6ohsfHVlbapyi 9gg/qxNwv2mpUq5KRM4fOvpFTJ5wFO0k/eD1fV0L88dgBZYk+wQJ+ofRK/CNf3of jMgsv9QBKV3kmHdvzJAYaTIii3N/8Q== =/Us5 -END PGP SIGNATURE-
[SECURITY] [DSA 3502-1] roundup security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3502-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez March 03, 2016https://www.debian.org/security/faq - - Package: roundup CVE ID : CVE-2014-6276 Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site administrator should ensure the instanced versions (in /var/lib/roundup usually) are also updated, either by patching them manually or by recreating them. More info can be found in the upstream documentation at http://www.roundup-tracker.org/docs/upgrading.html#user-data-visibility For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.20-1.1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 1.4.20-1.1+deb8u1. For the testing (stretch) and unstable (sid) distribution, this problem has not yet been fixed. We recommend that you upgrade your roundup packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJW2F1uAAoJEG3bU/KmdcClyAYH/1U/zjrSq7UzdhBwHtyBYbs1 Phs0MbLGCUQShVyDt7mSfGszDTljob8nUMXpgtzeDzFM7QZItVepHNYDaQo6PB6A aX4FaQwdkw5LDRQ8b9VsgEHRa0qSpHrQ/blJSGfy671hnWECxcpd7p9N1HvNnYDI cClJyHuYjaVX0lDgN/qGEPGP9QPnnazHDaL45QGGD0FozeXafeseYa9e2tlVjVSJ xjljSH5AWNQj+CHBffUiSJlAwxnp497nuChvDrB//SfM3XqWGCJ6lRUQU6fX7lyB 5iZ7/ZhogqV3kvsEu+zabCDZINkRmrrTxg/qwImvjDQkWX1InM0GNqZfLzfBdPs= =cDuA -END PGP SIGNATURE-
[SECURITY] [DSA 3492-1] gajim security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3492-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez February 25, 2016 https://www.debian.org/security/faq - - Package: gajim CVE ID : CVE-2015-8688 Debian Bug : 809900 Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages. For the oldstable distribution (wheezy), this problem has been fixed in version 0.15.1-4.1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 0.16-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 0.16.5-0.1. For the unstable distribution (sid), this problem has been fixed in version 0.16.5-0.1. We recommend that you upgrade your gajim packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJWzytoAAoJEG3bU/KmdcClehYIAKTfjnwq/3iN53yVR6qwAoxQ ZFbMlkiHFelDcIurbpo/wQH/R20FA0rHj6DcdmbaOJLTw2Kb6+feH5Ko5LGLC/1O 9/BEQLop6h8FdsW/pHr+e1RdEoioDWbKj8lBgqihl/ILt/9AQ7W+W/GmecBdQTge N9Ha2P8IpLoeN5b8KIL8o3Kb1uT0zBlexR04L7zxJOWY2pizFr4FCxOToZ/IIoYB m6wX0uP+ooP+KWXQ2UgZzPznbLNZeJ0pkaa1lXIgGu182IDCz3u3EEaE1zoQTxon AtuUjlAOeGC6ByjbpGMkSc/mNI+WkxOrjqJmRBdJY07TmfCk3z4l4B+wab/Jew4= =53BS -END PGP SIGNATURE-
[SECURITY] [DSA 3462-1] radicale security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3462-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez January 30, 2016 https://www.debian.org/security/faq - - Package: radicale CVE ID : CVE-2015-8747 CVE-2015-8748 Debian Bug : 809920 Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server. CVE-2015-8747 The (not configured by default and not available on Wheezy) multifilesystem storage backend allows read and write access to arbitrary files (still subject to the DAC permissions of the user the radicale server is running as). CVE-2015-8748 If an attacker is able to authenticate with a user name like `.*', he can bypass read/write limitations imposed by regex-based rules, including the built-in rules `owner_write' (read for everybody, write for the calendar owner) and `owner_only' (read and write for the the calendar owner). For the oldstable distribution (wheezy), these problems have been fixed in version 0.7-1.1+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 0.9-1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1.1.1-1. For the unstable distribution (sid), these problems have been fixed in version 1.1.1-1. We recommend that you upgrade your radicale packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJWrQV8AAoJEG3bU/KmdcClIB0H/0uqWEvEk9dBBqoW8+y5lA4X MTyDUVUH0n/XjVSvuGf28v5854OhtdayjnG3iKjGD1JNUh31AibPUxRSbUcKIjA8 39JGXpizHkrY3FOiH/Wp4wCsO30+cgkWn+sJxQ64/G1AWKGY2oIoOB60gz/Dnrs2 0Vu476NVo+rC2wbhFhTOiS57c/a8n/NOmKNnd6d1nRJjJfxf/9sZL7l5qnXHQLk1 la5gy14OOMjwVuYXx1Eo4V1HnJyC4gc86bnbK8gPDPNMJyH0ZN6K0I8Z0n5vese7 D7WatwEdukJEjO426id5vSAMg+jokspL+btRP7lUTYKTtUVxk/zjcNXWVbmlMog= =po9r -END PGP SIGNATURE-
[SECURITY] [DSA 3451-1] fuse security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3451-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez January 20, 2016 https://www.debian.org/security/faq - - Package: fuse CVE ID : CVE-2016-1233 Jann Horn discovered a vulnerability in the fuse (Filesystem in Userspace) package in Debian. The fuse package ships an udev rules adjusting permissions on the related /dev/cuse character device, making it world writable. This permits a local, unprivileged attacker to create an arbitrarily-named character device in /dev and modify the memory of any process that opens it and performs an ioctl on it. This in turn might allow a local, unprivileged attacker to escalate to root privileges. For the oldstable distribution (wheezy), the fuse package is not affected. For the stable distribution (jessie), this problem has been fixed in version 2.9.3-15+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 2.9.5-1. For the unstable distribution (sid), this problem has been fixed in version 2.9.5-1. We recommend that you upgrade your fuse packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJWoT/VAAoJEG3bU/KmdcCluUoH/AjfCNv4FhljD2bfLGFWAeIi T5frYjGUdUJH9e88t+onHDk37dwN3W00NjXIdU7viV442hFBzNUjn1FAgAfQGEgD a5COswLK639PbpI/fUekx6mVVu7u3f4i5iq4YGSj6pyfQtHAcpw3XSNwEovBj/xn P4ool1/VcYc0ywJ9RfGo5i8G+gSYoUmEWPUU17BTl7jFD/BukAZ9ddGC5D3Q/M+p yMA/IIZPzSc4+SGcXekN8YFP442xBiLywaSw4sajhBfaZnxMm/wqh3rH91cXMSD9 ohVUrc0fXGFRWaczTg/lnCc+VwoHkwKRJHpY8qWPhh0ec8uP+X/qiQ4qpjB+Sq0= =iB9s -END PGP SIGNATURE-
[SECURITY] [DSA 3446-1] openssh security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3446-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez January 14, 2016 https://www.debian.org/security/faq - - Package: openssh CVE ID : CVE-2016-0777 CVE-2016-0778 Debian bug : 810984 The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client (an implementation of the SSH protocol suite). SSH roaming enables a client, in case an SSH connection breaks unexpectedly, to resume it at a later time, provided the server also supports it. The OpenSSH server doesn't support roaming, but the OpenSSH client supports it (even though it's not documented) and it's enabled by default. CVE-2016-0777 An information leak (memory disclosure) can be exploited by a rogue SSH server to trick a client into leaking sensitive data from the client memory, including for example private keys. CVE-2016-0778 A buffer overflow (leading to file descriptor leak), can also be exploited by a rogue SSH server, but due to another bug in the code is possibly not exploitable, and only under certain conditions (not the default configuration), when using ProxyCommand, ForwardAgent or ForwardX11. This security update completely disables the roaming code in the OpenSSH client. It is also possible to disable roaming by adding the (undocumented) option 'UseRoaming no' to the global /etc/ssh/ssh_config file, or to the user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on the command line. Users with passphrase-less privates keys, especially in non interactive setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to update their keys if they have connected to an SSH server they don't trust. More details about identifying an attack and mitigations will be available in the Qualys Security Advisory. For the oldstable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u3. For the stable distribution (jessie), these problems have been fixed in version 1:6.7p1-5+deb8u1. For the testing distribution (stretch) and unstable distribution (sid), these problems will be fixed in a later version. We recommend that you upgrade your openssh packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJWl8KkAAoJEG3bU/KmdcClRNwH/0VVHlie4NzyktneCUYnPuU2 WpeiJLScW+Sgn9ZfaL4LD+RlvmH19YLaKirIula1Wp+f6poAAMrE+Zh2ZO6wH1XY C3VG9mA3sZDkrgctKVqQ0jO9oY0kFsN8FbNduFH/qBycLZdsH6nQ1KyWRDuKfVql 4qJCoErmsc9w/Avlh/+WE7JFDRA+2TcGuXeHbmuSaxHAbR8+2PZ+4Z5xgUG/i7P2 KeQkFTHBewn0fBQsQxIAgkwvV58eKNScGcgEMBrwKcwxcXDmWg4ST8KQLLZ+oQct mF1xWkNAnGNk6yfiGScv6TlY2JtVgfTTNN3gYjpbe/W4Wbqwp7xML90DRPzG7WQ= =MOdR -END PGP SIGNATURE-
[SECURITY] [DSA 3398-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3398-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez November 16, 2015 https://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2015-8023 Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials. It's possible to recognize such attacks by looking at the server logs. The following log message would be seen during the client authentication: EAP method EAP_MSCHAPV2 succeeded, no MSK established For the oldstable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u8. For the stable distribution (jessie), this problem has been fixed in version 5.2.1-6+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 5.3.3-3. For the unstable distribution (sid), this problem has been fixed in version 5.3.3-3. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJWSdZXAAoJEG3bU/KmdcClzmwIAKSxdiqejnrNE0GrLBxiuG9h dTn/aRw0OaOrXUs/Gmi7fMy0ce0ZqoTm5tExVAh9PsuRGqgxMfjuPQs+jt8XEAGf ZW7PeRQoej5XgIiMpoMM+Z1jNjgY2aTgccqS1kGWvRXdWycMKTHEFFVk5vHopuqv iR5+kVX0OxLn043Iu77EmpBYqxIbVG8acHEOCgIfef80rNPaDksvwqV3I7swnAWx t0ezoNZglHTCfOefcj7RRgEpcPL/7UIv3CVBmtw60E6P+//jXE6fmhjkf6B5BEjx QZAMUiEqRtkjXil8xdDoJTVHJQ9UKXSGrTimZyrF7M0+JlpUvNzeB5ynaMh+OtQ= =8xMJ -END PGP SIGNATURE-
[SECURITY] [DSA 3375-1] wordpress security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3375-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq - - Package: wordpress CVE ID : CVE-2015-5714 CVE-2015-5715 Debian Bug : 799140 Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them sticky. The issue has been fixed in the XMLRPC code of Wordpress by not allowing private posts to be sticky. Other issue(s) A cross-site scripting vulnerability in user list tables has been discovered. The issue has been fixed by URL-escaping email addresses in those user lists. For the oldstable distribution (wheezy), these problems will be fixed in later update. For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u5. For the testing distribution (stretch), these problems have been fixed in version 4.3.1+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.3.1+dfsg-1. We recommend that you upgrade your wordpress packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJWJU/4AAoJEG3bU/KmdcClwJkH+wbyIKtik3ASrpO/TqULYail PYwhsEcb58PjFLn5IEqvXXaAi6FANhcllNwennROd5rqNvSZjPNXjkHge+PV64RO T1rsT4G1MnM2e9CQvRzT3HQP0JC3u/79IvDkGsUfJjMbG/juBcZH4F69VHD/hN8x rg9ChCEkKjAKAgJIfVU95H4N64iYEsbuRA9d6gJTGqfOw6KcSdNgpeQVRUSn1pjV ZxabKmG6NFdFaKjo6Ql1FN9yg5bY0u2rNVH7exR+ce19H5N4QY22yqdF5iMNmYb+ 3F6UgfTjYXV3PYoyPkoYTbdpcopoWQpCjh/dasjyX0yD06O9F2fW4Ht6UUOxbw8= =sToZ -END PGP SIGNATURE-
[SECURITY] [DSA 3282-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3282-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez June 08, 2015 http://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2015-4171 Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP, the constraints on the server certificate are only enforced by the client after all authentication steps are completed successfully. A rogue server which can authenticate using a valid certificate issued by any CA trusted by the client could trick the user into continuing the authentication, revealing the username and password digest (for EAP) or even the cleartext password (if EAP-GTC is accepted). For the oldstable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u7. For the stable distribution (jessie), this problem has been fixed in version 5.2.1-6+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 5.3.1-1. For the unstable distribution (sid), this problem has been fixed in version 5.3.1-1. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org - -- Yves-Alexis Perez -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJVdao4AAoJEG3bU/KmdcCluZAH/0KIDlKhVrU58yZ2uqThY8IZ +rYZDO1Liz4X5Ycx+vo+tM85DsqUYNQeTeBSKxpQX57XKF2KY09tVF08C1oXo8u6 JA3h9B4zsSBMm3210IQ4XQBQZSA5XnqRg4mTANihtdCZNhwrtskAcEiHwDqKtzkW FNHNzLtduM9q7w8rApLYAYROKGjO2rR0YyEQ6iu55fnMoyhL8Qy9t5uwTOx+fGDS 8ai8lKMIGTtVXVYw/HrsYJA5hl88ndbbBAZzoJrPcxFiFFjBpawpWdhgPlf4kYRr 3GrsqJcwQvPSbQcOyxzGIFa08JJOGPwRx1M1HfkmZHI8RQQ8f/jp9ZsibXaFXPs= =HOGE -END PGP SIGNATURE-
[SECURITY] [DSA 3212-1] icedove security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3212-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez April 02, 2015 http://www.debian.org/security/faq - - Package: icedove CVE ID : CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 31.6.0-1~deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 31.6.0-1. For the unstable distribution (sid), these problems have been fixed in version 31.6.0-1. We recommend that you upgrade your icedove packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJVHaf6AAoJEG3bU/KmdcCl/XMH/3vTJkdPu2v0zU4l+W/dlEE9 PrDOleWLq2QL2mufCiF2oJCoaECRa0gocFaZifwQ3OImlL9DRhsZAoS75x91CtI/ ex05xpJ4R65S3raRm4FG90kyrdhxk6XUo+QL1KYRxvs31aVCQ9q/iIanw/vMfywO W3WHD0EltImB2H+Ux/Hv5JVvOZvhEdJphj2hmnaHoAok+6vKwx41nyM0mph9lPgk ENhmjwSVTFKJP4c53upucuDM9QTp800GspLb0PujyUTxIwmwl+1/a6sQ0muiKZqH XYru+G+FHff02LGRMVj2N05gkXThMPpiRZhJWQ+1Oao2+znLgq6hwZKGQcdNhLc= =Jfv5 -END PGP SIGNATURE-
