The OVAL Repository5.62015-09-03T07:14:08.115-04:00DSA-2901-3 -- wordpress -- security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0wordpressSeveral vulnerabilities were discovered in Wordpress, a web blogging tool.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2650-2 -- libvirt -- files and device nodes ownership change to kvm groupDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libvirtBastian Blank discovered that libvirtd, a daemon for management of virtual machines, network and storage, would change ownership of devices files so they would be owned by user libvirt-qemu and group kvm, which is a general purpose group not specific to libvirt, allowing unintended write access to those devices and files for the kvm group members.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2422-2 -- file -- missing bounds checksDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0fileThe file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File (CDF) format, leading to crashes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2873-2 -- file -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0fileSeveral vulnerabilities have been found in file, a file type classification tool.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2850-2 -- libyaml -- heap-based buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0libyamlFlorian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2199-1 -- iceape -- ssl certificate blacklist updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeThis update for the Iceape internet suite, an unbranded version of Seamonkey, updates the certificate blacklist for several fraudulent HTTPS certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2200-1 -- iceweasel -- ssl certificate blacklist updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselThis update for Iceweasel, a web browser based on Firefox, updates the certificate blacklist for several fraudulent HTTPS certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2628-2 -- nss-pam-ldapd -- buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nss-pam-ldapdGarth Mollett discovered that a file descriptor overflow issue in the use of FD_SETin nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2636-2 -- xen -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xenMultiple vulnerabilities have been discovered in the Xen hypervisor.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2457-2 -- iceweasel -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2901-2 -- wordpress -- security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0wordpressSeveral vulnerabilities were discovered in Wordpress, a web blogging tool.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2550-2 -- asterisk -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2675-2 -- libxvmc -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0libxvmcIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2398-2 -- curl -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0curlSeveral vulnerabilities have been discovered in cURL, an URL transfer library.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2641-2 -- perl -- rehashing flawDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0perllibapache2-mod-perl2Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2808-2 -- openjpeg -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0openjpegSeveral vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service via application crash or high memory consumption, possible code execution through heap buffer overflows, information disclosure, or yet another heap buffer overflow that only appears to affect OpenJPEG 1.3.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2783-2 -- librack-ruby -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0librack-rubySeveral vulnerabilities were discovered in Rack, a modular Ruby webserver interface.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2826-2 -- denyhosts -- remote denial of ssh serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0denyhostsHelmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhosts ban arbitrary IP addresses.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2605-2 -- asterisk -- several issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, that allow remote attackers to perform denial of service attacks.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2462-2 -- imagemagick -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0imagemagickSeveral integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2798-2 -- curl -- unchecked ssl certificate host nameDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0curlScott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2273-1 -- icedove -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2262-2 -- moodle -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0moodleSeveral cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2765-2 -- davfs2 -- privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0davfs2Davfs2, a filesystem client for WebDAV, calls the function systeminsecurely while is setuid root. This might allow a privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2831-2 -- puppet -- insecure temporary filesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0puppetAn unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2795-2 -- lighttpd -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0lighttpdSeveral vulnerabilities have been discovered in the lighttpd web server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2612-2 -- ircd-ratbox -- programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ircd-ratboxIt was discovered that a bug in the server capability negotiation code of ircd-ratbox could result in denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2186-2 -- iceweasel -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2925-1 rxvt-unicode - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7rxvt-unicodePhillip Hallam-Baker discovered that window property values could be queried in rxvt-unicode, resulting in the potential execution of arbitrary commands.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2915-1 dpkg - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7dpkgJakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2927-1 libxfont - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxfontIlja van Sprundel of IOActive discovered several security issues in theX.Org libXfont library, which may allow a local, authenticated user to attempt to raise privileges; or a remote attacker who can control the font server to attempt to execute code with the privileges of the X server.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2915-2 dpkg - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7dpkgJakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2940-1 libstruts1.2-java - security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0libstruts1.2-javaThe ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2921-1 xbuffy - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7xbuffyMichael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2922-1 strongswan - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7strongswanA vulnerability has been found in the ASN.1 parser of strongSwan, anIKE/IPsec suite used to establish IPsec protected links.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2934-1 python-django - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7python-djangoSeveral vulnerabilities were discovered in Django, a high-level Python web development framework.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2912-1 openjdk-6 - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7openjdk-6Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2936-1 torque - security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0torqueJohn Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2910-1 qemu-kvm - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7qemu-kvmMichael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2902-1 curl - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7curlTwo vulnerabilities have been discovered in cURL, an URL transfer library.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2901-1 wordpress - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7wordpressSeveral vulnerabilities were discovered in Wordpress, a web blogging tool.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2937-1 mod-wsgi - security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0mod-wsgiTwo security issues have been found in the Python WSGI adapter module for Apache.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2916-1 libmms - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libmmsAlex Chapman discovered that a buffer overflow in processing <q>MMS over HTTP</q> messages could result in the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2904-1 virtualbox - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7virtualbox-osevirtualboxFrancisco Falcon discovered that missing input sanitising in the 3Dacceleration code in VirtualBox could lead to the execution of arbitrary code on the host system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2914-1 drupal6 - security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0drupal6An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2917-1 super - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7superJohn Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMIT_NPROC attacks.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2928-1 linux-2.6 - security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2894-1 openssh - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7opensshTwo vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2884-1 libyaml - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libyamlIvan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitterlibrary. A remote attacker could provide a specially-crafted YAMLdocument that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2886-1 libxalan2-java - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxalan2-javaNicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs couldaccess system properties or load arbitrary classes, resulting ininformation disclosure and, potentially, arbitrary code execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2906-1 linux-2.6 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2872-1 udisks - buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7udisksFlorian Weimer discovered a buffer overflow in udisks's mount path parsing code which may result in privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2874-1 mutt - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7muttBeatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mail reader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2899-1 openafs - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7openafsMichael Meffie discovered that in OpenAFS, a distributed file system, an attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the fileserver, and potentially permitting the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2877-1 lighttpd - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7lighttpdSeveral vulnerabilities were discovered in the lighttpd web server.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2869-1 gnutls26 - incorrect certificate verificationDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7gnutls26Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported successfully even in cases were an error would prevent all verification steps to be performed.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2864-1 postgresql-8.4 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0postgresql-8.4Various vulnerabilities were discovered in PostgreSQL.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2859-2 pidgin - security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0pidginMultiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2882-1 extplorer - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7extplorerMultiple cross-site scripting (XSS) vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS.A remote attacker can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copy_move.php,functions.php, header.php and upload.php.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2870-1 libyaml-libyaml-perl - heap-based buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libyaml-libyaml-perlFlorian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2903-1 strongswan - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7strongswanAn authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association (IKE_SA) handled some state transitions incorrectly.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2879-1 libssh - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libsshIt was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly the recovery of the private key.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2909-1 qemu - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7qemuMichael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2892-1 a2ps - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7a2psSeveral vulnerabilities have been found in a2ps, an <q>Anything to PostScript</q> converter and pretty-printer.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2871-1 wireshark - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7wiresharkMultiple vulnerabilities were discovered in Wireshark.