Next Page >>
distributions
Multiple integer overflows in XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial of
service (crash) or obtain sensitive information via crafted images with
large or negative values that trigger a buffer overflow. It only affects
the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
---------------------------------------------------------------------
I. Vulnerability Description
The OS X Software Update mechanism uses so called `distribution packages' [1],
which basically consist of two parts. The XML `catalog file', which lists the
available updates and the `distribution definition files' [1], which contain
information encoded in XML and JavaScript, defining every aspect of the
user experience, when installing an update.
Multiple integer overflows in XInitImage function in xwd.c for
GraphicsMagick, allow user-assisted remote attackers to cause a
denial of service (crash) or obtain sensitive information via
crafted images with large or negative values that trigger a
buffer overflow. It only affects the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245
The update for the oldstable distribution was incorrectly installed into
the archive. This update provides corrected packages. For reference the
original advisory text:
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
Several remote vulnerabilities have been discovered in the PHP 5
hypertext preprocessor. The Common Vulnerabilities and Exposures
project identifies the following problems:
The following issues have been fixed in both the stable (lenny)
and the oldstable (etch) distributions:
CVE-2009-2687 CVE-2009-3292
The exif module did not properly handle malformed jpeg files,
allowing an attacker to cause a segfault, resulting in a denial
This vulnerability could allow an attacker to cause a denial of service while parsing
a malformed XML file.
In addition, this update fixes an integer overflow in the hashlib module in python2.5.
This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)
It only affects the oldstable distribution (etch).
For the oldstable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
This issue affects only the stable distribution (Etch).
CVE-2007-1395
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
However, as I wrote in a followup posting to oss-security 2 days ago:
"I might update/revise my analysis on this issue in a few days.
Specifically, I now suspect that a (large) part of the apparent
non-uniformity of the distribution was in fact an artifact of my
analysis approach. I only analyzed sets of 1 million of pwgen'ed
passwords, so I could not directly check the distribution of full
passwords (1 million is too little, even compared to the small keyspace
of these passwords), whereas JtR only uses trigraph frequencies.
CVE Id(s) : CVE-2009-1195
It was discovered that the Apache web server did not properly handle
the "Options=" parameter to the AllowOverride directive:
In the stable distribution (lenny), local users could (via .htaccess)
enable script execution in Server Side Includes even in configurations
where the AllowOverride directive contained only
Options=IncludesNoEXEC.
In the oldstable distribution (etch), local users could (via
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-5824
Debian bug : 510205
This advisory adds the packages for the old stable distribution (etch),
with the exception of the mips packages. The updates for the mips
architecture will be released when they become available.
The packages for the stable distribution (lenny) have been released
in DSA-1972-1. For reference, the advisory text is provided below.
on affected Debian systems for signing or authentication purposes should
be considered compromised; the Digital Signature Algorithm relies on a
secret random value used during signature generation.
The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
distribution on 2006-09-17, and has since propagated to the testing and
current stable (etch) distributions. The old stable distribution
(sarge) is not affected.
Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
CVE-2010-1452
A vulnerability has been found in mod_dav that allows an attacker to
cause a daemon crash, causing a denial of service. This issue only
affects the Debian 5.0 oldstable/lenny distribution.
For the oldstable distribution (lenny), these problems have been fixed
in version 2.2.9-10+lenny10.
CVE-2010-1452
A vulnerability has been found in mod_dav that allows an attacker to
cause a daemon crash, causing a denial of service. This issue only
affects the Debian 5.0 oldstable/lenny distribution.
The regression has been fixed in the following packages:
For the oldstable distribution (lenny), this problem has been fixed
servers via a crafted certificate issued by a legitimate Certification
Authority. (CVE-2009-2730)
In addition, with this update, certificates with MD2 hash signatures are no
longer accepted since they're no longer considered cryptograhically secure. It
only affects the oldstable distribution (etch).(CVE-2009-2409)
For the oldstable distribution (etch), these problems have been fixed in version
1.4.4-3+etch5 for gnutls13.
For the stable distribution (lenny), these problems have been fixed in version
Jan Lieskovsky discovered an error in expat, an XML parsing C library,
when parsing certain UTF-8 sequences, which can be exploited to crash an
application using the library.
For the old stable distribution (etch), this problem has been fixed in
version 1.95.8-3.4+etch2.
For the stable distribution (lenny), this problem has been fixed in
version 2.0.1-4+lenny2.
Security Support for Debian GNU/Linux 4.0 to be discontinued on
February 15th
One year after the release of Debian GNU/Linux 5.0 alias 'lenny' and
nearly three years after the release of Debian GNU/Linux 4.0 alias
'etch' the security support for the old distribution (4.0 alias
'etch') is coming to an end next month. The Debian project is proud
to be able to support its old distribution for such a long time and
even for one year after a new version has been released.