[SECURITY] [DSA 3209-1] openldap security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3209-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 30, 2015 http://www.debian.org/security/faq - - Package: openldap CVE ID : CVE-2013-4449 CVE-2014-9713 CVE-2015-1545 Debian Bug : 729367 761406 776988 Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. CVE-2013-4449 Michael Vishchers from Seven Principles AG discovered a denial of service vulnerability in slapd, the directory server implementation. When the server is configured to used the RWM overlay, an attacker can make it crash by unbinding just after connecting, because of an issue with reference counting. CVE-2014-9713 The default Debian configuration of the directory database allows every users to edit their own attributes. When LDAP directories are used for access control, and this is done using user attributes, an authenticated user can leverage this to gain access to unauthorized resources. . Please note this is a Debian specific vulnerability. . The new package won't use the unsafe access control rule for new databases, but existing configurations won't be automatically modified. Administrators are incited to look at the README.Debian file provided by the updated package if they need to fix the access control rule. CVE-2015-1545 Ryan Tandy discovered a denial of service vulnerability in slapd. When using the deref overlay, providing an empty attribute list in a query makes the daemon crashes. For the stable distribution (wheezy), these problems have been fixed in version 2.4.31-2. For the upcoming stable distribution (jessie), these problems have been fixed in version 2.4.40-4. For the unstable distribution (sid), these problems have been fixed in version 2.4.40-4. We recommend that you upgrade your openldap packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJVGbpWAAoJEG3bU/KmdcCl7AMH/Aw2b5XLEULZTFxMbqWCq/Rm zgNe+Rf8OK/0jIiohtUh0ZmpFb74zw8AluV8fRK6V/4Pk+/JStOkcI01fCjrr5mT R30BNzy/sH9GBdlRxFEWtlFi6/8g+rxuq5MHBhrAXDre34ZMk4gAUsbGaeF6NQKM hLaqqG1dmhEGg3X/7TzfXR4fJm4SKyy/ZOBslmrXzW1cM6ttu7FmQlywaTgHvUfr cL+vo99jYDl7dg8Ne74WLXsepTEsnm4x2yT9c6u28UJ9eDrNybeaux6WEu6eMh4x PnU+4lbgLE/lFDplBOxYTykDPwRbaZIV9xE21UgtSXSqaCQ+jkRg8qOu9P4u13A= =lYTz -END PGP SIGNATURE-
[SECURITY] [DSA 3207-1] shibboleth-sp2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3207-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 28, 2015 http://www.debian.org/security/faq - - Package: shibboleth-sp2 CVE ID : CVE-2015-2684 A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash. For the stable distribution (wheezy), this problem has been fixed in version 2.4.3+dfsg-5+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 2.5.3+dfsg-2. For the unstable distribution (sid), this problem has been fixed in version 2.5.3+dfsg-2. We recommend that you upgrade your shibboleth-sp2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJVFqmOAAoJEG3bU/KmdcClj2UH/iUoRWVjf7xGbRpyvgL8QdTR H0MxQHyNXiNRmPi/xtyCj3zLcoI14h8fm3Hggam1qfTY36yFnTi4DPnRIliYWb01 +r3dJua3YN5mALoLgJfCupQ2skktHRGlTImhEfLaSfnvmss8byAvT5CAoJiCySXz ILvO/xurlnFzIuWklBttBurvcBKe1HZth3Caa0rZ+kqWdf/QVKiS1vFL1V/Pivop hCt9i/qLQi5HCALYPF4y0ftpKKWErixYNmNG826pr6tWDVDtG82PuQlvtdPYpKmx s9z6dpQGZwpXErkkMBVsVzQ3JXKPCrWzY3orUANkcGKo0dJqG3rNP5eXAtLXMjw= =xA5Y -END PGP SIGNATURE-
[SECURITY] [DSA 3118-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3118-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez January 05, 2015 http://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2014-9221 Mike Daskalakis reported a denial of service vulnerability in charon, the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish IPsec protected links. The bug can be triggered by an IKEv2 Key Exchange (KE) payload that contains the Diffie-Hellman (DH) group 1025. This identifier is from the private-use range and only used internally by libtls for DH groups with custom generator and prime (MODP_CUSTOM). As such the instantiated method expects that these two values are passed to the constructor. This is not the case when a DH object is created based on the group in the KE payload. Therefore, an invalid pointer is dereferenced later, which causes a segmentation fault. This means that the charon daemon can be crashed with a single IKE_SA_INIT message containing such a KE payload. The starter process should restart the daemon after that, but this might increase load on the system. Remote code execution is not possible due to this issue, nor is IKEv1 affected in charon or pluto. For the stable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u6. For the upcoming stable distribution (jessie), this problem has been fixed in version 5.2.1-5. For the unstable distribution (sid), this problem has been fixed in version 5.2.1-5. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJUqn9mAAoJEG3bU/KmdcClS64H/29//IeNgo/Qeo9zGo/GsCaO A4Y6SgOYj25KIpIPQd0qcPAFID0oJrLNusnW8QTKNSwgw5ntNyY+EYfGmKu57/rH VKFSXp6sJ9N6LtIEZ6jYMNl/M0jw6TfNOW6RoUBq9J+0JBTmlQ61ef5Z+qsoHpjB mgGax4oeujTF8DMbMli5Pntja5NdYTjlLKOEyeiZTfc7JlFju5ehGk9xIRx03Mtr LcLokqknLavI4nPZZV+t4kEeMb9RTWy71Fkfvd0NCmDOkK7W2Der6Ko3kciED1b5 8prp7f0zVkJ29ULisPwbZtaxk9+ETehUdBUoL/76xiMtcu0y1HGqHk8R4U/NIak= =0Vd7 -END PGP SIGNATURE-
[SECURITY] [DSA 3097-1] unbound security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3097-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 10, 2014 http://www.debian.org/security/faq - - Package: unbound CVE ID : CVE-2014-8602 Debian Bug : 772622 Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit (or make emit) queries to the server can trick the resolver into following an endless series of delegations, leading to ressource exhaustion and huge network usage. For the stable distribution (wheezy), this problem has been fixed in version 1.4.17-3+deb7u2. For the upcoming stable distribution (jessie), this problem has been fixed in version 1.4.22-3. For the unstable distribution (sid), this problem has been fixed in version 1.4.22-3. We recommend that you upgrade your unbound packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJUiLynAAoJEG3bU/KmdcCluqQH/1nE0LBSQXkUd3psC/TkbE7W WhvnSRT/JYCapY29xR4zZvgVUzv4ey6/xNypB9V1jgrnR+7AURVJCeDk4JZb69dU av7b2rRQt5hyUjs3OqYhY9Z5kUWTjYjsS8APlBCOheBY9yLSYpXSYvW+F60oS9c+ opWvTVvCdDkeI7abrqsQu/sxjdBzgJscfjdNZhdtAeKYRITpPEeeTa/NX8evKDzw 9LwfC5qDY1GN/+CHLnIgkZFgZ9XTMOLEv9DjzC3Cpfdqs5JphhC2VRn7upZSAu90 Wws7Mzp76ioAyRiZh5+nxCsExqWDsVZEAVyBGkhYnZaEm5fehbE5aVsacvmierA= =wkqI -END PGP SIGNATURE-
[SECURITY] [DSA 3085-1] wordpress security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3085-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 03, 2014 http://www.debian.org/security/faq - - Package: wordpress CVE ID : CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 Debian Bug : 770425 Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9031 Jouko Pynnonen discovered an unauthenticated cross site scripting vulnerability (XSS) in wptexturize(), exploitable via comments or posts. CVE-2014-9033 Cross site request forgery (CSRF) vulnerability in the password changing process, which could be used by an attacker to trick an user into changing her password. CVE-2014-9034 Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential denial of service in the way the phpass library is used to handle passwords, since no maximum password length was set. CVE-2014-9035 John Blackbourn reported an XSS in the Press This function (used for quick publishing using a browser bookmarklet). CVE-2014-9036 Robert Chapin reported an XSS in the HTML filtering of CSS in posts. CVE-2014-9037 David Anderson reported a hash comparison vulnerability for passwords stored using the old-style MD5 scheme. While unlikely, this could be exploited to compromise an account, if the user had not logged in after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and the password MD5 hash could be collided with due to PHP dynamic comparison. CVE-2014-9038 Ben Bidner reported a server side request forgery (SSRF) in the core HTTP layer which unsufficiently blocked the loopback IP address space. CVE-2014-9039 Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a vulnerability in the password reset process: an email address change would not invalidate a previous password reset email. For the stable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u5. For the upcoming stable distribution (jessie), these problems have been fixed in version 4.0.1+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.0.1+dfsg-1. We recommend that you upgrade your wordpress packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJUfswVAAoJEG3bU/KmdcClQrsIAJDl/JfGi7LWL2wk4QGuFg23 FtWl0bjFYAMxR/97MGHWMxnk0tafu9tFOfKLopnhVY73TyzmfsrWKjvkRhqCs083 MO1BJkzVi7pG8JbLq0o1GrPj72bzaBh9eTnVWRtzIjk1ACCXOXa+6O8GfPLyAwOm 37VrThtxzBAyJ5AvE+vKfOI8u2n2CoiCAqeUpcLGH35dMbjxG7MaMmEvYjKnXNCn 1rBepPlBMBFY5Z2QQJF4C4c1Foca5pOl01OsybycZ/zXvIcb8o6besPo2OdNvLQp 2K4RcrnD7r8LgjY1lTOxhzVXp77Mp9QH9MdqHyDLV6vyrnu1O2/YDKRdsj0hIv8= =pOFB -END PGP SIGNATURE-
[SECURITY] [DSA 3074-2] php5 regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3074-2 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 19, 2014 http://www.debian.org/security/faq - - Package: php5 The previous update for php5, DSA-3074-1, introduced regression in the sessionclean cron script. The change was intended to fix a potential symlink attack using filenames including the NULL character (Debian bug #766147), but depended on sed package version too recent, not in Wheezy. This update reverts the fix, so people are advised to keep kernel symlink protection (sysctl fs.protected_symlinks=1) enabled as it is by default on Wheezy, which is enough to prevent successful exploitation. For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u2. We recommend that you upgrade your php5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJUbHXDAAoJEG3bU/KmdcClQksIALHORGkFY4jBHkqu8zhU2jJT cwsgTfzcjqGOsIHVPTN3vS7ynB9qvFP9miYgFCn87pV2aZo66Nztgsrw6rt6tkBm vhUg18sxDkc46M/Wtlh5m9tk+2nuEVROlnxQXTuid5ipn79N59uUtVHGyvkVfboc m2noyg1zFK43g4pDovAQYZDXVd0uwHJwDoQevORZ10BoJj93SowkKcmLgJNolGyQ UFU8oyE6lrZdkyxmtSHWI4I98FDIL2oSzQEAy3dx33mTCR1HSS5fLOCCo5D8vQSk CAFXfLeYyK4xVmBds9U4loOj5Ll/g1PRs0yHEUPWwPlEUTVXFlKpMK729j7HOmc= =uIwr -END PGP SIGNATURE-
[SECURITY] [DSA 3074-1] php5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3074-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 18, 2014 http://www.debian.org/security/faq - - Package: php5 CVE ID : CVE-2014-3710 Debian Bug : 68283 Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file. As announced in DSA-3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerability is addressed by upgrading PHP to a new upstream version 5.4.35, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information: http://php.net/ChangeLog-5.php#5.4.35 For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u1. We recommend that you upgrade your php5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJUa7XMAAoJEG3bU/KmdcClzHgH/3sZmgwrWGUenVLcg3c8TWE3 uPMWOrUcRmPLzkyWuixKKaU1nijwB3EEYknNqGKqT87lLmZIntWF9FoJXfX6mxrg UpeSHQTknLPdL8w6gAg2KTFCkua+k8wIOqmW7TSpSHr6LU6Aq6ePkBGzBfEaXWLK JbL1HE8/SmfQ5+DWbaxz+g9cb5vJRHUUWGbTs2WotdrBlYho9wz4cSlx9khEIt3V B/NJ3Etvl7UMgS7Tii3h0WW+hksrgrXt8itBj7aNtasnFNf3iySlUoEaxeotIugu W6chDiuEKYdsq1jDdl0T/GhT2K9UxGIPoTwhvygLbGO20bw1Ux1Ku+r2qSNfryY= =0CGm -END PGP SIGNATURE-
[SECURITY] [DSA 3037-1] icedove security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3037-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez September 26, 2014 http://www.debian.org/security/faq - - Package: icedove CVE ID : CVE-2014-1568 Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. For the stable distribution (wheezy), this problem has been fixed in version 24.8.1esr-1~deb7u1. For the testing distribution (jessie) and unstable distribution (sid), Icedove uses the system NSS library, handled in DSA 3033-1. We recommend that you upgrade your icedove packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJUJb8TAAoJEG3bU/KmdcClBGMIAKedVT225QJCxKQWVEW55kOt z4Q3jeVHuJSA1iITpLL7UNb/zSpsXy6Gydm0fopDSK4//MHAU1JomQJ6+amuz3tq IJtnQRMysVlMLYrvfuMA4UYwoW4eNpr1oFg35A//P9sYf3B1f0WbnwGotzHhkNI+ 194A1LCqAYA2lgGfrtiHcoj5vr7cs/nlJLxasx3C0OPoVkTVKXb2kxqXfFoaU4yz 9iRgPN6RMadldWEyr+3nLx+D8CTUmDrpeTHfHo030IuKuyHOOer9LCB7SJcYdaVg eI1kM3jO4NGu/7VO8mF1H7QFBkjcKVgpbCG9rp5Dcwkluz4es4xNflGTf0oPYTM= =A9At -END PGP SIGNATURE-
[SECURITY] [DSA 3033-1] nss security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3033-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez September 25, 2014 http://www.debian.org/security/faq - - Package: nss CVE ID : CVE-2014-1568 Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. For the stable distribution (wheezy), this problem has been fixed in version 2:3.14.5-1+deb7u2. For the testing distribution (jessie), this problem has been fixed in version 2:3.17.1. For the unstable distribution (sid), this problem has been fixed in version 2:3.17.1. We recommend that you upgrade your nss packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJUI2CBAAoJEG3bU/KmdcCldbsIAKpmbb4XdAU3Lwr0aqXQ5UTt Tg+w2bZ8nKgZr2e+apkdlCqOd7QLnvUrykhUGe4HAwCcb38BUV8xhA+sdAfrXhdQ S7XOev+zgWtcu3FOylluRg5hMxBetqbZCtKHZ97NzbzX0IVMNXOMBNXsXOBSlxJd 8H5d30zcUtMCYQVMhj3tUDkTTZuo1POp7MA44RkL13ORMlDcRSbYacicyRZbFtOk P6/i9Caq657Sm0MXjRCDet+jdtTIpCucF/nW+jXsWyzqtA5OJphic2UX9cG05LzC hYyVKHITZVkuSQVqqX6+EwVaA9nn1DerX48Jqty+7dLWUdHVhs30WTRjx0Ip/dw= =HZF1 -END PGP SIGNATURE-