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2953-1 dpkg - security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 7.0Debian GNU/kFreeBSD 7.0dpkgMultiple vulnerabilities were discovered in dpkg that allow file modification through path traversal when unpacking source packages with specially crafted patch files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDSA-2878-1 virtualbox - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7virtualbox-osevirtualboxMatthew Daley discovered multiple vulnerabilities in VirtualBox, a x86virtualisation solution, resulting in denial of service, privilege escalation and an information leak.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2898-1 imagemagick - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7imagemagickSeveral buffer overflows were found in Imagemagick, a suite of image manipulation programs. Processing malformed PSD files could lead to the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2885-1 libyaml-libyaml-perl - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libyaml-libyaml-perlIvan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2876-1 cups - security updateDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cupsFlorian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of arbitrary code if a malformed PDF file is processed.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2863-1 libtar - directory traversalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libtarA directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond thetar_extract_glob and tar_extract_all prefix parameter.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2867-1 otrs2 - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7otrs2Several vulnerabilities were discovered in otrs2, the Open Ticket Request System.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2873-1 file - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7fileSeveral vulnerabilities have been found in file, a file type classification tool.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2868-1 php5 - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7php5It was discovered that file, a file type classification tool, contains a flaw in the handling of <q>indirect</q> magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2861-1 file - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7fileIt was discovered that file, a file type classification tool, contains a flaw in the handling of <q>indirect</q> magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2893-1 openswan - security updateDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7openswanTwo vulnerabilities were fixed in Openswan, an IKE/IPsec implementation for Linux.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2843-1 graphviz - buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7graphvizTwo buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2849-1 curl - information disclosureDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7curlParas Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2845-1 mysql-5.1 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mysql-5.1This DSA updates the MySQL 5.1 database to 5.1.73. This fixes multiple unspecified security problems in MySQL:<a href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</a>Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2852-1 libgadu - heap-based buffer overflowDebian GNU/Linux 7Debian GNU/Linux 6.0Debian GNU/kFreeBSD 7Debian GNU/kFreeBSD 6.0libgaduYves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2851-1 drupal6 - impersonationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0drupal6Christian Maink a and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2856-1 libcommons-fileupload-java - CVE-2014-0050Debian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libcommons-fileupload-javaIt was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2850-1 libyaml - heap-based buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libyamlFlorian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2853-1 horde3 - Remote code executionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0horde3Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitised variables are passed to the unserialize() PHP function. A remote attacker could specially-craft one of those variables allowing her to load and execute code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2844-1 djvulibre - arbitrary code executionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0djvulibreIt was discovered that djvulibre, the Open Source DjVu implementation project, can be crashed or possibly make it execute arbitrary code when processing a specially crafted djvu file.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2841-1 movabletype-opensource - cross-site scriptingDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7movabletype-opensourceA cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2838-1 libxfont - buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxfontIt was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2831-1 puppet - insecure temporary filesDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7puppetAn unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2820-1 nspr - integer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7nsprIt was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2826-1 deny hosts - Remote denial of ssh serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7denyhostsHelmut Grohne discovered that deny hosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make deny hosts ban arbitrary IP addresses.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2834-1 typo3-src - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7typo3-srcSeveral vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to <a href="http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/">TYPO3-CORE-SA-2013-004</a>.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2832-1 memcached - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7memcachedMultiple vulnerabilities have been found in memcached, a high-performance memory object caching system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2840-1 srtp - buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7srtpFernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. A remote attacker could exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2835-1 asterisk - buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7asteriskJan Juergens discovered a buffer overflow in the parser for SMS messages in Asterisk.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2817-1 libtar - Multiple integer overflowsDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libtarTimo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2827-1 libcommons-fileupload-java - arbitrary file upload via deserializationDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libcommons-fileupload-javaIt was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2812-1 samba - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7sambaTwo security issues were found in Samba, a SMB/CIFS file, print, and login server.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2822-1 xorg-server - integer underflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7xorg-serverBryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2821-1 gnupg - side channel attackDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7gnupgGenkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen cipher texts.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2816-1 php5 - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7php5Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2814-1 varnish - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7varnishA denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2828-1 drupal6 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0drupal6Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: vulnerabilities due to optimistic cross-site request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2813-1 gimp - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7gimpMurray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2202-1 apache2 - failure to drop root privilegesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0apache2MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that is included in Debian's apache2 package.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2273-3 icedove - multiple issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2470-1 wordpress - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wordpressSeveral vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2498-1 dhcpcd - remote stack overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0dhcpcdIt was discovered that dhcpcd, a DHCP client, was vulnerable to a stack overflow. A malformed DHCP message could crash the client, causing a denial of service, and potentially remote code execution through properly designed malicous DHCP packets.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2829-1 hplip - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7hplipMultiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2494-1 ffmpeg - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ffmpegCVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2460-1 asterisk - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskSeveral vulnerabilities were discovered in the Asterisk PBX and telephony toolkit.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2482-1 libgdata - no verification of TLS certificates against system root CADebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libgdataVreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an HTTPS connection.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2518-1 krb5 - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0krb5Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2535-1 rtfm - cross-site scriptingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0rtfmIt was discovered that rtfm, the Request Tracker FAQ Manager, contains multiple cross-site scripting vulnerabilities in the topic administration page.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2521-1 libxml2 - integer overflowsDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxml2Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2468-1 libjakarta-poi-java - unbounded memory allocationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libjakarta-poi-javaIt was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2533-1 pcp - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0pcpIt was discovered that Performance Co-Pilot (pcp), a framework for performance monitoring, contains several vulnerabilities.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2564-1 tinyproxy - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tinyproxygpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2598-1 weechat - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0weechatTwo security issues have been discovered in WeeChat, a fast, light and extensible chat client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2299-1 ca-certificates - untrusted root CADebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ca-certificatesAn unauthorised SSL certificate has been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in its ca-certificates bundle.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2602-1 zendframework - XML external entity inclusionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0zendframeworkYury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2582-1 xen - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xenMultiple denial of service vulnerabilities have been discovered in the Xen Hypervisor. One of the issue (<a href="http://security-tracker.debian.org/tracker/CVE-2012-5513">CVE-2012-5513</a>) could even lead to privilege escalation from guest to host.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2539-1 zabbix - SQL injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0zabbixIt was discovered that Zabbix, a network monitoring solution, does not properly validate user input used as a part of an SQL query. This may allow unauthenticated attackers to execute arbitrary SQL commands (SQL injection) and possibly escalate privileges.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2640-1 zoneminder - several issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0zoneminderMultiple vulnerabilities were discovered in zoneminder, a Linux video camera security and surveillance solution.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2554-1 iceape - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2457-1 iceweasel - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2472-1 gridengine - privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gridengineDave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitised before creating processes.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2795-1 lighttpd - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7lighttpdSeveral vulnerabilities have been discovered in the lighttpd web server.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2805-1 sup-mail - remote command injectionDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7sup-mailjoernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2754-1 exactimage - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7exactimageIt was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialised variable being passed to longjmp.