Next Page >>
distribution
Multiple integer overflows in XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial of
service (crash) or obtain sensitive information via crafted images with
large or negative values that trigger a buffer overflow. It only affects
the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
---------------------------------------------------------------------
I. Vulnerability Description
The OS X Software Update mechanism uses so called `distribution packages' [1],
which basically consist of two parts. The XML `catalog file', which lists the
available updates and the `distribution definition files' [1], which contain
information encoded in XML and JavaScript, defining every aspect of the
user experience, when installing an update.
Multiple integer overflows in XInitImage function in xwd.c for
GraphicsMagick, allow user-assisted remote attackers to cause a
denial of service (crash) or obtain sensitive information via
crafted images with large or negative values that trigger a
buffer overflow. It only affects the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245
The update for the oldstable distribution was incorrectly installed into
the archive. This update provides corrected packages. For reference the
original advisory text:
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
This vulnerability could allow an attacker to cause a denial of service while parsing
a malformed XML file.
In addition, this update fixes an integer overflow in the hashlib module in python2.5.
This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)
It only affects the oldstable distribution (etch).
For the oldstable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
This issue affects only the stable distribution (Etch).
CVE-2007-1395
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
However, as I wrote in a followup posting to oss-security 2 days ago:
"I might update/revise my analysis on this issue in a few days.
Specifically, I now suspect that a (large) part of the apparent
non-uniformity of the distribution was in fact an artifact of my
analysis approach. I only analyzed sets of 1 million of pwgen'ed
passwords, so I could not directly check the distribution of full
passwords (1 million is too little, even compared to the small keyspace
of these passwords), whereas JtR only uses trigraph frequencies.
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-5824
Debian bug : 510205
This advisory adds the packages for the old stable distribution (etch),
with the exception of the mips packages. The updates for the mips
architecture will be released when they become available.
The packages for the stable distribution (lenny) have been released
in DSA-1972-1. For reference, the advisory text is provided below.
Several remote vulnerabilities have been discovered in the PHP 5
hypertext preprocessor. The Common Vulnerabilities and Exposures
project identifies the following problems:
The following issues have been fixed in both the stable (lenny)
and the oldstable (etch) distributions:
CVE-2009-2687 CVE-2009-3292
The exif module did not properly handle malformed jpeg files,
allowing an attacker to cause a segfault, resulting in a denial
CVE Id(s) : CVE-2009-1195
It was discovered that the Apache web server did not properly handle
the "Options=" parameter to the AllowOverride directive:
In the stable distribution (lenny), local users could (via .htaccess)
enable script execution in Server Side Includes even in configurations
where the AllowOverride directive contained only
Options=IncludesNoEXEC.
In the oldstable distribution (etch), local users could (via
CVE-2010-1452
A vulnerability has been found in mod_dav that allows an attacker to
cause a daemon crash, causing a denial of service. This issue only
affects the Debian 5.0 oldstable/lenny distribution.
For the oldstable distribution (lenny), these problems have been fixed
in version 2.2.9-10+lenny10.
CVE-2010-1452
A vulnerability has been found in mod_dav that allows an attacker to
cause a daemon crash, causing a denial of service. This issue only
affects the Debian 5.0 oldstable/lenny distribution.
The regression has been fixed in the following packages:
For the oldstable distribution (lenny), this problem has been fixed
CVE-2007-0455
Kees Cook discovered a buffer overflow in libgd2's font renderer. An
attacker could cause denial of service (application crash) and
possibly execute arbitrary code via a crafted string with a JIS
encoded font. This issue only affects the oldstable distribution
(etch).
CVE-2009-3546
Tomas Hoger discovered a boundary error in the "_gdGetColors()"
Jan Lieskovsky discovered an error in expat, an XML parsing C library,
when parsing certain UTF-8 sequences, which can be exploited to crash an
application using the library.
For the old stable distribution (etch), this problem has been fixed in
version 1.95.8-3.4+etch2.
For the stable distribution (lenny), this problem has been fixed in
version 2.0.1-4+lenny2.
Security Support for Debian GNU/Linux 4.0 to be discontinued on
February 15th
One year after the release of Debian GNU/Linux 5.0 alias 'lenny' and
nearly three years after the release of Debian GNU/Linux 4.0 alias
'etch' the security support for the old distribution (4.0 alias
'etch') is coming to an end next month. The Debian project is proud
to be able to support its old distribution for such a long time and
even for one year after a new version has been released.
The Debian project has released Debian GNU/Linux 5.0 alias 'lenny' on
CVE-2009-3229
Authenticated users can shut down the backend server by re-LOAD-ing
libraries in $libdir/plugins, if any libraries are present there.
(The old stable distribution (etch) is not affected by this issue.)
CVE-2009-3230
Authenticated non-superusers can gain database superuser privileges if
they can create functions and tables due to incorrect execution of
Debian Bugs : 531736 536724 504243 500115 504234 504771
The previous wordpress update introduced a regression when fixing
CVE-2008-4769 due to a function that was not backported with the patch.