[SECURITY] [DSA 3034-1] iceweasel security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3034-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez September 25, 2014 http://www.debian.org/security/faq - - Package: iceweasel CVE ID : CVE-2014-1568 Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. For the stable distribution (wheezy), this problem has been fixed in version 24.8.1esr-1~deb7u1. For the testing distribution (jessie) and unstable distribution (sid), Iceweasel uses the system NSS library, handled in DSA 3033-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJUI7VDAAoJEG3bU/KmdcClfnwIAI/APpG/TLyQ5c5EHH707fhJ T/rHkpgqz7tVMx1bG1ZjCtbClb+3HuYzJ89l2iaJ6YZLSK36vfhCw1LKC/E8XwZX enUV8tqcWg++dMwBFDa7qxkEU7+9PxaT6h0TasMCK0fwIYcMKFI7KwwpYOZAxYZ8 3Pdt/oY8Lrs2wuGI2FfzXpQJ9yy6WFHel8oabI6U9XvDcZ9dWFlgH85M0P5RGCc0 Or1Mr4TGONA8etuRfNyzfkABQ9Aj+x2v9xv8t7hxKMlWpbeeHEjgjRzEym8rEqeU c8mV0LBXmogqztGCT6JMOukxQT7s+OBl33EB/LdoH9AXac1Map4Phy0bV4VhG+M= =I4Kr -END PGP SIGNATURE-
[SECURITY] [DSA 3022-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3022-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez September 10, 2014 http://www.debian.org/security/faq - - Package: curl CVE ID : CVE-2014-3613 CVE-2014-3620 Two vulnerabilities have been discovered in cURL, an URL transfer library. They can be use to leak cookie information: CVE-2014-3613 By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. CVE-2014-3620 libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy10. For the testing distribution (jessie), these problems have been fixed in version 7.38.0-1. For the unstable distribution (sid), these problems have been fixed in version 7.38.0-1. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJUEI+JAAoJEG3bU/KmdcCl2IEIAI5sK+QPJmu+/mZzxZwNHZUi tmLOw24e0eHRV5YLBj7BdojrEQgLt8HyHeLCKujPz2bG7iftJTcfiKAnmsqh0z1A mH4/b0m4G5L2x98Ag/+GKW9BcKJJY9LugrUrvE+8lw4fWZvlqfMaw7pen8TNz85Q YVdHgaZnKd2nUlKhWpLnRVHJJU2Fu0I0H3j64Jj3dOTUw6OAD0b7hp45Xd5ZDp2v BydYQ8Zsmrc0NORlfNeEca8Pip5gTi6tFDyNw5TGfogdz+IMMKfZRTvR/nriXZ7K DlC3OwQxzRFMktsH4N3cifDPkxfse72lPAJWtNS1bCvumIUOYXsXr8xBtnQ8MwY= =Vny8 -END PGP SIGNATURE-
[SECURITY] [DSA 2966-1] samba security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2966-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez June 23, 2014 http://www.debian.org/security/faq - - Package: samba CVE ID : CVE-2014-0178 CVE-2014-0244 CVE-2014-3493 Debian Bug : Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server: CVE-2014-0178 Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. CVE-2014-0244 Denial of service (infinite CPU loop) in the nmbd Netbios name service daemon. A malformed packet can cause the nmbd server to enter an infinite loop, preventing it to process later requests to the Netbios name service. CVE-2014-3493 Denial of service (daemon crash) in the smbd file server daemon. An authenticated user attempting to read a Unicode path using a non-Unicode request can force the daemon to overwrite memory at an invalid address. For the stable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u4. For the testing distribution (jessie), these problems have been fixed in version 2:4.1.9+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 2:4.1.9+dfsg-1. We recommend that you upgrade your samba packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJTp/WMAAoJEG3bU/KmdcCl10cIAIb5QEA7bqS2gkilXlSfk2J+ WEZB8DKVWfHWGz/krUcSxn8FSF9ItwT0QCcrrZHJHofDx7BIyk+QaHNquDA6a2X8 xm6HHCjhwSUz5qbrnFeZULUQGhekhqTbucr9dEOrbjM+KUWKebX+jrJkEcCVkDVi uqcAi7p1ESJJ88ebWV6VvlGJO9qOcNAaYAJCGzGapISeaQ/NevKjfWyM0FhdxF4/ nK8ol4C4hJXb02VrXZ7QEvGU0DJryBoA38euAt54NmBqfWBZg/Wi6osmluErbSbA 5xcBpctxXW5sVTf+2k608NdSnS9JilanNtWkaYiQkwD6CDkYfHtq14GMeAzk8ng= =K2AH -END PGP SIGNATURE-
[SECURITY] [DSA 2921-1] xbuffy security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2921-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez May 04, 2014 http://www.debian.org/security/faq - - Package: xbuffy CVE ID : CVE-2014-0469 Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts. By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash or even remote code execution. For the oldstable distribution (squeeze), this problem has been fixed in version 3.3.bl.3.dfsg-8+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 3.3.bl.3.dfsg-8+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 3.3.bl.3.dfsg-9. For the unstable distribution (sid), this problem has been fixed in version 3.3.bl.3.dfsg-9. We recommend that you upgrade your xbuffy packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJTZqtGAAoJEG3bU/KmdcClSCQH/jaytTnWyJpaBCj9RgsL2ulO 7elVLmvLwN2Tfo5hwmWzW1ibPTDaF+T19CPptimNmHx2wor0rDdNswfZFGqep4H0 TBBln9VdTrdlwkjMZwhlgceMIza+1/WlAWh/h1UFa+2Z5obyBIfDJ1mbgASsjISs qWz3mSxJfUXV6nmQys+5b8gmbjdcMYCHk63TWkLOZrtqbMm4jIFPw7zwkehmrddr PTyuKm8Dd+J2VSr3rnzfzVIDBxCBkU/np2Fh9ay6kpDXP2r1rGoYHoeHN50eKTPV lMVmqPnsXJWsZOr82p2s+xwbvDxsOCHsfxMSMDCGx7QmBPrVNbPukpFFWuv5w34= =Xx9R -END PGP SIGNATURE-
[SECURITY] [DSA 2922-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2922-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez May 05, 2014 http://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2014-2891 A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE/IPsec suite used to establish IPsec protected links. By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a null pointer dereference in the daemon parsing the identity, leading to a crash and a denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 4.4.1-5.6. For the stable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u4. For the testing distribution (jessie), this problem has been fixed in version 5.1.2-1. For the unstable distribution (sid), this problem has been fixed in version 5.1.2-1. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJTZ4o6AAoJEG3bU/KmdcClhi4H/3aeU8f6G2KfkCCKJuHsxHOQ ENJqoQzL6VoUmnJX5mfVU/sIfMSjVPILwqEceQmaPemobsoAciRHHYX8xrnveqmf LvhfNQFN3M+zxDpyBKp8qJtUW39t3HgrcqWkMJ/476C1tokdkUHO/kfBEYxHgTj3 IoZuTcLbIMVjDSgdMPszEA5FPoBGNPLsHfhEKDX7WRs3lPYGXS94INddugelau2V qj3iFuhvWDGIBA7+ByEhW9xo0z9kzuDNh94ra6CZjOgMqu1BrVc1HB8uxHRoXfaw noHjRcZE/iPiSMDXjcTjsQRqvyjopZFFesN5a0fyKKr/f13E5jzykuVC+iNOk20= =dy69 -END PGP SIGNATURE-
[SECURITY] [DSA 2893-1] openswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2893-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 31, 2014 http://www.debian.org/security/faq - - Package: openswan CVE ID : CVE-2013-2053 CVE-2013-6466 Two vulnerabilities were fixed in Openswan, an IKE/IPsec implementation for Linux. CVE-2013-2053 During an audit of Libreswan (with which Openswan shares some code), Florian Weimer found a remote buffer overflow in the atodn() function. This vulnerability can be triggered when Opportunistic Encryption (OE) is enabled and an attacker controls the PTR record of a peer IP address. Authentication is not needed to trigger the vulnerability. CVE-2013-6466 Iustina Melinte found a vulnerability in Libreswan which also applies to the Openswan code. By carefuly crafting IKEv2 packets, an attacker can make the pluto daemon derefeences non-received IKEv2 payload, leading to the daemon crash. Authentication is not needed to trigger the vulnerability. Patches were originally written to fix the vulnerabilities in Libreswan, and have been ported to Openswan by Paul Wouters from the Libreswan Project. Since the Openswan package is not maintained anymore in the Debian distribution and is not available in testing and unstable suites, it is recommended for IKE/IPsec users to switch to a supported implementation like strongSwan. For the oldstable distribution (squeeze), these problems have been fixed in version 2.6.28+dfsg-5+squeeze2. For the stable distribution (wheezy), these problems have been fixed in version 2.6.37-3.1. We recommend that you upgrade your openswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJTOcluAAoJEG3bU/KmdcClu7UH/07J/Vlqb3Ulnmlm2ZROyx3Q 2xALBLd5+0fBULBwMZ0A3y1elO+thmzFEL6R/7hsVJKqIMQWsWsn/Ahz0/HAOhkk 2YNnunJkZiyRI9J++9dli6dkbhLKBi53pkgzRzITu8ecJQ7Rt842bD79SvT40foh CK+l7Y8DIWao0JG8HXwNFn49KGHjz/4ZXmuDi+nRX0AalJlV7LG9N9jgnYIYjVTs +meQemBgffTyFCd3zW/ydq0K77+3z6EqprH4xVGsxGgu0Uu4Jk0GsAqYMRoETeRh Nvd1vOTSAMsVFUUpH2FgJkXdDQCtDzRiYFgItUVLWcWoDYrjXgChpdOGI8R0Wv0= =js6B -END PGP SIGNATURE-
[SECURITY] [DSA 2869-1] gnutls26 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2869-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 03, 2014 http://www.debian.org/security/faq - - Package: gnutls26 Vulnerability : incorrect certificate verification CVE ID : CVE-2014-0092 Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported sucessfully even in cases were an error would prevent all verification steps to be performed. An attacker doing a man-in-the-middle of a TLS connection could use this vulnerability to present a carefully crafted certificate that would be accepted by GnuTLS as valid even if not signed by one of the trusted authorities. For the oldstable distribution (squeeze), this problem has been fixed in version 2.8.6-1+squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 2.12.23-13. For the unstable distribution (sid), this problem has been fixed in version 2.12.23-13. We recommend that you upgrade your gnutls26 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJTFOKzAAoJEG3bU/KmdcCl+HkH/2MaLTV36/w+vvnPm0GyStx3 VDHXcI/3CPJVVp2hQFudLA72Fdgm6xlqQPoSNOjSxQItMsQvk4IPm2WpJfsm6kt5 6kPutZUMuQQJqFhxttoZMyvummumUzbKKkarvRgZ6Bb9zcaAFkIWGHdIymuurV2A qTg11puWQRiNB/aTPwP9qfw8gJ0UIZB/fa7f3Z4RfeTlbUWfFUretc9VAssDZrlg YiV7LF1Bdwa7BZEQUQgaKXSV3gbLL5MNbKwy2RjryRZ5lg8cpo2eyH2SjugdgJ6b QZvKbWqYVzI9+HhUX2aQjSrbePMH+BHYe82KrayIOnnw+xwP9RLexMDMdzHSEgU= =/e7L -END PGP SIGNATURE-
[SECURITY] [DSA 2826-2] denyhosts regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2826-2 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez January 23, 2014 http://www.debian.org/security/faq - - Package: denyhosts Vulnerability : regression Debian Bug : 734329 CVE ID : CVE-2013-6890 A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6-7+deb6u3. For the stable distribution (wheezy), this problem has been fixed in version 2.6-10+deb7u3. For the testing (jessie) and unstable (sid) distribution, the package denyhosts has been removed, and its users are encouraged to switch to an alternative like fail2ban. We recommend that you upgrade your denyhosts packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQF8BAEBCgBmBQJS4ZGvXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5NzQ1QjAyMjczMjM4MUZFOUU3RUFGRjU2 RERCNTNGMkE2NzVDMEE1AAoJEG3bU/KmdcClexkH/1iQEL46p01Ckgz7hUySWgnZ ioiZCbrLFRKCYyS04Z0PNb0C4aAWLoFXtzUxU372KUTLhJQFrsTdI58j+eanD4+x PXEPpk0o+4ZO4eFcQSd0kKfXmOdZlgrc4q541hv5xIgPf9rdIkP5YQwcyk1lxXMs 7DvwPhsaWr+NpqyC4AeAlFMTbq7Wi0LZ8FQb7JJIrFP2dJ1BHRcyoi4EYjzhUcNA aI8nedfJqf2TLYBlZauBuIFXqHqmQp78Rf1+geJfpX64OebMb9iufSgVoU79Rbgi u3AS1/ynpN/2X9t3jCBjhZkY5BSMB8/EtheRNeYRLXLLoxmNudm2vzV1jOYLngM= =sZxV -END PGP SIGNATURE-
[SECURITY] [DSA 2826-1] denyhosts security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2826-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 22, 2013 http://www.debian.org/security/faq - - Package: denyhosts Vulnerability : Remote denial of ssh service Problem type : remote Debian-specific: no CVE ID : CVE-2013-6890 Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhosts ban arbitrary IP addresses. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6-7+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 2.6-10+deb7u2. For the testing distribution (jessie), this problem has been fixed in version 2.6-10.1. For the unstable distribution (sid), this problem has been fixed in version 2.6-10.1. We recommend that you upgrade your denyhosts packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSty67AAoJEG3bU/KmdcClLHsH/08JpuJ82Zx+bIkahPHMDCgt KwIV0s8ZXWamBSbUflfsxY0KfhozWzzlIqqNfCE7M7VG4TNkctnSSBZdpqDKGypn eYuX/H3dPovLh4Srcx7TF3H9TW2/zv4uddn6xQYsWrKmhwDLcfZ/lR78TKZhnDZI 4fDP0hJ6qWdqE4kP+Qxt3hHxx1SYNJBm+tMaSJANlSaOjE5VPTmTlxf3b5u4bXez jbK73IGXitfDAjvyMePpPJSKrZ6juJTYU+/sOVV0yMJfik1cSJU5VwHAZjtQIk2g QqJFvVfWfqYR6wZIWUvONZI+5x0NvvFBXmjqyTbLb+5JzqKv2UwyVd19KEHvgjM= =GFt6 -END PGP SIGNATURE-
[SECURITY] [DSA 2789-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2789-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 01, 2013 http://www.debian.org/security/faq - - Package: strongswan Vulnerability : Denial of service and authorization bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-6075 A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links. By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a denial of service (daemon crash) or an authorization bypass (impersonating a different user, potentially acquiring VPN permissions she doesn't have). For the oldstable distribution (squeeze), this problem has been fixed in version 4.4.1-5.4. For the stable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u2. For the testing distribution (jessie), this problem has been fixed in version 5.1.0-3. For the unstable distribution (sid), this problem has been fixed in version 5.1.0-3. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSc5xJAAoJEG3bU/KmdcClvQkIAI69hEiVda/4uQt0qnz28LLT spBuPTmn13SMIBz50ot8v1w0BtO4lM5H9DpVCUahZoJzUa/ixhQzjEpqfFnTv1YH 9TZTucpZukLoW/1dJmq6Nsr3oF/WQvPz7fXNB6c0vcD3+OMhKZX8ER1ZzW07oYIk Pxjk6uF+F2vi1tWuZBsW6CiNx1Gqjo+ksoSKYEDh8raGDjwubN3hjGvK4RD8M++p 1R+Uh02Jq9Bkc+fJDqINQ28n0FjLbpM7gu5RGYuTTbieeDujJKgRZiRa9R/0ktTb hAk5qnVJHSy7ZxvFYUn3dHXHGOix7N9zBxILUf6Gio939Df8s9EHj6ycV5z47Gs= =vClG -END PGP SIGNATURE-