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2541-1 beaker - information disclosureDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0beakerIt was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2453-2 gajim - regressionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gajimSeveral vulnerabilities have been discovered in Gajim, a feature-rich Jabber client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2642-1 sudo - several issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0sudoSeveral vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2747-1 cacti - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7cactiTwo vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systemsSergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2452-1 apache2 - insecure default configurationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0apache2Niels Heinen noticed a security issue with the default Apache configuration on Debian if certain scripting modules like mod_php or mod_rivet are installed. The problem arises because the directory /usr/share/doc, which is mapped to the URL /doc, may contain example scripts that can be executed by requests to this URL. Although access to the URL /doc is restricted to connections from localhost, this still creates security issues in two specific configurations.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2584-1 iceape - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeMultiple vulnerabilities have been found in Iceape, the Debian Internet suite based on Mozilla Seamonkey.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2823-1 pixman - integer underflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7pixmanBryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2474-1 ikiwiki - cross-site scriptingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ikiwikiRaúl Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2622-1 polarssl - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0polarsslMultiple vulnerabilities have been found in PolarSSL.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2478-1 sudo - parsing errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0sudoIt was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2525-1 expat - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0expatIt was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2654-1 libxslt - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxsltNicolas Gregoire discovered that libxslt, an XSLT processing runtime library, is prone to denial of service vulnerabilities via crafted XSL stylesheets.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2476-1 pidgin-otr - format string vulnerabilityDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0pidgin-otrIntrigeri discovered a format string error in pidgin-otr, an Off-the-Record Messaging plugin for Pidgin.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2630-1 postgresql-8.4 - programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0postgresql-8.4Sumit Soni discovered that PostgreSQL, an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2445-1 typo3-src - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0typo3-srcSeveral remote vulnerabilities have been discovered in the TYPO3 web content management framework.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2774-1 gnupg2 - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7gnupg2Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard, a free PGP replacement.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2646-1 typo3-src - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0typo3-srcTYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2779-1 libxml2 - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxml2Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2688-1 libxres - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxresIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2670-1 request-tracker3.8 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.8Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2488-1 iceweasel - several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2610-1 ganglia - remote code executionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gangliaInsufficient input sanitisation in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2600-1 cups - privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cupsJann Horn discovered that users of the CUPS printing system who are part of the lpadmin group could modify several configuration parameters with security impact. Specifically, this allows an attacker to read or write arbitrary files as root which can be used to elevate privileges.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2547-1 bind9 - improper assertDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bind9It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2626-1 lighttpd - several issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0lighttpdSeveral vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2523-1 globus-gridftp-server - programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0globus-gridftp-serverIt was discovered that the GridFTP component from the Globus Toolkit, a toolkit used for building Grid systems and applications, performed insufficient validation of a name lookup, which could lead to privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2758-1 python-django - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7python-djangoIt was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2628-1 nss-pam-ldapd - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nss-pam-ldapdGarth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2529-1 python-django - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0python-djangoJeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2549-1 devscripts - multipleDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0devscriptsMultiple vulnerabilities have been discovered in devscripts, a set of scripts to make the life of a Debian Package maintainer easier. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2543-1 xen-qemu-dm-4.0 - multipleDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xen-qemu-dm-4.0Multiple vulnerabilities have been discovered in xen-qemu-dm-4.0, the Xen QEMU Device Model virtual machine hardware emulator.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2576-1 trousers - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0trousersAndy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2770-1 torque - authentication bypassDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7torqueJohn Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2648-1 firebird2.5 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0firebird2.5A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2674-1 libxv - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxvIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2666-1 xen - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7xenMultiple vulnerabilities have been discovered in the Xen hypervisor.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2624-1 ffmpeg - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ffmpegSeveral vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS and MPEG-1/2 files could lead to the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2632-1 linux-2.6 - several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2771-1 nas - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7nasHamid Zamani discovered multiple security problems (buffer overflows, format string vulnerabilities and missing input sanitising), which could lead to the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2644-1 wireshark - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wiresharkMultiple vulnerabilities were discovered in the dissectors for the MS-MMS, RTPS, RTPS2, Mount, ACN, CIMD and DTLS protocols, which could result in denial of service or the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2464-1 icedove - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2660-1 curl - cookie leak vulnerabilityDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0curlYamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tail match function when matching domain names, it was possible that cookies set for a domain <q>ample.com</q> could accidentally also be sent by libcurl when communicating with <q>example.com</q>.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2682-1 libxext - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxextIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2596-1 mediawiki-extensions - cross-site scripting in RSSReader extensionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mediawiki-extensionsThorsten Glaser discovered that the RSSReader extension for MediaWiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the MediaWiki pages.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2792-1 wireshark - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7wiresharkMultiple vulnerabilities were discovered in the dissectors for IEEE 802.15.4, NBAP, SIP and TCP, which could result in denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2560-1 bind9 - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bind9It was discovered that BIND, a DNS server, hangs while constructing the additional section of a DNS reply, when certain combinations of resource records are present. This vulnerability affects both recursive and authoritative servers.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2506-1 libapache-mod-security - modsecurity bypassDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libapache-mod-securityQualys Vulnerability & Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both <q>Content:Disposition: attachment</q> and <q>Content-Type: multipart</q> were present in HTTP headers, the vulnerability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2778-1 libapache2-mod-fcgid - heap-based buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libapache2-mod-fcgidRobert Matthews discovered that the Apache FCGID module, a FastCGI implementation for Apache HTTP Server, fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2710-1 xml-security-c - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7xml-security-cJames Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2664-1 stunnel4 - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0stunnel4protocolAuthentication = NTLM) together with the connect protocol method (protocol = connect). With these prerequisites and using stunnel4 in SSL client mode (client = yes) on a 64 bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever.]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2652-1 libxml2 - external entity expansionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxml2Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing string substitution during entity expansion.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2492-1 php5 - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5The Phar extension for PHP does not properly handle crafted tar files, leading to a heap-based buffer overflow. PHP applications processing tar files could crash or, potentially, execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2512-1 mono - missing input sanitisingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0monoMarcus Meissner discovered that the web server included in Mono performed insufficient sanitising of requests, resulting in cross-site scripting.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2698-1 tiff - buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7tiffMultiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2618-1 ircd-hybrid - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ircd-hybridBob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an Internet Relay Chat server. A remote attacker may use an error in the masks validation and crash the server.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2782-1 polarssl - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7polarsslMultiple security issues have been discovered in PolarSSL, a lightweight crypto and SSL/TLS library:Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2808-1 openjpeg - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7openjpegCVE-2013-1447) via application crash or high memory consumption, possible code execution through heap buffer overflows (CVE-2013-6045), information disclosure (CVE-2013-6052), or yet another heap buffer overflow that only appears to affect OpenJPEG 1.3 (CVE-2013-6054).]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2550-1 asterisk - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2789-1 strongswan - Denial of service and authorisation bypassDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7strongswanA vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2568-1 rtfm - privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0rtfmIt was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2616-1 nagios3 - buffer overflow vulnerabilityDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nagios3A buffer overflow problem has been found in nagios3, a host/service/network monitoring and management system. A malicious client could craft a request to history.cgi and cause application crashes.