Please note that this regression only affects the oldstable distribution
(etch). For reference the original advisory text follows.
Several vulnerabilities have been discovered in wordpress, weblog
manager. The Common Vulnerabilities and Exposures project identifies the
servers via a crafted certificate issued by a legitimate Certification
Authority. (CVE-2009-2730)
In addition, with this update, certificates with MD2 hash signatures are no
longer accepted since they're no longer considered cryptograhically secure. It
only affects the oldstable distribution (etch).(CVE-2009-2409)
For the oldstable distribution (etch), these problems have been fixed in version
1.4.4-3+etch5 for gnutls13.
For the stable distribution (lenny), these problems have been fixed in version
Max Kellermann discovered a heap-based buffer overflow in the handling
of ADPCM WAV files in libaudiofile. This flaw could result in a denial
of service (application crash) or possibly execution of arbitrary code
via a crafted WAV file.
The old stable distribution (etch), this problem will be fixed in
version 0.2.6-6+etch1.
The packages for the oldtable distribution are not included in this
advisory. An update will be released soon.
Debian-specific: no
CVE Id : CVE-2009-0542 CVE-2009-0543
The security update for proftpd-dfsg in DSA-1727-1 caused a regression
with the postgresql backend. This update corrects the flaw. Also it was
discovered that the oldstable distribution (etch) is not affected by the
security issues. For reference the original advisory follows.
Two SQL injection vulnerabilities have been found in proftpd, a
virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures
Ben Schmidt discovered that vim did not properly escape characters
when performing keyword or tag lookups. This could lead to the
execution of arbitrary code.
For the stable distribution (lenny), these problems have been fixed in
version 1:7.1.314-3+lenny1, which was already included in the lenny
release.
For the oldstable distribution (etch), these problems have been fixed in
version 1:7.0-122+1etch4.
on affected Debian systems for signing or authentication purposes should
be considered compromised; the Digital Signature Algorithm relies on a
secret random value used during signature generation.
The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
distribution on 2006-09-17, and has since propagated to the testing and
current stable (etch) distributions. The old stable distribution
(sarge) is not affected.
Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
A vulnerability has been discovered in Battle for Wesnoth that allows
remote attackers to read arbitrary files the user running the client
has access to on the machine running the game client.
For the old stable distribution (sarge) this problem has been fixed in
version 0.9.0-7.
For the stable distribution (etch) this problem has been fixed in
version 1.2-3.
The response message for error code 400 (bad request) could be used to
expose "httpOnly" cookies. This could allow a remote attacker using
cross site scripting to steal authentication cookies.
For the oldstable distribution (lenny), these problems have been fixed in
version apache2 2.2.9-10+lenny12.
For the stable distribution (squeeze), these problems have been fixed in
version apache2 2.2.16-6+squeeze6
Chris Evans discovered that mimeTeX contained certain directives that may be
unsuitable for handling untrusted user input. A remote attacker can obtain
sensitive information.
For the oldstable distribution (etch), these problems have been fixed in
version 1.50-1+etch1.
Due to a bug in the archive system, the fix for the stable distribution
(lenny) will be released as version 1.50-1+lenny1 once it is available.
Christoph Anton Mitterer discovered that maildrop, a mail delivery agent
with filtering abilities, is prone to a privilege escalation issue that
grants a user root group privileges.
For the stable distribution (lenny), this problem has been fixed in
version 2.0.4-3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 2.0.2-11+etch1.
It was discovered that the dbus_signature_validate function in
dbus, a simple interprocess messaging system, is prone to a denial of
service attack. This issue was caused by an incorrect fix for
DSA-1658-1.
For the stable distribution (lenny), this problem has been fixed in
version 1.2.1-5+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 1.0.2-1+etch3.
of service attacks (100% CPU consumption) due to bad backtracking
via a specially crafted email address or URL which is validated by the
django forms library.
python-django in the oldstable distribution (etch), is not affected by
this problem.
For the stable distribution (lenny), this problem has been fixed in
version 1.0.2-1+lenny2.
share is enabled or an explicit share is created with that username, samba
fails to enforce sharing restrictions which results in an attacker being
able to access the file system from the root directory (CVE-2009-2813).
For the oldstable distribution (etch), this problem will be fixed soon.
For the stable distribution (lenny), this problem has been fixed in
version 2:3.2.5-4lenny7.
For the testing distribution (squeeze), this problem will be fixed soon.
CVE-2009-4143
Memory corruption via session interruption.
In the stable distribution (lenny), this update also includes bug fixes
(bug #529278, #556459, #565387, #523073) that were to be included in a
stable point release as version 5.2.6.dfsg.1-1+lenny5.
For the stable distribution (lenny), these problems have been fixed in
Next Page>>
|