[SECURITY] [DSA 2781-1] python-crypto security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2781-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 18, 2013 http://www.debian.org/security/faq - - Package: python-crypto Vulnerability : PRNG not correctly reseeded in some situations Problem type : local Debian-specific: no CVE ID : CVE-2013-1445 Debian Bug : A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the generator when multiple processes are forked from the same parent. This would lead it to generate identical output on all processes, which might leak sensitive values like cryptographic keys. For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.0-2+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 2.6-4+deb7u3. For the testing distribution (jessie), this problem has been fixed in version 2.6.1-2. For the unstable distribution (sid), this problem has been fixed in version 2.6.1-1. We recommend that you upgrade your python-crypto packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSYY6gAAoJEG3bU/KmdcClrR8H/jFkzhCqg52Qyg7jpvqVmCT2 7Xc5xbkfk9zB7DNKrFD16ORnI4NzaWrj56mVz7ZkG/R1yHD8xM7m0Xb2m//EKDMu Of2YdHqmT0T4T1qZ85Se6uAlnzbwzgz3URdBsFQzKFJ59/2khzm4noZlw60OBc/J 1iWGbFu6fnMPjTrv4x3IrJohrXEK5wX8bCKx5XPHA3x7X5M1nUlHu87Oen6cFZYU 8IIc9+zj5R9j2QT4vb+UMxVkrDN6d54qQ8xYNRLpIySfasNDqStEq+8g8lLr/Jcr l9IqgKPeqaRoEyHMAF8AMV/+JIzvejwNioWgOzTIv4JSuLLlPCXG05y5fhsY1ns= =uR3G -END PGP SIGNATURE-
[SECURITY] [DSA 2757-1] wordpress security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2757-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez September 14, 2013 http://www.debian.org/security/faq - - Package: wordpress Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-4338 CVE-2013-4339 CVE-2013-4340 CVE-2013-5738 CVE-2013-5739 Debian Bug : 722537 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade. CVE-2013-4338 Unsafe PHP unserialization in wp-includes/functions.php could cause arbitrary code execution. CVE-2013-4339 Insufficient input validation could result in redirecting or leading a user to another website. CVE-2013-4340 Privilege escalation allowing an user with an author role to create an entry appearing as written by another user. CVE-2013-5738 Insufficient capabilities were required for uploading .html/.html files, making it easier for authenticated users to conduct cross-site scripting attacks (XSS) using crafted html file uploads. CVE-2013-5739 Default Wordpress configuration allowed file upload for .swf/.exe files, making it easier for authenticated users to conduct cross-site scripting attacks (XSS). For the oldstable distribution (squeeze), these problems have been fixed in version 3.6.1+dfsg-1~deb6u1. For the stable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u1. For the testing distribution (jessie), these problems have been fixed in version 3.6.1+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 3.6.1+dfsg-1. We recommend that you upgrade your wordpress packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.21 (GNU/Linux) iQEcBAEBCgAGBQJSNCi5AAoJEG3bU/KmdcCl3mgH/0jQvSeOoHHastL2/ELArLoh ZZs99SSj7fqU3DC36EyEW0m+Pe81OlML793RlRxjAcYgv2VxIvFgFuUpMUZ+y1eC ZnJgxyI6mU6qrZ+2sCRp72Rp+6M9X2Hp8wkfgozrBIYhaQikeJTpy/Z9LZmUnQXh pdTqNCIBHfXfUcXxkHT002RuRdK9m4ROI7sh7qMFJfS1YoKM+dW9ys0mPIXQ07Qd kZjDOb7Arn7c5QxcpEEJTgVYettJyXvupll4JkhLPvePYTkYnE4scn3P58GfGNAp PXLi1c4ed9/KZIOSLWE0qmXARjIBvw28Etc1vudX5pFNvEJQmboSfomZzy8t7VE= =gyM6 -END PGP SIGNATURE-
[SECURITY] [DSA 2718-1] wordpress security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2718-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez July 01, 2013 http://www.debian.org/security/faq - - Package: wordpress Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2173 CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 Debian Bug : 713947 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade. CVE-2013-2173 A denial of service was found in the way wordpress performs hash computation when checking password for protected posts. An attacker supplying carefully crafted input as a password could make the platform use excessive CPU usage CVE-2013-2199 Multiple server-side requests forgery (SSRF) vulnerabilities were found in the HTTP API. This is related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1 CVE-2013-2200 Inadequate checking of a user's capabilities could lead to a privilege escalation, enabling them to publish posts when their user role should not allow for it and to assign posts to other authors CVE-2013-2201 Multiple cross-side scripting (XSS) vulnerabilities due to badly escaped input were found in the media files and plugins upload forms CVE-2013-2202 XML External Entity Injection (XXE) vulnerability via oEmbed responses CVE-2013-2203 A Full path disclosure (FPD) was found in the file upload mechanism. If the upload directory is not writable, the error message returned includes the full directory path CVE-2013-2204 Content spoofing via flash applet in the embedded tinyMCE media plugin CVE-2013-2205 Cross-domain XSS in the embedded SWFupload uploader For the oldstable distribution (squeeze), these problems have been fixed in version 3.5.2+dfsg-1~deb6u1. For the stable distribution (wheezy), these problems have been fixed in version 3.5.2+dfsg-1~deb7u1. For the testing distribution (jessie), these problems have been fixed in version 3.5.2+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 3.5.2+dfsg-1. We recommend that you upgrade your wordpress packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAEBCgAGBQJR0y8CAAoJEG3bU/KmdcClIFwH/R0n5bxsMTIoNlVpZKZwY3/T LMZmw1L7qMV1a32mj4xHRcpAFrHsvSy/aPOedh/9cFGyJ9GJ9UywDlmc/sJjgsHa q4BaxsMEiwF+r5k3oEDstrlvE487BzVITOPX3+yYazY0wDuGINSQbdWAIUOf0HqH AXx+0YII3M4Ct1W/p/L7LcLXj0m3i1OsbCCPqXaSKvIIhVCLkJIrrU40ejPQop3K 9i689xDmJ71QuqprxzhYIWX42Vnm8D1S1Cd4kcXyIVqrfE+WnUWqLkmp2tt00eYQ btRhHZm5qO1EPH5jSLtFpXYl0IhWUq7w3DSlvvPed+6rPz+PGgCZbDoKQ3PruWI= =Pm8a -END PGP SIGNATURE-
[SECURITY] [DSA 2707-1] dbus security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2707-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez June 13, 2013 http://www.debian.org/security/faq - - Package: dbus Vulnerability : denial of service Problem type : local Debian-specific: no CVE ID : CVE-2013-2168 Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 1.6.8-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.6.12-1. For the unstable distribution (sid), this problem has been fixed in version 1.6.12-1. We recommend that you upgrade your dbus packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAEBCgAGBQJRub9QAAoJEG3bU/KmdcClBZ0H/AyRsjX0rH4O1dARNlgtNC8r VdJyuzlKUzEbVxD7o8PV2EDBVU58h+7cQQUvA8l3qNFEKctcfPmJzGlkfuYaZWQg ZlTH6FUA6fYsTrE7fsUUTig/wct12UMNJm+WLkkqWfjTAgwRJpyvwEg10TzwMUYH pyvT86nGLaRIdxILczrfA8W+jDY8Ned4pj/DsKOY9ky+IkS3p9Mq7L/kAqe91Ynd 1HhAU7+9MbUg3UrSjGF7PF4BijR7/cseUiRd0R6oEdrzxXT9kbb57UCso9LcJh76 y/UfFqyetdJqqdyFqBnASHwCE510WmXwwSqSXWTnBpiEwJy7LjaXiCcZx8Ej1wg= =gnak -END PGP SIGNATURE-
[SECURITY] [DSA 2665-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2665-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez April 30, 2013 http://www.debian.org/security/faq - - Package: strongswan Vulnerability : authentication bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-2944 Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution. When using the openssl plugin for ECDSA based authentication, an empty, zeroed or otherwise invalid signature is handled as a legitimate one. An attacker could use a forged signature to authenticate like a legitimate user and gain access to the VPN (and everything protected by this). While the issue looks like CVE-2012-2388 (RSA signature based authentication bypass), it is unrelated. For the stable distribution (squeeze), this problem has been fixed in version 4.4.1-5.3. For the testing distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 4.6.4-7. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRf9owAAoJEG3bU/KmdcClCOUIAJrk1tERsSDSH308tjwSnI2O 7iNJGuo2euCKyp160yk2ZJlCfM+n/7j5Bu95bGzr9u7XvPzzoQD9HMdEZ3Tux/8/ FQ54pFqq/xL1btemBYaPNFr92nppiedLLV2e30OzyAvfHMwPdkRwfsU6LypG6Keb CdljTXadZktCoBPK3hy3z5qNYzN2Ycde3GDFw8hTaYJ+1kZwuTxATpL2+O4YVB+k ecAVf3d/YFMlHajI/e+YEP6COHV/t6dBlyYcQtAH2DHWu5lsltl5v/68ModhXNP3 rCDfu+boGL/672tuN36hcrQLb6KO7CMqXgmEVu5W2jPFBo+1RVKrQNkjxU63+ys= =1nHw -END PGP SIGNATURE-
[SECURITY] [DSA 2663-1] tinc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2663-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez April 22, 2013 http://www.debian.org/security/faq - - Package: tinc Vulnerability : stack based buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-1428 Martin Schobert discovered a stack-based vulnerability in tinc, a virtual private network daemon. When packets are forwarded via TCP, packet length is not checked against the stack buffer length. Authenticated peers could use this to crash the tinc daemon and maybe execute arbitrary code. Note that on Wheezy and Sid, tinc is built using hardening flags and especially stack smashing protection, which should help protect against arbitrary code execution. For the stable distribution (squeeze), this problem has been fixed in version 1.0.13-1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 1.0.19-3. For the unstable distribution (sid), this problem has been fixed in version 1.0.19-3. We recommend that you upgrade your tinc packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRdaZuAAoJEG3bU/KmdcClqMIH/0gueevwYrOuGpJ3A943ZgWT B6R7uKlvMrZshmFQX9tvzFiT9YrTC5/oADF9ujo4abeMaODUhVBoXoFOGuWKV8iV zi3ue09NNxhE5kyA6UQpaEnbamdIegP2cKfmte/s4PePO6tTSb2VpdbqvRGonKWK R1kah9mUOwnZpr6S2hVlyEo3xzD4I+mK/v8Zpj5fy8U63e0vt9NIcB289UO9XaK2 mKHD82C8Y/80SJktRyqWtAfBrboVaggGyHH9OssU6F9SobFSGUWFaGo4HfpcQmdy Lr5J0eVhEOk83nUpV908lWJRm4T+i9oOWmp/MMlCWO/UxnixBLNX3XTw1Y8dXjY= =Ctrc -END PGP SIGNATURE-
[SECURITY] [DSA 2646-1] typo3-src security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2646-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq - - Package: typo3-src Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1842 CVE-2013-1843 Debian Bug : 702574 Typo3, a PHP-based content management system, was found vulnerable to several vulnerabilities. CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values. CVE-2013-1843 Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection. . Note: the fix will break already published links. Upstream advisory on http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/ has more information on how to mitigate that. For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze8. For the testing distribution (wheezy), these problems have been fixed in version 4.5.19+dfsg1-5. For the unstable distribution (sid), these problems have been fixed in version 4.5.19+dfsg1-5. We recommend that you upgrade your typo3-src packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRQ4jPAAoJEG3bU/KmdcClptwIAINmLiZvfU9dO0/hruoZYM/y fSH9+7JXU44hCClEmiM5NxRv5g5Lz7YZ3EUvz8jn9jzVojfsxEu4rtmdkjgUT2FC c0W8D5pTcObgxPqburZKmDn8SAytUJrejC2e8c1jyG8y06e9gulpBj3ziVREIQ50 YnPHUBgX4ePDfPm1CLAApXjxUPsYMkr11rDDcbv6wyknLxhrCO9+mmQ4aWJFuhvr kbIimDeFvuv507RJVq8t270tN9g96Yh5e1WQ1y861UJT+oSQjHywfDEFIPF0z6Q0 f0cA37JdKEGHA8Fri5r81MY1iCorCt3P4421jAflmNcBQLbGPoPePZk2li5Xo6E= =tSil -END PGP SIGNATURE-
[SECURITY] [DSA 2649-1] lighttpd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2649-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq - - Package: lighttpd Vulnerability : fixed socket name in world-writable directory Problem type : local Debian-specific: yes CVE ID : CVE-2013-1427 Debian Bug : Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control socket and for example force the webserver to use a different PHP version. As the fix is in a configuration file lying in /etc, the update won't be enforced if the file has been modified by the administrator. In that case, care should be taken to manually apply the fix. For the stable distribution (squeeze), this problem has been fixed in version 1.4.28-2+squeeze1.3. For the testing distribution (wheezy), this problem has been fixed in version 1.4.31-4. For the unstable distribution (sid), this problem has been fixed in version 1.4.31-4. We recommend that you upgrade your lighttpd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRQ5OpAAoJEG3bU/KmdcClChwH+gIPrukTLA2IOjdgXBPiRhS6 46rJ1yGtoSMscVeJ9ILgT5wWjj+wFiYf5cfgWUUqjfCq3TcOEXtioul3rCShq4ht zS+tp8CqltN80ZjXNzLV9X8ijvJ8tZyVRGFe+uroQSM3CUELU3Ykkeu7hr5EgQPE B8PvrOhrvnPcPUZG4m9Dh92BDfbzv2CRWY51KH6t1/ZZNUHTH208hwENpsOeut3X EbOGJzXgxWyWJCylnAc4Cp8WwCx36hhAU54msMyQxKu2NscGq8a4fmD3/uG98UjT dDD/UlcDGh35OT/+plP5QWnG7ZLCUfTJlAG352DiaV9zegVBJE3f74nbAuKLJI8= =CgMg -END PGP SIGNATURE-