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2767-1 proftpd-dfsg - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7proftpd-dfsgKingcope discovered that the mod_sftp and mod_sftp_pam modules of proftpd, a powerful modular FTP/SFTP/FTPS server, are not properly validating input, before making pool allocations. An attacker can use this flaw to conduct denial of service attacks against the system running proftpd (resource exhaustion).Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2552-1 tiff - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tiffSeveral vulnerabilities were discovered in TIFF, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2592-1 elinks - programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0elinksMarko Myllynen discovered that ELinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2545-1 qemu - multipleDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0qemuMultiple vulnerabilities have been discovered in QEMU, a fast processor emulator.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2678-1 mesa - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7mesaIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2562-1 cups-pk-helper - privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cups-pk-helpercups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a CUPS resource, or overwriting specific files with the content of a CUPS resource. The user would have to explicitly approve the action.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2514-1 iceweasel - several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2537-1 typo3-src - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0typo3-srcSeveral vulnerabilities were discovered in TYPO3, a content management system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2680-1 libxt - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxtIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2684-1 libxrandr - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxrandrIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2556-1 icedove - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2786-1 icu - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7icuThe Google Chrome Security Team discovered two issues (a race condition and a use-after-free issue) in the International Components for Unicode (ICU) library.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2798-1 curl - unchecked ssl certificate host nameDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7curlScott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2594-1 virtualbox-ose - programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0virtualbox-ose<q>halfdog</q> discovered that incorrect interrupt handling in VirtualBox, a x86 virtualization solution, can lead to denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2809-1 ruby1.8 - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7ruby1.8Several vulnerabilities have been discovered in the interpreter for the Ruby language.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2752-1 phpbb3 - too wide permissionsDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7phpbb3Andreas Beckmann discovered that phpBB, a web forum, as installed in Debian, sets incorrect permissions for cached files, allowing a malicious local user to overwrite them.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2454-2 openssl - incomplete fixDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensslMultiple vulnerabilities have been found in OpenSSL.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2650-1 libvirt - files and device nodes ownership change to kvm groupDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libvirtBastian Blank discovered that libvirtd, a daemon for management of virtual machines, network and storage, would change ownership of devices files so they would be owned by user <q>libvirt-qemu</q> and group <q>kvm</q>, which is a general purpose group not specific to libvirt, allowing unintended write access to those devices and files for the kvm group members.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2566-1 exim4 - heap overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0exim4It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2590-1 wireshark - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wiresharkBjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2690-1 libxxf86dga - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxxf86dgaIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2608-1 qemu - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0qemuIt was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2803-1 quagga - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7quaggaMultiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2794-1 spip - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7spipSeveral vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site request forgery on logout, cross-site scripting on author page, and PHP injection.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2806-1 nbd - privilege escalationDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7nbdIt was discovered that nbd-server, the server for the Network Block Device protocol, did incorrect parsing of the access control lists, allowing access to any hosts with an IP address sharing a prefix with an allowed address.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2676-1 libxfixes - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxfixesIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2773-1 gnupg - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7gnupgTwo vulnerabilities were discovered in GnuPG, the GNU privacy guard, a free PGP replacement.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2574-1 typo3-src - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0typo3-srcSeveral vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, SQL injection, and information disclosure vulnerabilities and corresponds to <a href="http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/">TYPO3-CORE-SA-2012-005</a>.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2702-1 telepathy-gabble - TLS verification bypassDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7telepathy-gabbleMaksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2578-1 rssh - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0rsshJames Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp, sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2739-1 cacti - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7cactiTwo security issues (SQL injection and command line injection via SNMP settings) were found in Cacti, a web interface for graphing of monitoring systems.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2756-1 wireshark - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7wiresharkMultiple vulnerabilities were discovered in the dissectors for LDAP, RTPS and NBAP and in the Netmon file parser, which could result in denial of service or the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2614-1 libupnp - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libupnpMultiple stack-based buffer overflows were discovered in libupnp, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2508-1 kfreebsd-8 - privilege escalationDebian GNU/kFreeBSD 6.0kfreebsd-8Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2496-1 mysql-5.1 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mysql-5.1Due to the non-disclosure of security patch information from Oracle, we are forced to ship an upstream version update of MySQL 5.1. There are several known incompatible changes, which are listed in /usr/share/doc/mysql-server/NEWS.Debian.gz.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2796-1 torque - arbitrary code executionDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7torqueMatt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2588-1 icedove - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveMultiple vulnerabilities have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2662-1 xen - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xenMultiple vulnerabilities have been discovered in the Xen hypervisor.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2527-1 php5 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5Several vulnerabilities have been discovered in PHP, the web scripting language.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2558-1 bacula - information disclosureDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0baculaIt was discovered that bacula, a network backup service, does not properly enforce console ACLs. This could allow information about resources to be dumped by an otherwise-restricted client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2462-1 imagemagick - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0imagemagickSeveral integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2500-1 mantis - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mantisSeveral vulnerabilities were discovered in Mantis, an issue tracking system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2464-2 icedove - regressionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2636-1 xen - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xenMultiple vulnerabilities have been discovered in the Xen hypervisor.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2606-1 proftpd-dfsg - symlink raceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0proftpd-dfsgIt has been discovered that in ProFTPd, an FTP server, an attacker on the same physical host as the server may be able to perform a symlink attack allowing to elevate privileges in some configurations.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2776-1 drupal6 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0drupal6Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2766-1 linux-2.6 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2668-1 linux-2.6 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2261-1 redmine - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0redmineJoernchen of Phenoelit discovered several vulnerabilities in Redmine, a project management web application.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2810-1 ruby1.9.1 - heap overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7ruby1.9.1Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2753-1 mediawiki - cross-site request forgery token disclosureDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7mediawikiIt was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2510-1 extplorer - Cross-site request forgeryDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0extplorerJohn Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2531-1 xen - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xenSeveral denial-of-service vulnerabilities have been discovered in Xen, the popular virtualization software.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2757-1 wordpress - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7wordpressSeveral vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2763-1 pyopenssl - hostname check bypassingDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7pyopensslIt was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2791-1 tryton-client - missing input sanitisationDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7tryton-clientCedric Krier discovered that the Tryton client does not sanitise the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client has write access.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2480-3 request-tracker3.8 - regressionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.8Several vulnerabilities were discovered in Request Tracker, an issue tracking system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2694-1 spip - privilege escalationDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7spipA privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2686-1 libxcb - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxcbIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2765-1 davfs2 - privilege escalationDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7davfs2Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2450-1 samba - privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0sambaIt was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2620-1 rails - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsTwo vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2780-1 mysql-5.1 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mysql-5.1This DSA updates the MySQL database to 5.1.72. This fixes multiple unspecified security problems in the Optimizer component: <a href="http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html">http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html</a>Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2483-1 strongswan - authentication bypassDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0strongswanAn authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2604-1 rails - insufficient input validationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsIt was discovered that Rails, the Ruby web application development framework, performed insufficient validation on input parameters, allowing unintended type conversions. An attacker may use this to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on the application.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2502-1 python-crypto - programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0python-cryptoIt was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute force attacks on such keys.