Next Page >>
oldstable
Multiple integer overflows in XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial of
service (crash) or obtain sensitive information via crafted images with
large or negative values that trigger a buffer overflow. It only affects
the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
Multiple integer overflows in XInitImage function in xwd.c for
GraphicsMagick, allow user-assisted remote attackers to cause a
denial of service (crash) or obtain sensitive information via
crafted images with large or negative values that trigger a
buffer overflow. It only affects the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
Several remote vulnerabilities have been discovered in the PHP 5
hypertext preprocessor. The Common Vulnerabilities and Exposures
project identifies the following problems:
The following issues have been fixed in both the stable (lenny)
and the oldstable (etch) distributions:
CVE-2009-2687 CVE-2009-3292
The exif module did not properly handle malformed jpeg files,
allowing an attacker to cause a segfault, resulting in a denial
Moritz Naumann discovered that Horde allows remote attackers
to inject arbitrary web script or HTML in the context of a logged
in user (cross site scripting).
This vulnerability applies to oldstable (sarge) only.
CVE-2006-3549
Moritz Naumann discovered that Horde does not properly restrict
its image proxy, allowing remote attackers to use the server as a
CVE-2007-3112, CVE-2007-3113
It was discovered that cacti is prone to a denial of service via the
graph_height, graph_width, graph_start and graph_end parameters.
This issue only affects the oldstable (etch) version of cacti.
CVE-2009-4032
It was discovered that cacti is prone to several cross-site scripting
attacks via different vectors.
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-4235
It was discovered that acpid, the Advanced Configuration and Power
Interface event daemon, on the oldstable distribution (etch) creates
its log file with weak permissions, which might expose sensible
information or might be abused by a local user to consume all free disk
space on the same partition of the file.
servers via a crafted certificate issued by a legitimate Certification
Authority. (CVE-2009-2730)
In addition, with this update, certificates with MD2 hash signatures are no
longer accepted since they're no longer considered cryptograhically secure. It
only affects the oldstable distribution (etch).(CVE-2009-2409)
For the oldstable distribution (etch), these problems have been fixed in version
1.4.4-3+etch5 for gnutls13.
For the stable distribution (lenny), these problems have been fixed in version
This vulnerability could allow an attacker to cause a denial of service while parsing
a malformed XML file.
In addition, this update fixes an integer overflow in the hashlib module in python2.5.
This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)
It only affects the oldstable distribution (etch).
For the oldstable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.
Debian Bugs : 531736 536724 504243 500115 504234 504771
The previous wordpress update introduced a regression when fixing
CVE-2008-4769 due to a function that was not backported with the patch.
Please note that this regression only affects the oldstable distribution
(etch). For reference the original advisory text follows.
Several vulnerabilities have been discovered in wordpress, weblog
manager. The Common Vulnerabilities and Exposures project identifies the
For the stable distribution (lenny), these problems have been fixed in
version 8.62.dfsg.1-3.2lenny1.
For the oldstable distribution (etch), these problems have been fixed
in version 8.54.dfsg.1-5etch2. Please note that the package in oldstable
is called gs-gpl.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.
Jermome Marchand reported an issue in the futex subsystem that
allows a local user to force an invalid futex state which results
in a denial of service (oops).
For the oldstable distribution (etch), this problem has been fixed in
version 2.6.24-6~etchnhalf.9etch3.
We recommend that you upgrade your linux-2.6.24 packages.
Upgrade instructions
This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server
certificate issued by a legitimate Certification Authority, and to bypass intended
access restrictions via a crafted client certificate issued by a legitimate
Certification Authority.
For the oldstable distribution (etch), this problem has been fixed in
version 8.13.8-3+etch1
For the stable distribution (lenny), this problem has been fixed in
version 8.14.3-5+lenny1
Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace.
A local attacker, with access to use FUSE, could unmount arbitrary
locations, leading to a denial of service.
For the oldstable distribution (etch), this problem has been fixed in
version 2.5.3-4.4+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 2.7.4-1.1+lenny1.
Tomoki Sekiyama discovered a deadlock condition in the UNIX domain
socket implementation. Local users can exploit this vulnerability
to cause a denial of service (system hang).