[SECURITY] [DSA 2650-1] libvirt-bin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2650-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq - - Package: libvirt-bin Vulnerability : files and device nodes ownership change to kvm group Problem type : local Debian-specific: yes CVE ID : CVE-2013-1766 Debian Bug : 701649 Bastian Blank discovered that libvirtd, a daemon for management of virtual machines, network and storage, would change ownership of devices files so they would be owned by user `libvirt-qemu` and group `kvm`, which is a general purpose group not specific to libvirt, allowing unintended write access to those devices and files for the kvm group members. For the stable distribution (squeeze), this problem has been fixed in version 0.8.3-5+squeeze4. For the testing distribution (wheezy), this problem has been fixed in version 0.9.12-11. For the unstable distribution (sid), this problem has been fixed in version 0.9.12-11. We recommend that you upgrade your libvirt-bin packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRQ5bcAAoJEG3bU/KmdcClnRUIAJTyuyXmpTUy3duydnI1HD41 fePPjp4JigdxwWNQKW87r/UMkAN237TfIselmSLtTEDxmnwvVedTXBg4KMbwrPNi lyRdHCAH80EJjNWD5K293XUr9nFzvcHLEzPh6SJaIryP2IUGQWMD1zYLHmBm6Mxt TG68imPzm/3jKpmqiieaEE4geZoo8qdKX2Xjtvyl6kTAkXKr2Xx/xuFeoaPhEnDz MbAjJiC0FsNQCH1wrT9cibKpqSzSmtqy0TJGycrnLpDnmrxr6Axjp3eFZvShdPDu RPS7jD3CKCrtox0j4gjqUrIrYfaleQ0CqcU3/1HbdCcSIIT89E+l7BJ5nvoekaY= =qKiJ -END PGP SIGNATURE-
[SECURITY] [DSA 2650-2] libvirt regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2650-2 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 17, 2013 http://www.debian.org/security/faq - - Package: libvirt Vulnerability : files and device nodes ownership change to kvm group Problem type : local Debian-specific: yes CVE ID : CVE-2013-1766 Debian Bug : 701649 The recent security update for libvirt was found to cause a regression. The kvm/qemu processes weren't run as the `kvm` user anymore in order to fix the file/device ownership changes, but the processes where not correctly configured to use the `kvm` group either. When the user would try to run a virtual machine, the process was denied access to the /dev/kvm device node, preventing the virtual machine to run. For the stable distribution (squeeze), this problem has been fixed in version 0.8.3-5+squeeze5. We recommend that you upgrade your libvirt packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRRj1OAAoJEG3bU/KmdcCltXgH/15HV8NfOc8zjnHfbmGoG0ZV ihcLP6zdBOlrdnfl54sGyGXWh2Gw95O8anrYuIUPSlduhHh5XxNXq2nl/+qYORo5 ltpFp82dQuUz0B93QuQ8bYyg6BfM7pXE8G7FkWYbPvd6LzAOp8F1ldTjLwLjWDLP tFQ+YoNK+IW8ZxB7cXxO/szgdblby4ZwHS2tUfNB4+J1/+pwdxKcEoHf43ap528q brEbFq5EcFqPAxnY7f127J5zyFjX6BM/+NmEgNb4NiVW4JqeBguHOed0XmTAIFwt RIzt/kipO/GVGbtk2faMyrTZOvxchq1Kq2wnCgFGJTkP9rS0g44JlnIdIkqqVck= =+lg6 -END PGP SIGNATURE-
[SECURITY] [DSA 2645-1] inetutils security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2645-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 14, 2013 http://www.debian.org/security/faq - - Package: inetutils Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2010-2529 Debian Bug : Ovidiu Mara reported in 2010 a vulnerability in the ping util, commonly used by system and network administrators. By carefully crafting ICMP responses, an attacker could make the ping command hangs. For the stable distribution (squeeze), this problem has been fixed in version 2:1.6-3.1+squeeze2. For the testing distribution (wheezy), this problem has been fixed in version 2:1.9-2. For the unstable distribution (sid), this problem has been fixed in version 2:1.9-2. We recommend that you upgrade your inetutils packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRQj5kAAoJEG3bU/KmdcClNLwH/3/TjaieJysDhZHxV/dMiphk 9A6s25771faSoRphaaB6tq+1ktqLs1FzlnLIyWQRS/F95iQy+yhB39wJe09juh9W udEH/VIwOSfwh7H3GYsbmPQo6c6VGLhJsphFpYrnpwTstquMcgaEvui/KMYfuAv+ Xfv52wcxp8mQH0a7aCS3ivDSy0EI1NJVhEs5YK9QRhf1Rruu8YvbgcBCxwNHRPj9 R2vPXsaRFERgqkPuBmDmA0E/clSCYI7h3AHz/4K5SD+JTHUNYL30Qv5LolZd/sVt DVrF9vcu0quR5JMoXqAtHqG+uK6f3JJVoUlK+YMM0vaU6j3rz5uiD60lHmhiCpc= =Ov9a -END PGP SIGNATURE-
[SECURITY] [DSA 2643-1] puppet security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2643-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 12, 2013 http://www.debian.org/security/faq - - Package: puppet Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 Debian Bug : Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. CVE-2013-1640 An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the `template` or `inline_template` functions during catalog compilation. CVE-2013-1652 An authenticated malicious client may retrieve catalogs from the puppet master that it is not authorized to access. Given a valid certificate and private key, it is possible to construct an HTTP GET request that will return a catalog for an arbitrary client. CVE-2013-1653 An authenticated malicious client may execute arbitrary code on Puppet agents that accept kick connections. Puppet agents are not vulnerable in their default configuration. However, if the Puppet agent is configured to listen for incoming connections, e.g. listen = true, and the agent's auth.conf allows access to the `run` REST endpoint, then an authenticated client can construct an HTTP PUT request to execute arbitrary code on the agent. This issue is made worse by the fact that puppet agents typically run as root. CVE-2013-1654 A bug in Puppet allows SSL connections to be downgraded to SSLv2, which is known to contain design flaw weaknesses This affects SSL connections between puppet agents and master, as well as connections that puppet agents make to third party servers that accept SSLv2 connections. Note that SSLv2 is disabled since OpenSSL 1.0. CVE-2013-1655 An unauthenticated malicious client may send requests to the puppet master, and have the master load code in an unsafe manner. It only affects users whose puppet masters are running ruby 1.9.3 and above. CVE-2013-2274 An authenticated malicious client may execute arbitrary code on the puppet master in its default configuration. Given a valid certificate and private key, a client can construct an HTTP PUT request that is authorized to save the client's own report, but the request will actually cause the puppet master to execute arbitrary code. CVE-2013-2275 The default auth.conf allows an authenticated node to submit a report for any other node, which is a problem for compliance. It has been made more restrictive by default so that a node is only allowed to save its own report. For the stable distribution (squeeze), these problems have been fixed in version 2.6.2-5+squeeze7. For the testing distribution (wheezy), these problems have been fixed in version 2.7.18-3. For the unstable distribution (sid), these problems have been fixed in version 2.7.18-3. We recommend that you upgrade your puppet packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRP7CzAAoJEG3bU/KmdcClzGIIAI90dF51SNHLGAIImu6vXJd2 4PII5l3AeAyL8f7HQWqVgFYrockwsCazs/vgqPdwfDEAnon2C/I4FvpehJo5hd5y dFH01a7KYEvgG1okfiuDk+Pe3AEQsJSbBSyhA/Yw4Uix4wk508TWjvUAUMjRnUn5 yO0dB3b3hj4xgESmKtlXbHpjeQaaVOh5emXLuaV5V9mxCCN0fedIqjKxWd4vN4E9 l7hin1DzuxwkwoKeCGDOjKcSShpHAvwspTsUFZMhcU33Mu2an5j0QgPBhiQthJ1r 5uNeOYyYq+DVD0wjO++Lo2KwUayQUOriL+6y1BUvheyc/o+408/jppJ1JLjIWyg= =Z1A4 -END PGP SIGNATURE-
[SECURITY] [DSA 2633-1] fusionforge security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2633-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez February 26, 2013 http://www.debian.org/security/faq - - Package: fusionforge Vulnerability : privilege escalation Problem type : remote Debian-specific: no CVE ID : CVE-2013-1423 Debian Bug : Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories. For the stable distribution (squeeze), this problem has been fixed in version 5.0.2-5+squeeze2. For the testing (wheezy) and unstable (sid) distribution, theses problems will be fixed soon. We recommend that you upgrade your fusionforge packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRLTAMAAoJEG3bU/KmdcCl43wH/jdpZlJtw7SRsWwPKrqUn8QM ELqf89k6yjIbQt4Ex1ydrQHEFH/yX+B45oZHk6KVI9wkBbssihZRYMcbdEXcYNl5 xduZKZjJfUef4Mp1Qssac6l8NeInPqQZv8dpSS9IpU0UgDYOUayAMIelmQblpssB m87s2Gl2gl+ufi6ESMVyDaMGBiqtAcULKyk9+0v6qCt6p+qkynMcH0e8zxoTBmAZ SJi684GLR0o83RtAo6xRWZsgHrQ+6rkAlC45Cx0LJeHO/8RuRtd9VGTy+aZrJN1+ iuRHX4bKnR6N5xuF7mdieHKEhRgibocqMtoTQYux2aESD8idV1O6p2WwLtpX2wY= =9m5U -END PGP SIGNATURE-
[SECURITY] [DSA 2614-1] libupnp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2614-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez February 01, 2013 http://www.debian.org/security/faq - - Package: libupnp Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 Debian Bug : 699316 Multiple stack-based buffer overflows were discovered in libupnp, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function. An attacker sending carefully crafted SSDP queries to a daemon built on libupnp could generate a buffer overflow, overwriting the stack, leading to the daemon crash and possible remote code execution. For the stable distribution (squeeze), these problems have been fixed in version 1:1.6.6-5+squeeze1. For the testing distribution (wheezy), these problems have been fixed in version 1:1.6.17-1.2. For the unstable distribution (sid), these problems have been fixed in version 1:1.6.17-1.2. We recommend that you upgrade your libupnp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRDOe7AAoJEG3bU/KmdcClR6sH/1tMFZTfqjzSEvU81ck6m7Fs QD5r45u6YpCfjioo9K6RvRdQ1JqU/8R4sSnrJPVJdf7xiEtxEZJ8DG+A7nt60Dmp iBG8RJYU0lc2KeADEiejZy02V/wGRPi+fe931X6Vpqaho6BUWEyXb0xm6qY2MV8n FrJh8aKYjmOjH2WCGSLitsfC0BNpjc++MP9KFQPMLK6lXq68dz/rDnClWinFeEr0 fehtWrdM17az6fLUihwo9TXByH9gZmdFj/F0vlARBzkv29jUlAtu55hS3nbCJUCB 1rH0HifatkkZ2h4guMDC6SmFFHGxI+9JSz9TrfdkUtb6fwPNB4hGP8TT0GAMhag= =MYvI -END PGP SIGNATURE-
[SECURITY] [DSA 2615-1] libupnp4 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2615-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez February 01, 2013 http://www.debian.org/security/faq - - Package: libupnp4 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 Debian Bug : 699459 Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function. An attacker sending carefully crafted SSDP queries to a daemon built on libupnp4 could generate a buffer overflow, overwriting the stack, leading to the daemon crash and possible remote code execution. For the stable distribution (squeeze), these problems have been fixed in version 1.8.0~svn20100507-1+squeeze1. For the testing distribution (wheezy), these problems have been fixed in version 1.8.0~svn20100507-1.2. For the unstable distribution (sid), these problems have been fixed in version 1.8.0~svn20100507-1.2. We recommend that you upgrade your libupnp4 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRDPb/AAoJEG3bU/KmdcClkHcH/3T66iE5QyeUwxE0wGNusOUX Hu4A7ycp8f8PxBbEkU2sQgjTaZ/cDAXc5pf3/McerMBuNp7oBA4Jvmm0IHrrM3As Lkt7f+AE1f6ixpF4OE9NfzZx2EtMDf3KhZwyGGp1BUcXXCYoQoQiFV6A8gcj1ay4 LnksPxFycFhYEs3SLmAXp4HkScQ6zAybtuC4wHI+o/LeMVg2Z94hYJ7E5SiF7iDn /Pm+BzBAsQyQpApHG7a/wIIkfY31DFQB+Rq82nv6VOHqQUlawdcBVB2rN0SA8XMv 5rxV+eQjl5ReOYzoGr7XL7T8d5BJSHXyUfUjKWqYPGqAgRqHaRvn11WkD6OcWwQ= =YQoc -END PGP SIGNATURE-
[SECURITY] [DSA 2610-1] ganglia security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2610-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez January 21, 2013 http://www.debian.org/security/faq - - Package: ganglia Vulnerability : arbitrary script execution Problem type : remote Debian-specific: no CVE ID : CVE-2012-3448 Debian Bug : 683584 Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web browser. For the stable distribution (squeeze), this problem has been fixed in version 3.1.7-1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 3.3.8-1. For the unstable distribution (sid), this problem has been fixed in version 3.3.8-1. We recommend that you upgrade your ganglia packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJQ/aXLAAoJEG3bU/KmdcClDXQH/RPc30ViDfDhv2CqsQ7o6xuI zhDAG0y1JJeJ8o70YDogUykzzGRZL57j9X98dcvtQGw4co65I0tGAXS+UgbSvHa0 rCBk6tY+Gv7BptcXbTkeUnspn4YgAeHbMWTEz1aT1l2oIwoKTSL66Kl++gxSR7qp A1guGTRLW6sQDFG06Pf5Zt69W/fPZ8bhIhvJExrhXwzfn9WioNxetVdjSP/Ebc/c OPMCQ6X9Yk3fA8sJ1ZPdNz1aBE/JuJhVBMv0At07IxKdi8AHhIoATX6jT/YSJqYP oAGsk89Jrs4NmStfTMes0sENOtxa7SvIFPZfSD6/v8LjaQMiOmiV1wSl9BgA+AA= =uUVF -END PGP SIGNATURE-
[SECURITY] [DSA 2611-1] movabletype-opensource security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2611-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez January 22, 2013 http://www.debian.org/security/faq - - Package: movabletype-opensource Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-0209 Debian Bug : 697666 An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries. For the stable distribution (squeeze), this problem has been fixed in version 4.3.8+dfsg-0+squeeze3. For the testing distribution (wheezy), this problem has been fixed in version 5.1.2+dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 5.1.2+dfsg-1. We recommend that you upgrade your movabletype-opensource packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJQ/jMZAAoJEG3bU/KmdcClxhQH/AjkGtmqNV08gRFPbnKvAV/p ovjbaBwCuXCwnMaYL23GCjxwJ2Ic7/jba/6f/Dnm1g6nr0T+ybbMzCjy5fQtpoQz Nu5FMN1mfAGDQbmaruDjWcqOOdUBBv0zWAkDMCiEHJvmVyoCQxBM1/Qtrvph6gmM SJVjd8ZkOrYZVtxEQTwxUw/um/mqKStEhlPYzMBElqYm7zXD2r3L2IrqJZz//8cm yvYOHHVC7dwvcTgUs7bxBjkYRGTbzbynLOc13s9snOKlF7qE8BkDRuCTSzNH5BBg wksakOGqmbjS/stTn8SsZc8tI1NHwzumJUTgOKEC7y9GwQbWzmxhw0Q9ZeNPqRo= =Cn8s -END PGP SIGNATURE-