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2446-1 libpng - incorrect memory handlingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libpngIt was discovered that incorrect memory handling in the png_set_text2() function of the PNG library could lead to the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2485-1 imp4 - cross site scriptingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0imp4Multiple cross-site scripting (XSS) vulnerabilities were discovered in IMP, the webmail component in the Horde framework. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various crafted parameters.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2760-1 chrony - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7chronyFlorian Weimer discovered two security problems in the Chrony time synchronisation software (buffer overflows and use of uninitialised data in command replies).Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2781-1 python-crypto - PRNG not correctly reseeded in some situationsDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7python-cryptoA cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2718-1 wordpress - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7wordpressSeveral vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2490-1 nss - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nssKaspar Brand discovered that Mozilla's Network Security Services (NSS) libraries did insufficient length checking in the QuickDER decoder, allowing to crash a program using the libraries.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2708-1 fail2ban - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7fail2banKrzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2638-1 openafs - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openafsMultiple buffer overflows were discovered in OpenAFS, the implementation of the distributed filesystem AFS, which might result in denial of service or the execution of arbitrary code. Further information is available at <a href="http://www.openafs.org/security">http://www.openafs.org/security</a>.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2466-1 rails - cross site scriptingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsSergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2448-1 inspircd - buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7inspircdIt was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2692-1 libxxf86vm - severalDebian GNU/Linux 7Debian GNU/Linux 6.0Debian GNU/kFreeBSD 7Debian GNU/kFreeBSD 6.0libxxf86vmIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2783-1 librack-ruby - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0librack-rubySeveral vulnerabilities were discovered in Rack, a modular Ruby webserver interface.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2784-1 xorg-server - use-after-freeDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7xorg-serverPedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg X server, which could result in denial of service or privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2586-1 perl - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0perlTwo vulnerabilities were discovered in the implementation of the Perl programming language.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2520-1 openoffice.org - Multiple heap-based buffer overflowsDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openoffice.orgTimo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2807-1 links2 - integer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7links2Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2775-1 ejabberd - insecure SSL usageDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7ejabberdIt was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure. The software offers no runtime configuration options to disable these. This update disables the use of SSLv2 and weak ciphers.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2580-1 libxml2 - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxml2Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2612-1 ircd-ratbox - programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ircd-ratboxIt was discovered that a bug in the server capability negotiation code of ircd-ratbox could result in denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2455-1 typo3-src - cross site scriptingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0typo3-srcHelmut Hummel of the TYPO3 security team discovered that TYPO3, a web content management system, is not properly sanitising output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitise this output on their own or in the presence of extensions using the extbase MVC framework which accept objects to controller actions.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2570-1 openoffice.org - remoteDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openoffice.orgHigh-Tech Bridge SA Security Research Lab discovered multiple null-pointer dereferences based vulnerabilities in OpenOffice.org which could cause application crash or even arbitrary code execution using specially crafted files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (PowerPoint 2003) and XLS (Excel 2003).Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2480-1 request-tracker3.8 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.8Several vulnerabilities were discovered in Request Tracker, an issue tracking system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2504-1 libspring-2.5-java - information disclosureDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libspring-2.5-javaIt was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language (EL) patterns, allowing attackers to access sensitive information using HTTP requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2634-1 python-django - several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0python-djangoSeveral vulnerabilities have been discovered in Django, a high-level Python web development framework.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2516-1 isc-dhcp - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0isc-dhcpTwo security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2572-1 iceape - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2656-1 bind9 - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bind9Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2800-1 nss - buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7nssAndrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2733-1 otrs2 - SQL injectionDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7otrs2It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2723-1 php5 - heap corruptionDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7php5It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2726-1 php-radius - buffer overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7php-radiusA buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2751-1 libmodplug - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libmodplugSeveral vulnerabilities have been discovered in libmodplug, a library for mod music based on ModPlug, that might allow arbitrary code execution when processing specially-crafted ABC files through applications using the library, such as media players.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2727-1 openjdk-6 - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7openjdk-6Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2744-1 tiff - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7tiffPedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2731-1 libgcrypt11 - information leakDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libgcrypt11Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2730-1 gnupg - information leakDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7gnupgYarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2734-1 wireshark - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7wiresharkMultiple vulnerabilities were discovered in the dissectors for DVB-CI, GSM A Common and ASN.1 PER and in the Netmon file parser.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2755-1 python-django - directory traversalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7python-djangoRainer Koirikivi discovered a directory traversal vulnerability with <q>ssi</q> template tags in python-django, a high-level Python web development framework.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2742-1 php5 - interpretation conflictDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7php5It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be abused for impersonating other users.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2738-1 ruby1.9.1 - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7ruby1.9.1Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2515-1 nsd3 - null pointer dereferenceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nsd3Marek Vavrusa and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. This can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of service attacks.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2489-1 iceape - several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2459-1 quagga - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0quaggaSeveral vulnerabilities have been discovered in Quagga, a routing daemon.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2530-1 rssh - shell command injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0rsshHenrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2511-1 puppet - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0puppetSeveral security vulnerabilities have been found in Puppet, a centralized configuration management:Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2728-1 bind9 - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7bind9Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2451-1 puppet - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0puppetSeveral vulnerabilities have been discovered in Puppet, a centralized configuration management system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2501-1 xen - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xenSeveral vulnerabilities were discovered in Xen, a hypervisor.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2459-2 quagga - regressionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0quaggaSeveral vulnerabilities have been discovered in Quagga, a routing daemon.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2480-2 request-tracker3.8 - regressionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.8Several vulnerabilities were discovered in Request Tracker, an issue tracking system:Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2725-1 tomcat6 - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7tomcat6Two security issues have been found in the Tomcat servlet and JSP engine:Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2528-1 icedove - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2486-1 bind9 - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bind9It was discovered that BIND, a DNS server, can crash while processing resource records containing no data bytes. Both authoritative servers and resolvers are affected.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2519-1 isc-dhcp - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0isc-dhcpDSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additional update.]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2591-1 mahara - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0maharaMultiple security issues have been found in Mahara, an electronic portfolio, weblog, and resume builder, which can result in cross-site scripting, clickjacking or arbitrary file execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2673-1 libdmx - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libdmxIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2553-1 iceweasel - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2729-1 openafs - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7openafsOpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: <a href="http://www.openafs.org/security/OPENAFS-SA-2013-003.txt">OPENAFS-SA-2013-003</a>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2524-1 openttd - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openttdTwo denial of service vulnerabilities have been discovered in the server component of OpenTTD, a free reimplementation of Transport Tycoon Deluxe.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2687-1 libfs - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libfsIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2583-1 iceweasel - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselMultiple vulnerabilities have been found in Iceweasel, the Debian web browser based on Mozilla Firefox:Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2540-1 mahara - cross-site scriptingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0maharaEmanuel Bronshtein discovered that Mahara, an electronic portfolio, weblog, and resume builder, contains multiple cross-site scripting vulnerabilities due to missing sanitisation and insufficient encoding of user-supplied data.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2619-1 xen-qemu-dm-4.0 - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xen-qemu-dm-4.0A buffer overflow was found in the e1000 emulation, which could be triggered when processing jumbo frames.