The OVAL Repository5.52015-09-03T07:26:44.478-04:00DSA-1852-1 fetchmail -- insufficient input validationDebian 5.0Debian 4.0fetchmailIt was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the subjectAltName or Common Name fields. Note, as a fetchmail user you should always use strict certificate validation through either these option combinations: sslcertck ssl sslproto ssl3 or sslcertck sslproto tls1 For the oldstable distribution , this problem has been fixed in version 6.3.6-1etch2. For the stable distribution , this problem has been fixed in version 6.3.9~rc2-4+lenny1. For the testing distribution , this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 6.3.9~rc2-6. We recommend that you upgrade your fetchmail packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1850-1 libmodplug -- severalDebian 5.0Debian 4.0libmodplugSeveral vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1438 It was discovered that libmodplug is prone to an integer overflow when processing a MED file with a crafted song comment or song name. CVE-2009-1513 It was discovered that libmodplug is prone to a buffer overflow in the PATinst function, when processing a long instrument name. For the stable distribution , these problems have been fixed in version 1:0.8.4-1+lenny1. For the oldstable distribution , these problems have been fixed in version 1:0.7-5.2+etch1. For the testing distribution and the unstable distribution , this problem has been fixed in version 1:0.8.7-1. We recommend that you upgrade your libmodplug packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-2068-1 python-cjson -- buffer overflowDebian 5.0python-cjsonMatt Giuca discovered a buffer overflow in python-cjson, a fast JSON encoder/decoder for Python. This allows a remote attacker to cause a denial of service through a specially-crafted Python script. For the stable distribution , this problem has been fixed in version 1.0.5-1+lenny1 For the testing and the unstable distribution, this problem has been fixed in version 1.0.5-3 We recommend that you upgrade your python-cjson package.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1799-1 qemu -- severalDebian 5.0Debian 4.0qemuSeveral vulnerabilities have been discovered in the QEMU processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0928 Ian Jackson discovered that range checks of file operations on emulated disk devices were insufficiently enforced. CVE-2008-1945 It was discovered that an error in the format auto detection of removable media could lead to the disclosure of files in the host system. CVE-2008-4539 A buffer overflow has been found in the emulation of the Cirrus graphics adaptor. For the old stable distribution , these problems have been fixed in version 0.8.2-4etch3. For the stable distribution , these problems have been fixed in version 0.9.1-10lenny1. For the unstable distribution , these problems have been fixed in version 0.9.1+svn20081101-1. We recommend that you upgrade your qemu packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1832-1 camlimages -- integer overflowDebian 5.0Debian 4.0camlimagesTielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. For the old stable distribution , this problem has been fixed in version 2.20-8+etch1. For the stable distribution , this problem has been fixed in version 2.2.0-4+lenny1. For the unstable distribution , this problem has been fixed in version 3.0.1-2. We recommend that you upgrade your camlimages package.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1842-1 openexr -- severalDebian 5.0Debian 4.0openexrSeveral vulnerabilities have been discovered in the OpenEXR image library, which can lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1720 Drew Yao discovered integer overflows in the preview and compression code. CVE-2009-1721 Drew Yao discovered that an uninitialised pointer could be freed in the decompression code. CVE-2009-1722 A buffer overflow was discovered in the compression code. For the old stable distribution , these problems have been fixed in version 1.2.2-4.3+etch2. For the stable distribution , these problems have been fixed in version 1.6.1-3+lenny3. For the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your openexr packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-2048-1 dvipng -- buffer overflowDebian 5.0dvipngDan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service , and possibly arbitrary code execution. For the stable distribution , this problem has been fixed in version dvipng_1.11-1+lenny1. For the testing distribution , this problem has been fixed in version 1.13-1. For the unstable distribution , this problem has been fixed in version 1.13-1. We recommend that you upgrade your dvipng package.