[SECURITY] [DSA 2583-1] iceweasel security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2583-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 08, 2012 http://www.debian.org/security/faq - - Package: iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829 CVE-2012-5842 Debian Bug : Multiple vulnerabilities have been found in Iceweasel, the Debian web browser based on Mozilla Firefox: CVE-2012-5829 Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. CVE-2012-5842 Multiple unspecified vulnerabilities in the browser engine could allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code. CVE-2012-4207 The HZ-GB-2312 character-set implementation does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. CVE-2012-4201 The evalInSandbox implementation uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. CVE-2012-4216 Use-after-free vulnerability in the gfxFont::GetFontEntry function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. For the stable distribution (squeeze), these problems have been fixed in version 3.5.16-20. For the testing distribution (wheezy), these problems have been fixed in version 10.0.11esr-1. For the unstable distribution (sid), these problems have been fixed in version 10.0.11esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJQwy0CAAoJEG3bU/KmdcClrKYH/2/0FoI6R7xGT0gzjgVj3FwA 7vi8PwbR6tKqu8laFe85fxUanr7Y4wfuSD9buZYMFIKv9WJZVjYVGhly9x7SnV5d dcR20d3ggu9nOQsN6G/J5IsYHBEnaJwMG1/q15+VYlLXPhESX1qW3yZ08FhZJFm6 7hpWYRsqK2mL6DHbBvV49e5bnNrYMO9udYoWgc3XfQ3HWSHvMLCswDLb19kUvnvB reg8r35a3iMtkuINP9MlzlHcX08aGZq4AxfnWRBWWin20EfNACw2J1kLstI1/85D RxRilzAOmi5n2Pfwi3AtdAMmTxtLa1ZS5C0buAEEaVQgHoaxY9WnpOWF5JJGsOQ= =lCjs -END PGP SIGNATURE-
[SECURITY] [DSA 2584-1] iceape security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2584-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 08, 2012 http://www.debian.org/security/faq - - Package: iceape Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829 CVE-2012-5842 Debian Bug : For the stable distribution (squeeze), these problems have been fixed in version 2.0.11-17. For the testing distribution (wheezy), these problems have been fixed in version 2.7.11-1. For the unstable distribution (sid), these problems have been fixed in version 2.7.11-1. We recommend that you upgrade your iceape packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJQw0kOAAoJEG3bU/KmdcCleekH/jz8nZeU/C3XgWYtolzGRkIJ ElCSrMWPv2wulLES/ZqtO6LgHLWA3asP5V5GXCQCO2zNhH1b46grY3VfCgvfuDr7 pY6f4EFerO3gvZoBG668iUssaHLBDxyf2hGKXpzRPFNUu4vGrOpplpueuaQbsPPa LbxSLy1+a7jtUf/vi2SpGaaaNLH4XALgCxOaXrkEZdJI6iXYDgYepThOWIk9mFwz mZvDFI4YxTfoIZzyyYucJ71hu2+IOiok/tVOEAdeP9aayRjFRdyqVpNBCXyS6Z54 3H93xj6TpYAS8PA307mOFmj/m2NTkp5fpe9SysZUWfHTq1K49X8OgIWGq3irJsg= =m0Me -END PGP SIGNATURE-
[SECURITY] [DSA 2582-1] xen security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2582-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 07, 2012 http://www.debian.org/security/faq - - Package: xen Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2011-3131 CVE-2012-4535 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-5510 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 Debian Bug : Multiple denial of service vulnerabilities have been discovered in the xen hypervisor. One of the issue (CVE-2012-5513) could even lead to privilege escalation from guest to host. Some of the recently published Xen Security Advisories (XSA 25 and 28) are not fixed by this update and should be fixed in a future release. CVE-2011-3131 (XSA 5): DoS using I/OMMU faults from PCI-passthrough guest A VM that controls a PCI[E] device directly can cause it to issue DMA requests to invalid addresses. Although these requests are denied by the I/OMMU, the hypervisor needs to handle the interrupt and clear the error from the I/OMMU, and this can be used to live-lock a CPU and potentially hang the host. CVE-2012-4535 (XSA 20): Timer overflow DoS vulnerability A guest which sets a VCPU with an inappropriate deadline can cause an infinite loop in Xen, blocking the affected physical CPU indefinitely. CVE-2012-4537 (XSA 22): Memory mapping failure DoS vulnerability When set_p2m_entry fails, Xen's internal data structures (the p2m and m2p tables) can get out of sync. This failure can be triggered by unusual guest behaviour exhausting the memory reserved for the p2m table. If it happens, subsequent guest-invoked memory operations can cause Xen to fail an assertion and crash. CVE-2012-4538 (XSA 23): Unhooking empty PAE entries DoS vulnerability The HVMOP_pagetable_dying hypercall does not correctly check the caller's pagetable state, leading to a hypervisor crash. CVE-2012-4539 (XSA 24): Grant table hypercall infinite loop DoS vulnerability Due to inappropriate duplicate use of the same loop control variable, passing bad arguments to GNTTABOP_get_status_frames can cause an infinite loop in the compat hypercall handler. CVE-2012-5510 (XSA 26): Grant table version switch list corruption vulnerability Downgrading the grant table version of a guest involves freeing its status pages. This freeing was incomplete - the page(s) are freed back to the allocator, but not removed from the domain's tracking list. This would cause list corruption, eventually leading to a hypervisor crash. CVE-2012-5513 (XSA 29): XENMEM_exchange may overwrite hypervisor memory The handler for XENMEM_exchange accesses guest memory without range checking the guest provided addresses, thus allowing these accesses to include the hypervisor reserved range. . A malicious guest administrator can cause Xen to crash. If the out of address space bounds access does not lead to a crash, a carefully crafted privilege escalation cannot be excluded, even though the guest doesn't itself control the values written. CVE-2012-5514 (XSA 30): Broken error handling in guest_physmap_mark_populate_on_demand() guest_physmap_mark_populate_on_demand(), before carrying out its actual operation, checks that the subject GFNs are not in use. If that check fails, the code prints a message and bypasses the gfn_unlock() matching the gfn_lock() carried out before entering the loop. . A malicious guest administrator can then use it to cause Xen to hang. CVE-2012-5515 (XSA 31): Several memory hypercall operations allow invalid extent order values Allowing arbitrary extent_order input values for XENMEM_decrease_reservation, XENMEM_populate_physmap, and XENMEM_exchange can cause arbitrarily long time being spent in loops without allowing vital other code to get a chance to execute. This may also cause inconsistent state resulting at the completion of these hypercalls. For the stable distribution (squeeze), these problems have been fixed in version 4.0.1-5.5. For the testing distribution (wheezy), these problems have been fixed in version 4.1.3-6. For the unstable distribution (sid), these problems have been fixed in version 4.1.3-6. We recommend that you upgrade your xen packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http
[SECURITY] [DSA 2581-1] mysql-5.1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2581-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 04, 2012 http://www.debian.org/security/faq - - Package: mysql-5.1 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-3150 CVE-2012-3158 CVE-2012-3160 CVE-2012-3163 CVE-2012-3166 CVE-2012-3167 CVE-2012-3173 CVE-2012-3177 CVE-2012-3180 CVE-2012-3197 CVE-2012-5611 Debian Bug : 690778 695001 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes at: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-66.html For the testing distribution (wheezy) and unstable distribution (sid), these problems have been fixed in version 5.5.28+dfsg-1. Additionally, CVE-2012-5611 has been fixed in this upload. The vulnerability (discovered independently by Tomas Hoger from the Red Hat Security Response Team and king cope) is a stack-based buffer overflow in acl_get() when checking user access to a database. Using a carefully crafted database name, an already authenticated MySQL user could make the server crash or even execute arbitrary code as the mysql system user. For the stable distribution (squeeze), this problem has been fixed in version 5.1.66-0+squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your mysql-5.1 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJQvZ/WAAoJEG3bU/KmdcClarEIAJ9nKbUELxjb1eksmEGOXkYr x2WM+6XPVAN+4JKwwFyXCNYJbTPG5J3EM090YguqfnoWvVHZaPbcciymDOyNwPh3 x9Dm7lBNla2/fPvgEsA8enGaQdIrHnOy13Lj4e4Mu/3g1nSBp0eGZIVT6TVy9BJO Hiqds0BZDqHuG/SGtWNsMLs6dMH4iYVcvcK3NFyFh6zt8O73Cbe0xIYDDuwO0uwj HoUk6WxK2qs7auir+XkAShdQAj7KjL7Zs3LmLPaH1oUKvRD/IYJw14NRkdeU8CC5 Jz9sdTICSYxYe11zITXYdF4UYRLpF7W8jW6WDPM5kkZWPTjtUkUB0jcdeFQP6v4= =D3mt -END PGP SIGNATURE-
[SECURITY] [DSA 2577-1] libssh security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2577-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 01, 2012 http://www.debian.org/security/faq - - Package: libssh Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-4559 CVE-2012-4561 CVE-2012-4562 Debian Bug Multiple vulnerabilities were discovered in libssh by Florian Weimer and Xi Wang: CVE-2012-4559: multiple double free() flaws CVE-2012-4561: multiple invalid free() flaws CVE-2012-4562: multiple improper overflow checks Those could lead to a denial of service by making an ssh client linked to libssh crash, and maybe even arbitrary code execution. For the stable distribution (squeeze), these problems have been fixed in version 0.4.5-3+squeeze1. For the testing distribution (wheezy), these problems have been fixed in version 0.5.3-1. For the unstable distribution (sid), these problems have been fixed in version 0.5.3-1. We recommend that you upgrade your libssh packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJQuhCHAAoJEG3bU/KmdcClhN8H/2WeI/NZK6IvKI3JKRniLQxn Z4RnjjW1au4yZ4b32+qVpLYQ0m8v5kuT5jR2geN95ZXCqk4iY4Jzg38iC1b2CPT5 8hs8y8uvzHwTgia/Rvi4fb9JnDun7bOn3ZInTGkSPpMx+bK38hRKLJ3BOzHsIfwD WbLlm+Emhd+MJLj3GWoTudd/2wift1ATN7vQG+Dy+budAu9sVv2g3d3fvHGo9ggG L6XCPRFzONwMgQT6jAwi2GcZYzJ8xK7KP4ELzjnf5yMKxuz2l026mhFK1JwErfWy N/Rit3gcQ4hek+VSM9JCC5l9lzkvzE6Ldkc1CZu+kkU1Itt2Lez6zfwIJVdYRdc= =pMqn -END PGP SIGNATURE-
Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
On dim., 2012-12-02 at 21:17 +0100, king cope wrote: My opinion is that the FILE to admin privilege elevation should be patched. What is the reason to have FILE and ADMIN privileges seperated when with this exploit FILE privileges equate to ALL ADMIN privileges. Maybe because you might not want admins to have read/write access to the filesystem anyway? Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
[SECURITY] [DSA 2578-1] rssh security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2578-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 28, 2012 http://www.debian.org/security/faq - - Package: rssh Vulnerability : insufficient filtering of rsync command line Problem type : remote Debian-specific: no CVE ID : CVE-2012-2251 CVE-2012-2252 Debian Bug : James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned: CVE-2012-2251 Incorrect filtering of command line when using rsync protocol. It was for example possible to pass dangerous options after a -- switch. The rsync protocol support has been added in a Debian (and Fedora/Red Hat) specific patch, so this vulnerability doesn't affect upstream. CVE-2012-2251 Incorrect filtering of the --rsh option: the filter preventing usage of the --rsh= option would not prevent passing --rsh. This vulnerability affects upstream code. For the stable distribution (squeeze), this problem has been fixed in version 2.3.2-13squeeze2. For the testing distribution (wheezy), this problem has been fixed in version 2.3.3-6. For the unstable distribution (sid), this problem has been fixed in version 2.3.3-6. We recommend that you upgrade your rssh packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJQtUm5AAoJEG3bU/KmdcCl+mYH/i+Qu3RJaGkNZhz0JphBAMvT L2g1dbzNQOAePwvo69XIhNuAVAAqltV2N/GRvdlBORR7/W1NO9QOBodPwTkf4N9e enl9z9+Wxb9Z1NgRCkAjTd6rkdzxFPpAzTe4uF4WfUH306lbTDHZyR3KZgEFqOdS /16vbWoQ2QYz/hjIdlQI4GArBL+AZ5Fucq5oFqb5VcXv63Yi0U9qTliYH4iO/rzf CkDbm7cdD7bO7LbshEqC+Cz1khVDfIG/KakzByxoNgcvMCoyhE5v8QNp6qnCPf3U 2yZ+8X5rm3on0j6YUF7+qeBTcLSAinHY+6Qzq9r+T7/xa77N+NGWUmW18EkYup8= =Rfew -END PGP SIGNATURE-
[SECURITY] [DSA 2576-1] trousers security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2576-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 23, 2012 http://www.debian.org/security/faq - - Package: trousers Vulnerability : denial of service Problem type : local Debian-specific: no CVE ID : CVE-2012-0698 Debian Bug : 692649 Andy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing a of input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault. For the stable distribution (squeeze), this problem has been fixed in version 0.3.5-2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 0.3.9-1. For the unstable distribution (sid), this problem has been fixed in version 0.3.9-1. We recommend that you upgrade your trousers packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJQrxduAAoJEG3bU/KmdcCl5NsH/0lRow6hryWbDPJ1/pnKgh2D DYdlyHoOyd16L1070p4I0lwTjUiOHDOkKpzURLypCjRXCwTi3SnZEof9PzOa+u2A BOLonQKwaDth2Z10YrcNv/u8+XjKHqBuT1H9HPYg24aSPRwY2jCkrDas6HrOsj4X /WNV5UeJe/VvtDpIl24Ce9CC8QRMWBTtaUi02upelgjd0HAChoZxvXmL0qdN8h7f CgXSpk8pcstU51lcH9/5C6zD6X0ej2O1yd8ddz4f4mllr0jm/aN0qGARS6y41Fiz +/Rv5DkR1am1482qP/FLbB/43I4LwrPXrfZIMDkYPnK0jqav2+D9s/MeX0Kj3Ag= =0xCk -END PGP SIGNATURE-