The Debian project has released Debian GNU/Linux 5.0 alias 'lenny' on
Max Kellermann discovered a heap-based buffer overflow in the handling
of ADPCM WAV files in libaudiofile. This flaw could result in a denial
of service (application crash) or possibly execution of arbitrary code
via a crafted WAV file.
The old stable distribution (etch), this problem will be fixed in
version 0.2.6-6+etch1.
The packages for the oldtable distribution are not included in this
advisory. An update will be released soon.
CVE-2009-3229
Authenticated users can shut down the backend server by re-LOAD-ing
libraries in $libdir/plugins, if any libraries are present there.
(The old stable distribution (etch) is not affected by this issue.)
CVE-2009-3230
Authenticated non-superusers can gain database superuser privileges if
they can create functions and tables due to incorrect execution of
Debian Bugs : 531736 536724 504243 500115 504234 504771
The previous wordpress update introduced a regression when fixing
CVE-2008-4769 due to a function that was not backported with the patch.
Please note that this regression only affects the oldstable distribution
(etch). For reference the original advisory text follows.
Several vulnerabilities have been discovered in wordpress, weblog
manager. The Common Vulnerabilities and Exposures project identifies the
CVE-2007-0455
Kees Cook discovered a buffer overflow in libgd2's font renderer. An
attacker could cause denial of service (application crash) and
possibly execute arbitrary code via a crafted string with a JIS
encoded font. This issue only affects the oldstable distribution
(etch).
CVE-2009-3546
Tomas Hoger discovered a boundary error in the "_gdGetColors()"
Debian-specific: no
CVE Id : CVE-2009-0542 CVE-2009-0543
The security update for proftpd-dfsg in DSA-1727-1 caused a regression
with the postgresql backend. This update corrects the flaw. Also it was
discovered that the oldstable distribution (etch) is not affected by the
security issues. For reference the original advisory follows.
Two SQL injection vulnerabilities have been found in proftpd, a
virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures
Ben Schmidt discovered that vim did not properly escape characters
when performing keyword or tag lookups. This could lead to the
execution of arbitrary code.
For the stable distribution (lenny), these problems have been fixed in
version 1:7.1.314-3+lenny1, which was already included in the lenny
release.
For the oldstable distribution (etch), these problems have been fixed in
version 1:7.0-122+1etch4.
A vulnerability has been discovered in Battle for Wesnoth that allows
remote attackers to read arbitrary files the user running the client
has access to on the machine running the game client.
For the old stable distribution (sarge) this problem has been fixed in
version 0.9.0-7.
For the stable distribution (etch) this problem has been fixed in
version 1.2-3.
The response message for error code 400 (bad request) could be used to
expose "httpOnly" cookies. This could allow a remote attacker using
cross site scripting to steal authentication cookies.
For the oldstable distribution (lenny), these problems have been fixed in
version apache2 2.2.9-10+lenny12.
For the stable distribution (squeeze), these problems have been fixed in
version apache2 2.2.16-6+squeeze6
Developers using these bindings are encouraged to adjust their code to
use the new function.
For the stable distribution (lenny), this problem has been fixed in
version 1.7.0-3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 1.5.4-2+etch1.
audio codec, did not correctly handle certain malformed ogg files. An
attacher could cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via a crafted .ogg
file.
For the oldstable distribution (etch), these problems have been fixed in
version 1.1.2.dfsg-1.4+etch1.
For the stable distribution (lenny), these problems have been fixed in
version 1.2.0.dfsg-3.1+lenny1.
SSL/TLS Certificates" published at the Blackhat conference some time ago. This
allows an attacker to perform undetected man-in-the-middle attacks via a crafted
ITU-T X.509 certificate with an injected null byte in the Common Name field.
For the oldstable distribution (etch), this problem has been fixed in
version 1.10.2-2+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 1.11.4-2+lenny1.
HTML code. In order to cover the different attack vectors, these issues
have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360.
For the oldstable distribution (etch), these problems have been fixed in
version 2.6-2+etch5.
The stable distribution (lenny) does not include nagios2 and nagios3 is
not affected by these problems.
It was discovered that gst-plugins-bad0.10, the GStreamer plugins from
the "bad" set, is prone to an integer overflow when processing a MED
file with a crafted song comment or song name.
For the stable distribution (lenny), this problem has been fixed in
version 0.10.7-2+lenny2.
For the oldstable distribution (etch), this problem has been fixed in
version 0.10.3-3.1+etch3.
to run with elevated privileges and thus potentially executing arbitrary
code with the object's chrome privileges. (MFSA 2009-32)
For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.11-0lenny1.
As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
Next Page>>
|