For the oldstable distribution (etch), this problem has been fixed in
version 2.6.24-6~etchnhalf.9etch1.
We recommend that you upgrade your linux-2.6.24 packages.
Note: Debian 'etch' includes linux kernel packages based upon both the
Tomoki Sekiyama discovered a deadlock condition in the UNIX domain
socket implementation. Local users can exploit this vulnerability
to cause a denial of service (system hang).
For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-26etch1.
We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and daemon crash) by establishing an SSL connection and
sending an X.509 client certificate with a crafted name field.
For the oldstable distribution (etch), these problems have been fixed in
version 5.0.32-7etch12
For the stable distribution (lenny), these problems have been fixed in
version 5.0.51a-24+lenny3
For the stable distribution (lenny), this problem has been fixed in
version 3.6.7-5+lenny3.
For the oldstable distribution (etch), this problem has been fixed in
version 3.6.1-4+etch1 of request-tracker3.6 and version 3.4.5-2+etch1
of request-tracker3.4.
For the testing distribution (squeeze), this problem will be fixed soon.
lighttpd to allocate new buffers for each read instead of appending to
old ones. An attacker can abuse this behaviour to cause denial of service
conditions due to memory exhaustion.
For the oldstable distribution (etch), this problem has been fixed in
version 1.4.13-4etch12.
For the stable distribution (lenny), this problem has been fixed in
version 1.4.19-5+lenny1.
received packets from unauthorized hosts. This allows an attacker to
cause denial of service conditions via filling up the logs and thus disk
space by repeatedly sending invalid cmdmon packets.
For the oldstable distribution (etch), this problem has been fixed in
version 1.21z-5+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 1.23-6+lenny1.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny7.
For the oldstable distribution (etch), this problem has been fixed in
version 1.2.7-4+etch9.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
For the stable distribution (lenny), these problems have been fixed in
version 3.2.2+debian0-2+lenny2.
For the oldstable distribution (etch), these problems have been fixed in
version 3.1.3-4etch7.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 3.3.6+debian0-1.
in a denial of service (oops).
This update also fixes a regression introduced by a previous security
update that caused problems booting on certain s390 systems.
For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-26etch2.
We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.
For the stable distribution (lenny), this problem has been fixed in
version 1.1.14-1+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 1.1.6-2+etch1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
For the stable distribution (lenny), these problems have been fixed in
version 2.7.STABLE3-4.1lenny1 of the squid package and version
3.0.STABLE8-3+lenny3 of the squid3 package.
For the oldstable distribution (etch), these problems have been fixed in
version 2.6.5-6etch5 of the squid package and version 3.0.PRE5-5+etch2
of the squid3 package.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.
For the stable distribution (lenny), this problem has been fixed in
version 1.4.2-0.1+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 1.3.6-4etch1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.4.3-3.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny4.
For the oldstable distribution (etch), this problem has been fixed in
version 1.3.0-19etch3.
Binaries for the amd64 architecture will be released once they are
available.
in the service playing packet ping-pong with other ntp servers or even itself
which causes CPU usage and excessive disk use due to logging. An attacker
can use this to conduct denial of service attacks.
For the oldstable distribution (etch), this problem has been fixed in
version 1:4.2.2.p4+dfsg-2etch4.
For the stable distribution (lenny), this problem has been fixed in
version 1:4.2.4p4+dfsg-8lenny3.
For the stable distribution (lenny), this problem has been fixed in
version 2.4.2-1+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 2.4.2-1+etch1.
For the testing distribution (squeeze), this problem will be fixed
soon.
properly check the result of an OpenSSL function for verifying
cryptographic signatures, which could be used to bypass the certificate
validation.
For the oldstable distribution (etch), this problem has been fixed in
version 2.5.9-7.etch.1.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.0-6, which was already included in the lenny release.
- ------------------------------------------------------------------------
Package : asterisk
Security support for asterisk, an Open Source PBX and telephony toolkit,
has been discontinued for the oldstable distribution (etch).
The current version in oldstable is not supported by upstream anymore
and is affected by several security issues. Backporting fixes for these
and any future issues has become unfeasible and therefore we need to
drop our security support for the version in oldstable. We recommend
that all asterisk users upgrade to the stable distribution (lenny).
Next Page>>
|