[SECURITY] [DSA 2570-1] openoffice.org security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2570-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 31, 2012 http://www.debian.org/security/faq - - Package: openoffice.org Vulnerability : remote Problem type : remote Debian-specific: no CVE ID : CVE-2012-4233 Debian Bug : High-Tech Bridge SA Security Research Lab discovered multiple null-pointer dereferences based vulnerabilities in OpenOffice which could cause application crash or even arbitrary code execution using specially crafted files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (MS Powerpoint 2003) and XLS (MS Excel 2003). For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.1-11+squeeze8. openoffice.org package has been replaced by libreoffice in testing (wheezy) and unstable (sid) distributions. For the testing distribution (wheezy), this problem has been fixed in version 1:3.5.4+dfsg-3. For the unstable distribution (sid), this problem has been fixed in version 1:3.5.4+dfsg-3. We recommend that you upgrade your openoffice.org packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBCgAGBQJQkYwEAAoJEDBVD3hx7wuoofcQAL40FW6uvEF8FQxJN1Sz46qK +9or2c+iRRF3eDuOBEHgECw0Knas33m/sLYIt2w7wywTLpO4FNgggeJXRY5P57oo I2EFo4ZnHSCa/kYGNkE6NuE+ZCDDJ8og+d8G7TxHbHMpWJXxWneEKlXhqB1nT0WQ t7TboxKXItxj82ezYClehkXCbK1v0t10rZipagwq7aZ5DPxSJ4GTBbFaJ96NLPqk aAZKO+yik+g+zFpy3y7EYPXseiTsW68pHQS+W/SvK6iTIHGHgKgZCFAlTAtVyQ// Vs82HkLWzGl/Bcm5o/Vght0rc0ZAEUBfpTiDfVTkAlmniao03YKD7wr3Ieqm9PXD hXgSy8x10DoLoZbdYPKG6M6To0jO4+8VidLd5nY48+TK//p3ZEEABuY5PP+OFIyI 7+vcLLvL/VeHguLJuKDqoK24YVsebCK6laNxIehtbvvJWz6qZzj7SfieVrVeaSgB 62XDCghfrhIlV23W/U85e0QRcEKbLzGxw1JFcbwmZh/7QMO3MixYvI9JJ7TQt/1r 9ZOqbfPiBVHzA0vEh5PK+L1C3idyh9pOT0Aoo9ZfTLt09P4CtWd3HTFZ8L+reaOi pWzV4REyhhFYo+4BsAgb4cT6fTW9x0Qh0P9b0rLWv2dCtqmpktKkVoXXzfCz/Pqp rKYAuypU8eo4B+Jq2O+p =hToM -END PGP SIGNATURE-
[SECURITY] [DSA 2559-1] libexif security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2559-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 11, 2012 http://www.debian.org/security/faq - - Package: libexif Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 Debian Bug : 681454 Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files. CVE-2012-2812: A heap-based out-of-bounds array read in the exif_entry_get_value function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. CVE-2012-2813: A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. CVE-2012-2814: A buffer overflow in the exif_entry_format_value function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags. CVE-2012-2836: A heap-based out-of-bounds array read in the exif_data_load_data function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. CVE-2012-2837: A divide-by-zero error in the mnote_olympus_entry_get_value function while formatting EXIF maker note tags allows remote attackers to cause a denial of service via an image with crafted EXIF tags. CVE-2012-2840: An off-by-one error in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags. CVE-2012-2841: An integer underflow in the exif_entry_get_value function can cause a heap overflow and potentially arbitrary code execution while formatting an EXIF tag, if the function is called with a buffer size parameter equal to zero or one. For the stable distribution (squeeze), these problems have been fixed in version 0.6.19-1+squeeze1. For the testing distribution (wheezy), these problems have been fixed in version 0.6.20-3. For the unstable distribution (sid), these problems have been fixed in version 0.6.20-3. We recommend that you upgrade your libexif packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQfvyyAAoJEDBVD3hx7wuokjIP/0GYTVVQxdJ2w5m9aESs9hD+ qzmGxqMCga1XrL14scr6gvX6X2sDSc6Bbt8OKGz+ZCgGh3D9HTsd/YGxlHhJ4rhw /jCpwFPlJrrkWRmgj2dCgPQg5aAXs8YJTkYLBu2Qg9DZD/6D8WBeZGQnw9+hIF72 XTWOT9KHn5AXZcJBsz2Aln4HRCfP1zYZbCtvltvtU9i9eQ+Y366mnZf19xyxPNgD cAf/8y5c4sJiCd5HOQbA09gCXGWEJJ34HSGUV1bjNQ1gkRVaJDVwDdaqkPn+ZtGH Q2l61kpzrL2M8XSGbwuxsjRIo+3eZINnwCN6QayCwg5PYwF7gUfnQrbi2yFTBjJI pVooUNbsNA1nrw6AVLyQR3PHFcs/AfEsH7V0WLOiFnun2oIf6PaKCpJq0ZDRT/Bd oGiCFB/EOpjk0Tp4dK8iRNqu5lnV5zKtmlTAe/8aS5QBJl+lO0m8kIL0TsNeECza du3/kIbDaQeThie//fwnStRmmPCWjMHVZeIkO7tkckFUBs985Azn4P5kaJWhBQBa iClvJofkKJne9URZ1QpSSNQxyZDkmK2pjeHYKT3mve5wlkjJzKPj1VOV5Q2GSo5P D4DjEVEVrfz1MUVAVJn26+EH3vORsiAOPlH4KvIY0IRk9/WBF9MiWhIBxBu4QSAF oRBmddwCK1BeXh9VR6X9 =Fb7l -END PGP SIGNATURE-
[SECURITY] [DSA 2554-1] iceape security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2554-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez September 26, 2012 http://www.debian.org/security/faq - - Package: iceape Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3959 CVE-2012-3962 CVE-2012-3969 CVE-2012-3972 CVE-2012-3978 Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey. The reported vulnerabilities could lead to the execution of arbitrary code or the bypass of content-loading restrictions via the location object. For the stable distribution (squeeze), these problems have been fixed in version 2.0.11-15. For the testing distribution (wheezy), these problems have been fixed in version 2.7.7-1. For the unstable distribution (sid), these problems have been fixed in version 2.7.7-1. We recommend that you upgrade your iceape packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQY1DPAAoJEDBVD3hx7wuoHeQP/1K1AlAAaw9fubwyFuI4DVEQ M6HpgcoxZsb9wfjl/KEqfsTf01MpEZzw/lZ2x6AZwFSOtAnwKRAxEbfNijsq+xuJ fJQYBetMvXYUVCPUUGJGhqh7UEMuXR9ErRpeJTpdhdgI/0HRM6OG3i+Ne61gxBoW man9nxd/2aZl4qkwb5aCiNYHY0ZYzUxiL/svqS4SWCcJdXRfxW2hyCWks2PyAsxr nlFZGsuVw90f8DOtExTp3yXVc1yl40nRVeDF1kugxDaDXK/gsNUclIuqPu7NqMV0 2wdNQgdthxQUdaM/Dg8Zm1VNmjaVCtfDvT5MDQXSy9KH7djYBKQ8anMP8ViIh+vT aA6OE9Qi1/gF/khW5q4S4aV2gKei9AHJOHZcvU9GQFjFC5Q8KCS5y8d0FE8RQZhg s4mvf8fycRdIag6qkDLdqNZCuJJPgtkJXv2qg8NtFdlgIXw0M1MqIJnoZUKhbkdl H2VmEWoiHx6LCUcu70FD2eWxrNk17iJXpVj75DsciR6ddqqvlc5W2fATX4z0vjTm tBAJIBZpL1nYln30IghYEqXu2X6zDhrCi83zVWDneqMd7JKPMKfB1i2Woo/8jQZO 329bBIOiL89gC9xiOpJDDEKwXZgmSUERaNA6s8E8H1dZv+ucxplIEUs/l5ZJqEoB uhlarj7gN2zbks21bpQv =wRJq -END PGP SIGNATURE-
[SECURITY] [DSA 2522-1] fckeditor security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2522-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez August 05, 2012http://www.debian.org/security/faq - - Package: fckeditor Vulnerability : cross site scripting Problem type : remote Debian-specific: no CVE ID : CVE-2012-4000 Debian Bug : 683418 Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web. For the stable distribution (squeeze), this problem has been fixed in version 1:2.6.6-1squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 1:2.6.6-3. For the unstable distribution (sid), this problem has been fixed in version 1:2.6.6-3. We recommend that you upgrade your fckeditor packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQH37dAAoJEDBVD3hx7wuovjQP/0aoCME4eFFseyirINsdsaqV Binmmhsl5sY2G48EiMyEq3RH0eSg2Pip3MA6JJCErdhYvAA4FGEIM3jiSymEIyxE avnKrbVxR1xH8cFJXVyMdu7za6dBFydW6ZUAT7P5+hPVoaGwQ3R4EwSVBlNV5PHr CQCr6pG/mICUiYyAWC23VeL6PHO7hIS5Evi33DW6wOQg/NB8ERsACt8NIirFSAAB gbPg6ny7x+mioxxGrUzh7XZe7aRYjjk0CFdmgmcpMjEB7h++6qwGlbWLhPt3ddeC Iwmui85FHIgINTqRIuPszpub5IBkn7A3qUiMl6yzd/Igdjlb5oJt40C6mQ2nrXMj DBo5AGxq/Xv3QXyFrpuIXcS7G1hlpef7c0ofFAkNCKKMQllYhqdLUp6kTB+6yWCx aPjtRnnvn3co6zkNpmWnCh2DQ65taY3CDxdymfEOTeAZEvFv5R9Ge+Q0jQO+6xLV teGnZIHf1znOFj3nfUKTOyI+s6FWXFsaYaYnsXuQnZzBlc8opM2IILYd/MQqIiH+ zMaosJraYlP8Om8XGd2NUFmigYzi6x3klwWsbRHaowgC9OxL1AlAZDs9maLu+Q2C aSqhUd3xd5dikc1Eu23kdetKotjpyj4LzMP3gAdcIUtqd/N1vrMT8Cj3tSdueJwO 1kY5sLaI9j1nsx8QPftT =rOo8 -END PGP SIGNATURE-
[SECURITY] [DSA 2520-1] openoffice.org security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2520-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez August 01, 2012http://www.debian.org/security/faq - - Package: openoffice.org Vulnerability : Multiple heap-based buffer overflows Problem type : local Debian-specific: no CVE ID : CVE-2012-2665 Debian Bug : Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution. For the stable distribution (squeeze), this problem has been fixed in version 3.2.1-11+squeeze7. openoffice.org package has been replaced by libreoffice in testing (wheezy) and unstable (sid) distributions. For the testing distribution (wheezy), this problem has been fixed in version 1:3.5.4-7. For the unstable distribution (sid), this problem has been fixed in version 1:3.5.4-7. We recommend that you upgrade your openoffice.org packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQGtV4AAoJEDBVD3hx7wuokBsP/3t05CwoFnMJJMNq6XhkvyPP dSRYYdNQA5XH6Pd1YQH7h6XVZKjeQafY1SIpr1zrbFTl3rJkuDR817HhLdkoZZHC 8JbHvp9mzUbT8Y6Hhbq/Cc+5BaPtfiOHhymF1BJQAlO+O2KlD4MuZsVGlFmUuV7v KJtTyJT7tHx3ntmqylamH1+9nDzKXGplsRddZFFWmS9N0cZoji3Nh45G6nN94sdr OUqsNUC2lFqEgldUjyeRc5QL2uINM3+NPcU9zpdMNBYDm5DZBxDOeEU/asdBfgPs mjX4vbXsPiaxPL78pvfIhz/fTE68pkCebdNZC41d+mkqpdJIq0vGvYHlZ2Lz0E+T BhwBRw1oesz08DA6+dy/beIeIL8ASAvVE/eQdzfCVMLMqLkQKClj+XybKv2/LT+l UN70miF9eeosAAB70208G+N4DR3QYv3s3h7ZBHfJJC/1UUBllfoiJHpb+QpZhnyI HwwrdDvMT/PmmN+3IL9aa6hWKyJuV7lX+Rq/jRzEZB+w7EcR145vSCM68lpdjZ3X cVQaT/iw243j4koBm865SzCRKfKayWfvAa8vj2PI/I79MHNcfuu+d6brDVDW6m02 gQAwjT8UVyfwtNwovVtxi4csjBsX/cByFHQs6nyFdmjlbaN0xq0As40MgzZAdSXl IKI70drvK8OCEexPfzf9 =ymEK -END PGP SIGNATURE-
[SECURITY] [DSA 2518-1] krb5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2518-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez July 31, 2012 http://www.debian.org/security/faq - - Package: krb5 Vulnerability : denial of service and remote code execution Problem type : remote Debian-specific: no CVE ID : CVE-2012-1014 CVE-2012-1015 Debian Bug : 683429 Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol. CVE-2012-1014 By sending specially crafted AS-REQ (Authentication Service Request) to a KDC (Key Distribution Center), an attacker could make it free an uninitialized pointer, corrupting the heap. This can lead to process crash or even arbitrary code execution. . This CVE only affects testing (wheezy) and unstable (sid) distributions. CVE-2012-1015 By sending specially crafted AS-REQ to a KDC, an attacker could make it dereference an uninitialized pointer, leading to process crash or even arbitrary code execution In both cases, arbitrary code execution is believed to be difficult to achieve, but might not be impossible. For the stable distribution (squeeze), this problem has been fixed in version 1.8.3+dfsg-4squeeze6. For the testing distribution (wheezy), this problem has been fixed in version 1.10.1+dfsg-2. For the unstable distribution (sid), this problem has been fixed in version 1.10.1+dfsg-2. We recommend that you upgrade your krb5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQGDhVAAoJEDBVD3hx7wuohhAQAMvfn2GpJ183+cRUkU2BU0nb pNwX+RyE9PzxmROfnWQK+B5e4d/p85WVI+JIsqxRTdSU9exQW7Ix0KecFUOIDpih UapoKsfyAsq1MuHP+zzhzITrjn/N0nLAWVLmhEiGYAXsSqhF9ANtHqEAVl4LMBFs yM8mIOT1t2oBbWrdqDEObqzCHuXcF6zxOiO9V55yBima8qgKJaMfdwhexVCNgy2H s07Z/Bip1X0MOQVt39OQ8gjpxLVKjCkLIzXKnGahFcthMxbT7JUFlgkqOUEhb8hz C4aMWQ7VmaVyHRMoNQ36nbEeFOa1lbtFAUG1NtIAK4xc3yuUgzUAuiABtrlzOEE+ isTWYIFX6pAxxjmjDLXs+WzbsdbUg2WNpAT7yMlYpr8X1Fbspc4Q4cotXvOkxMDy ZiztFrxLIwRzPKqz3mAR2aMMv+C15jAAkfI8TWY44uT7Nao8r7SkghhhW9XTHq/u kjamNAqkdbeUN6Uv6LjKqtWcFHNDp/ybopx4eEAs9g49iYHjhIxeYSuZi9ezt69m 3aHE1+wRyQkYRXGTgQCSsEsQTmKG/GYsxbXz7AHTHeBKysXhozgXaVUP7mC4PhP6 IQl3TNPS7+ICDR/WmNecmDXnJSjiLr2Cxu05s6kdZufk2YuUmLKsDOwqdUK9zs5L akNPAoiNvi30U+3tc07c =lkou -END PGP SIGNATURE-
[SECURITY] [DSA 2508-1] kfreebsd-8 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2508-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez July 22, 2012 http://www.debian.org/security/faq - - Package: kfreebsd-8 Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE ID : CVE-2012-0217 Debian Bug : 677297 Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users. For the stable distribution (squeeze), this problem has been fixed in version 8.1+dfsg-8+squeeze3. For the testing distribution (wheezy), this problem has been fixed in version 8.3-4. For the unstable distribution (sid), this problem has been fixed in version 8.3-4. We recommend that you upgrade your kfreebsd-8 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQC/BGAAoJEDBVD3hx7wuoI5kQAJYu29HG2VQ4hXZoEtyVIkYh 9h/IEGcblTfKtwLFec+x79uyyCf6/mdJbjyujRlGXmMG2fA09Im4wSI34BkV44No mMp4vmM6Xwf5EX0bEoGSRn78vgMEpgEybIZ1m691u8Au1wQ2t9FqLsnWtQ5l5f9w b2k19MPGpygwBgwyeUpLXDXbytkpqg0NoQLbDmwHvWti0GvbwutkRMPSJwRH7Ifv OBWa9H85AXj7p/qZA9LtAMCeOy/s8WWDT5iILRqSvKcdJXJkuc6Qpzc3MwiiPz64 bH0lrcpWRGmMjrTdJLiCLY4Y35s4ClGGB/JN+8drMl9N3NENiLLsgYhr5gtM3Y2Q C0HnYLRHgt27QxUWKJk1B0Ale3W4H3YfqYZ9405LjbPxOmXrMuj9ZgaSBIjs2s4U VbLcZnvhWiOp6ep2KSQ5gkC6tBHKMT6y03ONqKI7oBuY6c2mGozNerGdEhh11q7G PXPZg6XEZ/qQ3K+0J3TKiJh7L8EunLdCkYdGH8RJfIdv2jGSlIv9c5XehIhucWKG oSPMZyHK2DqHh71jo/5JbVYEr9fQufhbXewNjIc6i6GQY0jRgPw09cL2gXIfip4L wbdAYORGPQNXccwgQaaNRbz4r9rvrf9GIisrdnB9f5fTmQ2lbreG5dD3AYMwemAP KcijNtCKiz52Fap9LWxX =DH+Y -END PGP SIGNATURE-