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2621-1 openssl - several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensslMultiple vulnerabilities have been found in OpenSSL.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2605-1 asterisk - several issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, that allow remote attackers to perform denial of service attacks.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2499-1 icedove - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveCVE-2012-1937, CVE-2012-1939) and a use-after-free issue (CVE-2012-1940).]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2555-1 libxslt - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxsltNicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2617-1 samba - several issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0sambaJann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2597-1 rails - input validation errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsjoernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to <q>find_by_*</q> methods. Depending on how the ruby on rails application is using these methods, this allows an attacker to perform SQL injection attacks, e.g., to bypass authentication if Authlogic is used and the session secret token is known.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2623-1 openconnect - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openconnectKevin Cernekee discovered that a malicious VPN gateway can send crafted responses which trigger stack-based buffer overflows.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2491-1 postgresql-8.4 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0postgresql-8.4Two vulnerabilities were discovered in PostgreSQL, an SQL database server.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2477-1 sympa - authorisation bypassDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0sympaSeveral vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorisation mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorised users.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2749-1 asterisk - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7asteriskColin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2479-1 libxml2 - off-by-oneDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxml2Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2513-1 iceape - several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2615-1 libupnp4 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libupnp4Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2625-1 wireshark - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wiresharkMultiple vulnerabilities were discovered in the dissectors for the CLNP, DTLS, DCP-ETSI and NTLMSSP protocols, which could result in denial of service or the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2703-1 subversion - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7subversionSeveral vulnerabilities were discovered in Subversion, a version control system.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2683-1 libxi - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxiIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2481-1 arpwatch - fails to drop supplementary groupsDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0arpwatchSteve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2487-1 openoffice.org - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openoffice.orgIt was discovered that OpenOffice.org would not properly process crafted document files, possibly leading to arbitrary code execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2551-1 isc-dhcp - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0isc-dhcpGlen Eustace discovered that the ISC DHCP server, a server for automatic IP address assignment, is not properly handling changes in the expiration times of a lease. An attacker may use this flaw to crash the service and cause denial of service conditions, by reducing the expiration time of an active IPv6 lease.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2649-1 lighttpd - fixed socket name in world-writable directoryDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0lighttpdStefan Buhler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control socket and for example force the webserver to use a different PHP version.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2522-1 fckeditor - cross site scriptingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0fckeditorEmilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular HTML/DHTML editor for the web.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2565-1 iceweasel - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselMultiple vulnerabilities have been discovered in Iceweasel, Debian's version of the Mozilla Firefox web browser.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2715-1 puppet - code executionDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7puppetIt was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2635-1 cfingerd - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cfingerdMalcolm Scott discovered a remote-exploitable buffer overflow in the RFC1413 (ident) client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2458-1 iceape - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2467-1 mahara - insecure defaultsDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0maharaIt was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2258-1 kolab-cyrus-imapd - implementation errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 5.0kolab-cyrus-imapdIt was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2599-1 nss - mis-issued intermediatesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nssGoogle, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries (nss) mis-issued two intermediate CAs which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CAs. The two existing TurkTrust root CAs remain active.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2449-1 sqlalchemy - missing input sanitisationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0sqlalchemyIt was discovered that SQLAlchemy, an SQL toolkit and object relational mapper for Python, is not sanitising input passed to the limit/offset keywords to select() as well as the value passed to select.limit()/offset(). This allows an attacker to perform SQL injection attacks against applications using SQLAlchemy that do not implement their own filtering.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2534-1 postgresql-8.4 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0postgresql-8.4Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2463-1 samba - missing permission checksDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0sambaIvano Cristofolini discovered that insufficient security checks in Samba's handling of LSA RPC calls could lead to privilege escalation by gaining the <q>take ownership</q> privilege.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2447-1 tiff - integer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tiffAlexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2461-1 spip - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0spipSeveral vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site scripting, script code injection and bypass of restrictions.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2748-1 exactimage - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7exactimageSeveral denial-of-service vulnerabilities were discovered in the dcraw code base, a program for processing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2579-1 apache2 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0apache2A vulnerability has been found in the Apache HTTPD Server:Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2701-1 krb5 - denial of serviceDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7krb5It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2689-1 libxtst - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxtstIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2675-1 libxvmc - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxvmcIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2645-1 inetutils - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0inetutilsOvidiu Mara reported in 2010 a vulnerability in the ping util, commonly used by system and network administrators. By carefully crafting ICMP responses, an attacker could make the ping command hangs.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2571-1 libproxy - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libproxyThe Red Hat Security Response Team discovered that libproxy, a library for automatic proxy configuration management, applied insufficient validation to the Content-Length header sent by a server providing a proxy.pac file. Such remote server could trigger an integer overflow and consequently overflow an in-memory buffer.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2158-1 cgiirc - cross-site-scriptingDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cgiircMichael Brooks (Sitewatch) discovered a reflective XSS flaw in CGI:IRC, a web based IRC client, which could lead to the execution of arbitrary javascript.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2517-1 bind9 - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bind9Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialisation. As a result, an attacker can trigger an assertion failure on servers under high query load that do DNSSEC validation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2493-1 asterisk - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2663-1 tinc - stack based buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tincMartin Schobert discovered a stack-based vulnerability in tinc, a Virtual Private Network (VPN) daemon.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2585-1 bogofilter - heap-based buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bogofilterA heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2532-1 libapache2-mod-rpaf - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libapache2-mod-rpafSebastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2526-1 libotr - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libotrJust Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2653-1 icinga - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icingaIt was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2581-1 mysql-5.1 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mysql-5.1Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the <a href="http://dev.mysql.com/doc/refman/5.1/en/news-5-1-66.html">MySQL release notes</a>.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2546-1 freeradius - code executionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0freeradiusTimo Warns discovered that the EAP-TLS handling of FreeRADIUS, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2651-1 smokeping - cross-site scripting vulnerabilityDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0smokepingA cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the <q>displaymode</q> parameter was not properly sanitised. An attacker could use this flaw to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2201-1 wireshark - severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wiresharkHuzaifa Sidhpurwala, Joernchen, and Xiaopeng Zhang discovered several vulnerabilities in the Wireshark network traffic analyzer. Vulnerabilities in the DCT3, LDAP and SMB dissectors and in the code to parse pcag-ng files could lead to denial of service or the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2469-1 linux-2.6 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2567-1 request-tracker3.8 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.8Several vulnerabilities were discovered in Request Tracker (RT), an issue tracking system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2613-1 rails - insufficient input validationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsLawrence Pit discovered that Ruby on Rails, a web development framework, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2629-1 openjpeg - several issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openjpegHeap memory corruption leading to invalid free when processing certain Gray16 TIFF images.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2453-1 gajim - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gajimSeveral vulnerabilities have been discovered in Gajim, a feature-rich Jabber client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2693-1 libx11 - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libx11Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2685-1 libxp - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxpIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2471-1 ffmpeg - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ffmpegSeveral vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2557-1 hostapd - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0hostapdTimo Warns discovered that the internal authentication server of hostapd, a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, is vulnerable to a buffer overflow when processing fragmented EAP-TLS messages. As a result, an internal overflow checking routine terminates the process. An attacker can abuse this flaw to conduct denial of service attacks via crafted EAP-TLS messages prior to any authentication.