The OVAL Repository5.42015-09-03T06:24:34.134-04:00DSA-1638-1 openssh - denial of serviceDebian 4.0opensshIt has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (<a href="http://security-tracker.debian.org/tracker/CVE-2008-4109">CVE-2008-4109</a>).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-1852-1 fetchmail -- insufficient input validationDebian 5.0Debian 4.0fetchmailIt was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the subjectAltName or Common Name fields. Note, as a fetchmail user you should always use strict certificate validation through either these option combinations: sslcertck ssl sslproto ssl3 or sslcertck sslproto tls1 For the oldstable distribution , this problem has been fixed in version 6.3.6-1etch2. For the stable distribution , this problem has been fixed in version 6.3.9~rc2-4+lenny1. For the testing distribution , this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 6.3.9~rc2-6. We recommend that you upgrade your fetchmail packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1850-1 libmodplug -- severalDebian 5.0Debian 4.0libmodplugSeveral vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1438 It was discovered that libmodplug is prone to an integer overflow when processing a MED file with a crafted song comment or song name. CVE-2009-1513 It was discovered that libmodplug is prone to a buffer overflow in the PATinst function, when processing a long instrument name. For the stable distribution , these problems have been fixed in version 1:0.8.4-1+lenny1. For the oldstable distribution , these problems have been fixed in version 1:0.7-5.2+etch1. For the testing distribution and the unstable distribution , this problem has been fixed in version 1:0.8.7-1. We recommend that you upgrade your libmodplug packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1799-1 qemu -- severalDebian 5.0Debian 4.0qemuSeveral vulnerabilities have been discovered in the QEMU processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0928 Ian Jackson discovered that range checks of file operations on emulated disk devices were insufficiently enforced. CVE-2008-1945 It was discovered that an error in the format auto detection of removable media could lead to the disclosure of files in the host system. CVE-2008-4539 A buffer overflow has been found in the emulation of the Cirrus graphics adaptor. For the old stable distribution , these problems have been fixed in version 0.8.2-4etch3. For the stable distribution , these problems have been fixed in version 0.9.1-10lenny1. For the unstable distribution , these problems have been fixed in version 0.9.1+svn20081101-1. We recommend that you upgrade your qemu packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1832-1 camlimages -- integer overflowDebian 5.0Debian 4.0camlimagesTielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. For the old stable distribution , this problem has been fixed in version 2.20-8+etch1. For the stable distribution , this problem has been fixed in version 2.2.0-4+lenny1. For the unstable distribution , this problem has been fixed in version 3.0.1-2. We recommend that you upgrade your camlimages package.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1842-1 openexr -- severalDebian 5.0Debian 4.0openexrSeveral vulnerabilities have been discovered in the OpenEXR image library, which can lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1720 Drew Yao discovered integer overflows in the preview and compression code. CVE-2009-1721 Drew Yao discovered that an uninitialised pointer could be freed in the decompression code. CVE-2009-1722 A buffer overflow was discovered in the compression code. For the old stable distribution , these problems have been fixed in version 1.2.2-4.3+etch2. For the stable distribution , these problems have been fixed in version 1.6.1-3+lenny3. For the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your openexr packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1857-1 camlimages -- integer overflowDebian 5.0Debian 4.0camlimagesTielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of JPEG and GIF Images, while DSA 1832-1 addressed the issue with PNG images. For the oldstable distribution , this problem has been fixed in version 2.20-8+etch2. For the stable distribution , this problem has been fixed in version 1:2.2.0-4+lenny2. For the unstable distribution , this problem has been fixed in version 1:3.0.1-3. We recommend that you upgrade your camlimages package.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1944-1 request-tracker3.4/request-tracker3.6 -- session hijackDebian 5.0Debian 4.0request-tracker3.4/request-tracker3.6Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user"s RT session. For the stable distribution , this problem has been fixed in version 3.6.7-5+lenny3. For the oldstable distribution , this problem has been fixed in version 3.6.1-4+etch1 of request-tracker3.6 and version 3.4.5-2+etch1 of request-tracker3.4. For the testing distribution , this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 3.6.9-2. We recommend that you upgrade your request-tracker packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDebian GNU/Linux 5.0 is installedDebian GNU/Linux 5.0Debian GNU/Linux 5.0 (lenny) is installedSecPod TeamDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDebian GNU/Linux 4.0 is installed.Debian GNU/Linux 4.0Debian GNU/Linux 4.0 (etch) is installedSecPod TeamDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDopensshfetchmailfetchmailconflibmodplug-devlibmodplug0c2qemulibopenexr6libopenexr2c2alibopenexr-devopenexrlibcamlimages-ocaml-doclibcamlimages-ocamllibcamlimages-ocaml-dev/etcdebian_version^(\d\.\d).*$1rt3.6-db-postgresqlrt3.6-db-sqlitert3.4-apache2rt3.4-apacherequest-tracker3.4rt3.6-db-mysqlrequest-tracker3.6rt3.6-apache2rt3.6-clientsrt3.4-clientsrt3.6-apache1:4.3p2-9etch30:6.3.6-1etch20:6.3.9~rc2-4+lenny10:0.8.4-1+lenny10:0.7-5.2+etch10:0.8.2-4etch30:0.9.1-10lenny10:2.20-8+etch10:2.2.0-4+lenny10:1.6.1-3+lenny30:1.2.2-4.3+etch20:2.20-8+etch20:1:2.2.0-4+lenny2sparcmipsppchppamipselarmels390xarmi686ia64alphax86-645.04.00:3.6.7-5+lenny30:3.4.5-2+etch10:3.6.1-4+etch1