[SECURITY] [DSA 2506-1] libapache-mod-security security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2506-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq - - Package: libapache-mod-security Vulnerability : modsecurity bypass Problem type : remote Debian-specific: no CVE ID : CVE-2012-2751 Debian Bug : #678529 Qualys Vulnerability Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both 'Content:Disposition: attachment' and 'Content-Type: multipart' were present in HTTP headers, the vulernability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents. For the stable distribution (squeeze), this problem has been fixed in version 2.5.12-1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 2.6.6-1. For the unstable distribution (sid), this problem has been fixed in version 2.6.6-1. In testing and unstable distribution, the source package has been renamed to modsecurity-apache. We recommend that you upgrade your libapache-mod-security packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJP8gUJAAoJEDBVD3hx7wuorYsP/0piBkdat3z+hEkDTyfz4H/E hok0hpNg0IuO1Sum8qILokOwA9cZI9v8s76MMG2hfh15oL1Ix05ltGCuYOT4v3JY ZuAOULoIxZvXOljy7gXLOBv1lW/b6BsHkxzfj3uc2xBd9vcVPjjo6lvJkt9WG1o8 0mvm6Ag3P1EgYrjLCfWFBWCKZIq3ZXeeNrgwnFcF499lFAnfwinf6IrdaTxzbeLV 9m9wmboEMe6848kA0gfeGBbhGvMZ94jB2hOSITQVs3YxPQP4kWiVlPcHMRM+noDq 4UYBzHPx+8o1F8rPUEt77wBCnwrkttGLX3AAAdKmgmNk4myasY923SoeZ8aGIg4l YKbNCeDl0onJ8/3HGLHPWHxJ5eJC9sWV/6ejkzJGeMtXrD4/4/wRkajiSYDJDcf8 1PedmqBr7L91eCJ0QyHXTLNxOhzVzxmvjE5ZVfjko29y0QA/EYJcwKhsRWgHPuwB 8GxvI7FLrYBw2xGAL/m/dLazWGITlcAo9rj7QxMQrmjBH6OmDp67gGj11BkX0GmC VJH7YYyLDbbkkdstzXbNRPY/Th3/kN2MjqDccozX6CJ+WtrsxksuvfpxNCVMNd9a 8L4MlzpGsw63gv39/taG2KIlm+4nx+rIIVabctmwYfksR8PVewiP6QrEvlMAXYal qH+3QNggxR338GPlR+Vv =3M0X -END PGP SIGNATURE-
[SECURITY] [DSA 2498-1] dhcpcd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2498-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez June 23, 2012 http://www.debian.org/security/faq - - Package: dhcpcd Vulnerability : remote stack overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-2152 Debian Bug : #671265 It was discovered that dhcpcd, a DHCP client, was vulnerable to a stack overflow. A malformed DHCP message could crash the client, causing a denial of service, and potentially remote code execution through properly designed malicous DHCP packets. For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.3-5+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 1:3.2.3-11. For the unstable distribution (sid), this problem has been fixed in version 1:3.2.3-11. We recommend that you upgrade your dhcpcd package. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJP52AwAAoJEDBVD3hx7wuoCkcQANmkWRLHyxzRfYFcnYmv137e 1mTjyDavnytTXiRA1x3cDsS9kZMgO/NUFDfCP6tTVqB3tYnwFdP4pr8eaqj2CIQD WLCVFd3BcGXeWni959gY5KEr/F7te5z1HawbZJrDzTv3jOUJB5mP5kfPpwN2Cx8F Zv0DzO7lxb6ogbEzQOY8GV47CDQov8msBSPiaKSgTbamKh9i7FXvfOgDaY8xAB4+ GLAvgPzXe9Mvz6vVjt//pHlqOtJXBBn4IPf3ESJO2Pk9KEHlEInCxXUuak4w7kGn yN4Ao40YwgpZDvN8HvXDeOwlAtYaZSFKXQT190aL+ZgVmBEGr+dhTDEoFkBrILXT lB64mIEOaM+xrIlr03k0pdhGrldvnkYnmOAppRkhtK8di1ElidLMiGUrNGJ/jD9Y YC28h3K/TVUY5veQaR9raGVu5/NOguDcwNbi+REB1ZYVVvB6Fd2FX1LJvqV06w/q OJqr7OfyUb1rbxZQG1VD/tLKJQI9UmNovj910t9ne6Vjbv5rAt7WCmLSdKMjvhcR B2Ke0ptetb8+wWpm295B7i03jtL6URm/ILxtwTbLzMIK7CRw2ABbuDjpE8uYL52V 9utjelsq29PqrWuf1KeawcPd3IK8FyTNIwj/wls8H+LiCfy78WOmUQmLsIeHU9G9 O59HjbsoUZzQ+RTkoTcx =iUQH -END PGP SIGNATURE-
[SECURITY] [DSA 2481-1] arpwatch security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2481-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez June 2, 2012 http://www.debian.org/security/faq - - Package: arpwatch Vulnerability : fails to drop supplementary groups Problem type : remote Debian-specific: no CVE ID : CVE-2012-2653 Debian Bug : 674715 Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses. For the stable distribution (squeeze), this problem has been fixed in version 2.1a15-1.1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 2.1a15-1.2. For the unstable distribution (sid), this problem has been fixed in version 2.1a15-1.2. We recommend that you upgrade your arpwatch packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJPygvjAAoJEOxfUAG2iX57kQMH/3fZNWPAbXpbn2EYmZsZZBqc LVBPBL+qp++Ym/dNqm/TKop0+FSVeF3rGpTq1l9HOk6BNMm2jNZvVJ9/OF6vvIZD zTKEDtqYNbHPMapr/zU7py5Qb/XL2prFlFjfd3A5HXCeLc1dptuhlbyUVkJYjsga P9QJMphQ5U4CiL9EYV5xM5Co6WAlR13SFrX1cBV7il+OxpGK+lUV4NckocoQk4mG Su3ImPyCpTbxprZH5BuPjSsGqKB6M6EKIiAA7KvTPfbNyWro53WTg7fChhEJbGzO X4nZI1eQXJLOCDyYWZekdUFGKb4OsxQPAqRmZJnrURpxB66YWIAzyipE5UfeELI= =nMw+ -END PGP SIGNATURE-
[SECURITY] [DSA 2482-1] arpwatch security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2482-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez June 2, 2012 http://www.debian.org/security/faq - - Package: libgdata Vulnerability : insufficient certificate validation Problem type : remote Debian-specific: no CVE ID : CVE-2012-2653 Debian Bug : 664032 Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an https connection. For the stable distribution (squeeze), this problem has been fixed in version 0.6.4-2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 0.10.2-1. For the unstable distribution (sid), this problem has been fixed in version 0.10.2-1. We recommend that you upgrade your libgdata packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJPygyBAAoJEOxfUAG2iX57khMIAMxbExHsAKz+hHW+0OkfbfKN IZ9JChzsA+I56DIqpUXGGw2cTFvxEjHjpDaH3JDX+zj0r7fpIhe3JvproQc6nkF0 5GVCxMglKAnL3vxLeJpLm13BdHG32W/Sa2bElZCl+Ar0s6WAFYcpjaX9VRBw3Jb+ cQ2zRQxg6UketX5w+shJkvyoqfbdo+648/qpMPiK6F+PL6j6ag/wL9pKwx8Hzy9o PvMCdeKGslHHBHkc4cgoxDXOLV+UF8eo4pWkEj+GbGTJfs8T3DwkwDkG9bhm91mA Fs0BUHuuvKk+bj78dz8R4KS1AElxpp4ssHmF1atbHqGfRfL4LBM0bWaf2bKpVJg= =yPHj -END PGP SIGNATURE-
[SECURITY] [DSA 2482-1] libgdata security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2482-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez June 2, 2012 http://www.debian.org/security/faq - - Package: libgdata Vulnerability : insufficient certificate validation Problem type : remote Debian-specific: no CVE ID : CVE-2012-2653 Debian Bug : 664032 Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an https connection. For the stable distribution (squeeze), this problem has been fixed in version 0.6.4-2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 0.10.2-1. For the unstable distribution (sid), this problem has been fixed in version 0.10.2-1. We recommend that you upgrade your libgdata packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJPyg+cAAoJEOxfUAG2iX570q8H/34iZgboRkiMBx82t6kaP5J+ xn0pP6ZfQqrGJUA9VeWegD3nFuNLG9LlxCmE5B+v743/+V891ctQ6UzCG2iL1xd4 z8eiij//E+2QhaZatrrd58HXBYQI+51/rPpJ3nE+5l3QxCNGwpE8P8D7dIae20SR EFS5TJ4WzwYKt+cgEJVgPOH94l4KV69MJCDIwOYy79ZgYWT5lrfJ2pQ9Mw4mVtkg Z8+pxZCeXhgEq7H5NrAZplfcjgxBb2ZiJG1naxmGhVNtuo2ybSuOHbGeTbOQ47q5 5ZSFKaafo+CzSOXXwWPzfPMbpRDBwPvdRZgpsKUaWbHLQwkDDNCi+xE5XRPB+Fo= =WCiw -END PGP SIGNATURE-
[SECURITY] [DSA 2483-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2483-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez May 31, 2012 http://www.debian.org/security/faq - - Package: strongswan Vulnerability : authentication bypass Problem type : remote Debian-specific: no CVE ID : CVE-2012-2388 An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder. The default configuration in Debian does not use the gmp plugin for RSA operations but rather the OpenSSL plugin, so the packages as shipped by Debian are not vulnerable. For the stable distribution (squeeze), this problem has been fixed in version 4.4.1-5.2. For the testing distribution (wheezy), this problem has been fixed in version 4.5.2-1.4. For the unstable distribution (sid), this problem has been fixed in version 4.5.2-1.4. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPx6vTAAoJEL97/wQC1SS+cFYIAIq65txOmBylguvyEIzgYsoa EGLxDtKYf8lM78MKS1sSyoXocS9Yo3PkENEbVdcRuC8b+81+FDm+Y8VWOAoNQkwV bzzvjDCmVKlzmmdOLBgc1On+kOpCGOL42khkIlHYiTI9qqlEmYaSpSm10h3sxzDU xt3/1PAhPE9O8TX/Rl2au8ihLHLIV/45Ptt/QSMrErIuRInUqV4D0tNbU/M3Styf jA9MjG2b6P+sY7CeOf22QKsBvgcmx/dvat2DzvXDcFQgq/FiG+FVuZ/AZkzh4z5u xeQQiQUm1jreHNmAQ2UmLx/TUTRbj1xLfPReqLy/vDLgdTD2XyaoHhW38zMCNaY= =cSz+ -END PGP SIGNATURE-
[SECURITY] [DSA 2670-1] wordpress security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2670-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez May 11, 2012 http://www.debian.org/security/faq - - Package: wordpress Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3122 CVE-2011-3125 CVE-2011-3126 CVE-2011-3127 CVE-2011-3128 CVE-2011-3129 CVE-2011-3130 CVE-2011-4956 CVE-2011-4957 CVE-2012-2399 CVE-2012-2400 CVE-2012-2401 CVE-2012-2402 CVE-2012-2403 CVE-2012-2404 Debian Bug : 670124 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade. For the stable distribution (squeeze), those problems have been fixed in version 3.3.2+dfsg-1~squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), those problems have been fixed in version 3.3.2+dfsg-1. We recommend that you upgrade your wordpress packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPrXyJAAoJEL97/wQC1SS+4EcH/1nAhgTx17pMJF7JbWFNG2ZY /xSD6v4MDj3pLiZrntRx4c3y+Kbx91QKBN6KgqDxyHjDLoZgoNVVGwyozGjS2VBn m2OwnjzLUJVqd77R+mUj5h3yEVS1d4O+VcYRcpugPTaD17d90rlPGL2HkZXnQAk1 OjOKGns+yiapuLpcHmNz5cjwvJxaNe355aZlwSUjFWumqtGjQcgyJeKy1XGW0s2o h9YnLXGRNwtihXz0P+5qx7Qwcri3PXLn1Uapp2RSJStkNfiRjSJoqUkb5wqvhT7x O6GhUWShBF6pZ11uvOySY2yU5jPOQDufSUn6T4R5CL4hYJ6Bif6iqkHznPubHeE= =M38G -END PGP SIGNATURE-
[SECURITY] [DSA 2388-1] t1lib security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2388-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez January 14, 2012 http://www.debian.org/security/faq - - Package: t1lib Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 Debian Bug : 652996 Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts. CVE-2010-2642 A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0433 Another heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0764 An invalid pointer dereference allows execution of arbitrary code using crafted Type 1 fonts. CVE-2011-1552 Another invalid pointer dereference results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1553 A use-after-free vulnerability results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1554 An off-by-one error results in an invalid memory read and application crash, triggered by crafted Type 1 fonts. For the oldstable distribution (lenny), this problem has been fixed in version 5.1.2-3+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 5.1.2-3+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 5.1.2-3.3. For the unstable distribution (sid), this problem has been fixed in version 5.1.2-3.3. We recommend that you upgrade your t1lib packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJPEqtaAAoJEL97/wQC1SS++s4H/1V+Q5spiTcrjuLqFrwyljqz YtEtm2jVuZKNJwXmntLA3hpyO6cAbw7yZVfimcJagGb7Vc8PkeCR4L+U7Hl7FGk2 4QELdzlMYeM7bJdchBmrmrv0Jd7jhqAek4MMO2gMJyaNxDwnjvWpjWtf1wYzPlJ5 3kopGxF0nKf47IsFd6fFwu5mkCl+RwhG5b0JVuyPYqxr2ir64iS3rcMIxCS3yBOc IgYhNwNW+WQaJP5MwXelLnzkKJJGmugk9SrLaazVlIRGOXu34RZfziByxbQQQCF6 jGKm2L9ZcWfkDBHsoldEyP1J3WQLNUEqyxzLEib78D/28jEiuAu0GWNCkE+sO78= =uEYD -END PGP SIGNATURE-
[SECURITY] [DSA 2354-1] cups security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2354-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 28, 2011 http://www.debian.org/security/faq - - Package: cups Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2896 CVE-2011-3170 Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the Cups printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny10. For the stable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze1. For the testing and unstable distribution (sid), this problem has been fixed in version 1.5.0-8. We recommend that you upgrade your cups packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk7WagQACgkQXm3vHE4uylpgngCgy+xPdr3SGtgK+5zLkrIm2fHE YdEAoJP3bofxwm/6M+akx0DSTXnRC183 =aY5X -END PGP SIGNATURE-
[SECURITY] [DSA 2336-1] ffmpeg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2336-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 07, 2011 http://www.debian.org/security/faq - - Package: ffmpeg Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3362 CVE-2011-3973 CVE-2011-3974 CVE-2011-3504 Debian Bug : 641478 Multiple vulnerabilities were found in the ffmpeg, a multimedia player, server and encoder: CVE-2011-3362 An integer signedness error in decode_residual_block function of the Chinese AVS video (CAVS) decoder in libavcodec can lead to denial of service (memory corruption and application crash) or possible code execution via a crafted CAVS file. CVE-2011-3973/CVE-2011-3974 Multiple errors in the Chinese AVS video (CAVS) decoder can lead to denial of service (memory corruption and application crash) via an invalid bitstream. CVE-2011-3504 A memory allocation problem in the Matroska format decoder can lead to code execution via a crafted file. For the stable distribution (squeeze), this problem has been fixed in version 4:0.5.5-1. For the unstable distribution (sid), this problem has been fixed in version 4:0.7.2-1 of the libav source package. Security support for ffmpeg has been discontinued for the oldstable distribution (lenny) before in DSA 2306. The current version in oldstable is not supported by upstream anymore and is affected by several security issues. Backporting fixes for these and any future issues has become unfeasible and therefore we needed to drop our security support for the version in oldstable. We recommend that you upgrade your ffmpeg packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk64LoAACgkQXm3vHE4uylp5JQCgrx+SilXzFZxZ+hwHIQqUfd6d klwAoLFQFIUCtJ1HIDafZoJyj1QmZebU =Or5C -END PGP SIGNATURE-
[SECURITY] [DSA 2323-1] radvd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2323-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - - Package: radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local access, or specific files overwrites otherwise. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacked could flood the daemon with router solicitations in order to fill the input queue, causing a temporary denial of service (processing would be stopped during all the mdelay() calls). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -END PGP SIGNATURE-