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2473-1 openoffice.org - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openoffice.orgTielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2603-1 emacs23 - programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0emacs23Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to <q>safe</q>.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2681-1 libxcursor - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxcursorIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2601-1 gnupg - missing input sanitationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gnupggnupg2KB Sriram discovered that GnuPG, the GNU Privacy Guard did not sufficiently sanitise public keys on import, which could lead to memory and keyring corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2631-1 squid3 - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0squid3Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi:Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2719-1 poppler - multiple issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0popplerMultiple vulnerabilities were discovered in the poppler PDF rendering library.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2677-1 libxrender - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxrenderIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2542-1 qemu-kvm - multipleDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0qemu-kvmMultiple vulnerabilities have been discovered in KVM, a full virtualization solution on x86 hardware.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2575-1 tiff - heap overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tiffIt was discovered that ppm2tiff of the TIFF tools, a set of utilities for TIFF manipulation and conversion, is not properly checking the return value of an internal function used in order to detect integer overflows. As a consequence, ppm2tiff suffers of a heap-based buffer overflow. This allows attacker to potentially execute arbitrary code via a crafted PPM image, especially in scenarios in which images are automatically processed.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2607-1 qemu-kvm - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0qemu-kvmIt was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2713-1 curl - heap overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7curlTimo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2657-1 postgresql-8.4 - guessable random numbersDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0postgresql-8.4A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2736-1 putty - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7puttySeveral vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2509-1 pidgin - remote code executionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0pidginUlf Härnhammar found a buffer overflow in Pidgin, a multi-protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2497-1 quagga - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0quaggaIt was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2340-1 postgresql - weak password hashingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 5.0postgresql-8.4postgresql-8.3magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2740-1 python-django - cross-site scripting vulnerabilityDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7python-djangoNick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2573-1 radsecproxy - SSL certificate verification weaknessDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0radsecproxyRalf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up pre- and post-handshake verification of clients. This vulnerability may wrongly accept clients without checking their certificate chain under certain configurations.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2717-1 xml-security-c - heap overflowDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7xml-security-cJon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address <a href="http://security-tracker.debian.org/tracker/CVE-2013-2154">CVE-2013-2154</a> introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code, possibly leading to arbitrary code execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2711-1 haproxy - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0haproxyMultiple security issues have been found in HAProxy, a load-balancing reverse proxy:Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2505-1 zendframework - information disclosureDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0zendframeworkAn XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2484-1 nut - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nutSebastian Pohle discovered that UPSD, the server of Network UPS Tools (NUT) is vulnerable to a remote denial of service attack.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2665-1 strongswan - authentication bypassDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7strongswanKevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMSergey ArtykhovACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2495-1 openconnect - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openconnectA buffer overflow was discovered in OpenConnect, a client for the Cisco AnyConnect VPN, which could result in denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2507-1 openjdk-6 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openjdk-6Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2639-1 php5 - several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5Several vulnerabilities have been discovered in PHP, the web scripting language.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2595-1 ghostscript - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ghostscriptMarc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2465-1 php5 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2633-1 fusionforge - privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0fusionforgeHelmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2456-1 dropbear - use after freeDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0dropbearDanny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2641-1 perl - rehashing flawDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0perlYves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2569-1 icedove - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveMultiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2611-1 movabletype-opensource - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0movabletype-opensourceAn input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2480-4 request-tracker3.8 - regressionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.8Several vulnerabilities were discovered in Request Tracker, an issue tracking system:Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2691-1 libxinerama - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7libxineramaIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2559-1 libexif - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libexifSeveral vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2637-1 apache2 - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0apache2Several vulnerabilities have been found in the Apache HTTPD server.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2519-2 isc-dhcp - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0isc-dhcpDSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additional update.]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2593-1 moin - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0moinIt was discovered that missing input validation in the twikidraw and anywikidraw actions can result in the execution of arbitrary code. This security issue is being actively exploited.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2589-1 tiff - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tiffThe tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2659-1 libapache-mod-security - XML external entity processing vulnerabilityDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libapache-mod-securityTimur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a remote attacker, could lead to local file disclosure or excessive resources (CPU, memory) consumption when processed.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2561-1 tiff - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tiffIt was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2679-1 xserver-xorg-video-openchrome - severalDebian GNU/Linux 6.0Debian GNU/Linux 7Debian GNU/kFreeBSD 6.0Debian GNU/kFreeBSD 7xserver-xorg-video-openchromeIlja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDebian 7 is installedDebian 7Debian 7 (wheezy) is installedMaria KedovskayaDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2454-1 openssl - multipleDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensslMultiple vulnerabilities have been found in OpenSSL.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2442-2 openarena - UDP traffic amplificationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openarenaIt has been discovered that spoofed <q>getstatus</q> UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine (such as openarena). These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2643-1 puppet - several issuesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0puppetMultiple vulnerabilities were discovered in Puppet, a centralized configuration management system.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2536-1 otrs2 - cross-site scriptingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0otrs2It was discovered that Open Ticket Request System (OTRS), a ticket request system, contains a cross-site scripting vulnerability when email messages are viewed using Internet Explorer. This update also improves the HTML security filter to detect tag nesting.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2563-1 viewvc - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0viewvcSeveral vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2587-1 libcgi-pm-perl - HTTP header injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libcgi-pm-perlIt was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2647-1 firebird2.1 - buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0firebird2.1A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2538-1 moin - privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0moinIt was discovered that Moin, a Python clone of WikiWiki, incorrectly evaluates ACLs when virtual groups are involved. This may allow certain users to have additional permissions (privilege escalation) or lack expected permissions.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2475-1 openssl - integer underflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensslIt was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2655-1 rails - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsSeveral cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2577-1 libssh - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libsshMultiple vulnerabilities were discovered in libssh by Florian Weimer and Xi Wang:Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2661-1 xorg-server - information disclosureDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xorg-serverDavid Airlie and Peter Hutterer of Red Hat discovered that xorg-server, the X.Org X server was vulnerable to an information disclosure flaw related to input handling and devices hotplug.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2609-1 rails - SQL query manipulationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsAn interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2503-1 bcfg2 - shell command injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bcfg2It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2300-1 nss - compromised certificate authorityDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0Debian GNU/Linux 5.0nssSeveral unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS crypto libraries.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2544-1 xen - denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xenMultiple denial of service vulnerabilities have been discovered in Xen, an hypervisor.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2548-1 tor - severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0torSeveral vulnerabilities have been discovered in Tor, an online privacy tool.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2627-1 nginx - information leakDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nginxJuliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed <q>CRIME</q>, allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update to nginx disables SSL compression.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2382-1 ecryptfs-utils -- multipleDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ecryptfs-utilsSeveral problems have been discovered in ecryptfs-utils, a cryptographic filesystem for Linux. CVE-2011-1831 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. CVE-2011-1832 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to unmount to arbitrary locations, leading to a denial of service. CVE-2011-1834 Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly handled modifications to the mtab file when an error occurs. A local attacker could use this flaw to corrupt the mtab file, and possibly unmount arbitrary locations, leading to a denial of service. CVE-2011-1835 Marc Deslauriers discovered that eCryptfs incorrectly handled keys when setting up an encrypted private directory. A local attacker could use this flaw to manipulate keys during creation of a new user. CVE-2011-1837 Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled lock counters. A local attacker could use this flaw to possibly overwrite arbitrary files. We acknowledge the work of the Ubuntu distribution in preparing patches suitable for near-direct inclusion in the Debian package.