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1857-1 camlimages -- integer overflowDebian 5.0Debian 4.0camlimagesTielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of JPEG and GIF Images, while DSA 1832-1 addressed the issue with PNG images. For the oldstable distribution , this problem has been fixed in version 2.20-8+etch2. For the stable distribution , this problem has been fixed in version 1:2.2.0-4+lenny2. For the unstable distribution , this problem has been fixed in version 1:3.0.1-3. We recommend that you upgrade your camlimages package.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-1944-1 request-tracker3.4/request-tracker3.6 -- session hijackDebian 5.0Debian 4.0request-tracker3.4/request-tracker3.6Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user"s RT session. For the stable distribution , this problem has been fixed in version 3.6.7-5+lenny3. For the oldstable distribution , this problem has been fixed in version 3.6.1-4+etch1 of request-tracker3.6 and version 3.4.5-2+etch1 of request-tracker3.4. For the testing distribution , this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 3.6.9-2. We recommend that you upgrade your request-tracker packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDebian GNU/Linux 4.0 is installed.Debian GNU/Linux 4.0Debian GNU/Linux 4.0 (etch) is installedSecPod TeamDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2121-1 typo3-src -- severalDebian 5.0typo3-srcSeveral remote vulnerabilities have been discovered in TYPO3. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3714 Multiple remote file disclosure vulnerabilities in the jumpUrl mechanism and the Extension Manager allowed attackers to read files with the privileges of the account under which the web server was running. CVE-2010-3715 The TYPO3 backend contained several cross-site scripting vulnerabilities, and the RemoveXSS function did not filter all Javascript code. CVE-2010-3716 Malicious editors with user creation permission could escalate their privileges by creating new users in arbitrary groups, due to lack of input validation in the taskcenter. CVE-2010-3717 TYPO3 exposed a crasher bug in the PHP filter_var function, enabling attackers to cause the web server process to crash and thus consume additional system resources. For the stable distribution , these problems have been fixed in version 4.2.5-1+lenny6. For the unstable distribution and the upcoming stable distribution , these problems have been fixed in version 4.3.7-1. We recommend that you upgrade your TYPO3 packages.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-2161-2 openjdk-6 -- severalDebian 5.0openjdk-6It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-2088-1 wget -- missing input sanitizationDebian 5.0wgetIt was discovered that wget, a command line tool for downloading files from the WWW, uses server-provided file names when creating local files. This may lead to code execution in some scenarios. After this update, wget will ignore server-provided file names. You can restore the old behavior in cases where it is not desirable by invoking wget with the new --use-server-file-name option. For the stable distribution , this problem has been fixed in version 1.11.4-2+lenny2. For the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your wget package.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDebian GNU/Linux 5.0 is installedDebian GNU/Linux 5.0Debian GNU/Linux 5.0 (lenny) is installedSecPod TeamDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDfetchmailfetchmailconflibmodplug-devlibmodplug0c2python-cjson-dbgpython-cjsonqemulibopenexr6libopenexr2c2alibopenexr-devopenexrdvipnglibcamlimages-ocaml-doclibcamlimages-ocamllibcamlimages-ocaml-devrt3.6-db-postgresqlrt3.6-db-sqlitert3.4-apache2rt3.4-apacherequest-tracker3.4rt3.6-db-mysqlrequest-tracker3.6rt3.6-apache2rt3.6-clientsrt3.4-clientsrt3.6-apachetypo3typo3-src-4.2openjdk-6/etcdebian_version^(\d\.\d).*$1wget0:6.3.6-1etch20:6.3.9~rc2-4+lenny10:0.8.4-1+lenny10:0.7-5.2+etch10:1.0.5-1+lenny10:0.8.2-4etch30:0.9.1-10lenny10:2.20-8+etch10:2.2.0-4+lenny10:1.6.1-3+lenny30:1.2.2-4.3+etch20:1.11-1+lenny10:2.20-8+etch20:1:2.2.0-4+lenny24.00:3.6.7-5+lenny30:3.4.5-2+etch10:3.6.1-4+etch10:4.2.5-1+lenny60:6b18-1.8.3-2~lenny15.00:1.11.4-2+lenny2sparcmipsppchppamipselarmels390xarmi686ia64alphax86-64