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2389-1 linux-2.6 -- privilege escalation/denial of service/information leakDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2183 Andrea Righi reported an issue in KSM, a memory-saving de-duplication feature. By exploiting a race with exiting tasks, local users can cause a kernel oops, resulting in a denial of service. CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. CVE-2011-2898 Eric Dumazet reported an information leak in the raw packet socket implementation. CVE-2011-3353 Han-Wen Nienhuys reported a local denial of service issue issue in the FUSE support in the linux kernel. Local users could cause a buffer overflow, leading to a kernel oops and resulting in a denial of service. CVE-2011-4077 Carlos Maiolino reported an issue in the XFS filesystem. A local user with the ability to mount a filesystem could corrupt memory resulting in a denial of service or possibly gain elevated privileges. CVE-2011-4110 David Howells reported an issue in the kernel's access key retention system which allow local users to cause a kernel oops leading to a denial of service. CVE-2011-4127 Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough support for SCSI devices. Users with permission to access restricted portions of a device can obtain access to the entire device by way of the SG_IO ioctl. This could be exploited by a local user or privileged VM guest to achieve a privilege escalation. CVE-2011-4611 Maynard Johnson reported an issue with the perf support on POWER7 systems that allows local users to cause a denial of service. CVE-2011-4622 Jan Kiszka reported an issue in the KVM PIT timer support. Local users with the permission to use KVM can cause a denial of service by starting a PIT timer without first setting up the irqchip. CVE-2011-4914 Ben Hutchings reported various bounds checking issues within the ROSE protocol support in the kernel. Remote users could possibly use this to gain access to sensitive memory or cause a denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2384-1 cacti -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cactiSeveral vulnerabilities have been discovered in cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2410-1 libpng -- integer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libpngJueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2444-1 tryton-server -- privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tryton-serverIt was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2404-1 xen-qemu-dm-4.0 -- buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xen-qemu-dm-4.0Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges. The old stable distribution does not contain the xen-qemu-dm-4.0 package.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2399-1 php5 -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit characters, which made it easier for attackers to determine a cleartext password by using knowledge of a password hash. CVE-2011-4566 When used on 32 bit platforms, the exif extension could be used to trigger an integer overflow in the exif_process_IFD_TAG function when processing a JPEG file. CVE-2011-4885 It was possible to trigger hash collisions predictably when parsing form parameters, which allows remote attackers to cause a denial of service by sending many crafted parameters. CVE-2012-0057 When applying a crafted XSLT transform, an attacker could write files to arbitrary places in the filesystem. NOTE: the fix for CVE-2011-2483 required changing the behaviour of this function: it is now incompatible with some old generated hashes for passwords containing 8-bit characters. See the package NEWS entry for details. This change has not been applied to the Lenny version of PHP.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2391-1 phpmyadmin -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0phpmyadminSeveral vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4107 The XML import plugin allowed a remote attacker to read arbitrary files via XML data containing external entity references. CVE-2011-1940, CVE-2011-3181 Cross site scripting was possible in the table tracking feature, allowing a remote attacker to inject arbitrary web script or HTML. The oldstable distribution is not affected by these problems.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDSA-2439-1 libpng -- buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libpngGlenn-Randers Pehrson discovered an buffer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2346-1 proftpd-dfsg -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0proftpd-dfsgSeveral vulnerabilities were discovered in ProFTPD, an FTP server: ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code executionSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2393-1 bip -- buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bipJulien Tinnes reported a buffer overflow in the bip multiuser irc proxy which may allow arbitrary code execution by remote users. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2422-1 file -- missing bounds checksDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0fileThe file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File format, leading to crashes. Note that after this update, file may return different detection results for CDF files. The new detections are believed to be more accurate.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2431-1 libdbd-pg-perl -- format string vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libdbd-pg-perlNiko Tyni discovered two format string vulnerabilities in DBD::Pg, a Perl DBI driver for the PostgreSQL database server, which can be exploited by a rogue database server.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2413-1 libarchive -- buffer overflowsDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libarchiveTwo buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2405-1 apache2 -- multiple issuesDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0apache2Several vulnerabilities have been found in the Apache HTTPD Server: CVE-2011-3607: An integer overflow in ap_pregsub could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. CVE-2011-3368 CVE-2011-3639 CVE-2011-4317: The Apache HTTP Server did not properly validate the request URI for proxied requests. In certain reverse proxy configurations using the ProxyPassMatch directive or using the RewriteRule directive with the [P] flag, a remote attacker could make the proxy connect to an arbitrary server. The could allow the attacker to access internal servers that are not otherwise accessible from the outside. The three CVE ids denote slightly different variants of the same issue. Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. CVE-2012-0053: The response message for error code 400 could be used to expose "httpOnly" cookies. This could allow a remote attacker using cross site scripting to steal authentication cookies. For the oldstable distribution, these problems have been fixed in version apache2 2.2.9-10+lenny12. For the stable distribution, these problems have been fixed in version apache2 2.2.16-6+squeeze6 For the testing distribution, these problems will be fixed in version 2.2.22-1. For the unstable distribution, these problems have been fixed in version 2.2.22-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version numberSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2341-1 iceweasel -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2426-1 gimp -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gimpSeveral vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program. CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Position field in a plugin configuration file. CVE-2010-4541 Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. CVE-2010-4542 Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in in the GFIG plugin allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. CVE-2010-4543 Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro plugin allows remote attackers to cause a denial of service or possibly execute arbitrary code via a PSP_COMP_RLE image file that begins a long run count at the end of the image. CVE-2011-1782 The correction for CVE-2010-4543 was incomplete. CVE-2011-2896 The LZW decompressor in the LZWReadByte function in plug-ins/common/file-gif-load.c does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2354-1 cups -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cupsPetr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the Cups printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2414-1 fex -- insufficient input sanitisationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0fexNicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitising input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2342-1 iceape -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2318-1 cyrus-imapd-2.2 -- multipleDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cyrus-imapd-2.2Multiple security issues have been discovered in cyrus-imapd, a highly scalable mail system designed for use in enterprise environments. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3208 Coverity discovered a stack-based buffer overflow in the NNTP server implementation of cyrus-imapd. An attacker can exploit this flaw via several crafted NNTP commands to execute arbitrary code. CVE-2011-3372 Stefan Cornelius of Secunia Research discovered that the command processing of the NNTP server implementation of cyrus-imapd is not properly implementing access restrictions for certain commands and is not checking for a complete, successful authentication. An attacker can use this flaw to bypass access restrictions for some commands and, e.g. exploit CVE-2011-3208 without proper authentication.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2381-1 squid3 -- invalid memory deallocationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0squid3It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash. The squid package and the version of squid3 shipped in lenny lack IPv6 support and are not affected by this issue.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2401-1 tomcat6 -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tomcat6Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written into a logfile. CVE-2011-2526 Missing input sanisiting in the HTTP APR or HTTP NIO connectors could lead to denial of service. CVE-2011-3190 AJP requests could be spoofed in some setups. CVE-2011-3375 Incorrect request caching could lead to information disclosure. CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requestsSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2352-1 puppet -- programming errorDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0puppetIt was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the "certdnsnames" option was used. This could lead to man in the middle attacksSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2403-1 php5 -- code injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2436-1 libapache2-mod-fcgid -- inactive resource limitsDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libapache2-mod-fcgidIt was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2329-1 torque -- buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0torqueBartlomiej Balcerek discovered several buffer overflows in torque server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names. The oldstable distribution does not contain torque.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2432-1 libyaml-libyaml-perl -- format string vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libyaml-libyaml-perlDominic Hargreaves and Niko Tyni discovered two format string vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml library.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2376-2 ipmitool -- insecure pid fileDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ipmitoolIt was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file. The original announcement didn't contain corrections for the Debian 5.0 "lenny" distribution. This update adds packages for lenny.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2301-2 rails -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsIt was discovered that the last security update for Ruby on Rails, DSA-2301-1, introduced a regression in the libactionpack-ruby package.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2434-1 nginx -- sensitive information leakDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nginxMatthew Daley discovered a memory disclosure vulnerability in nginx. In previous versions of this web server, an attacker can receive the content of previously freed memory if an upstream server returned a specially crafted HTTP response, potentially exposing sensitive information.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2383-1 super -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0superRobert Luberda discovered a buffer overflow in the syslog logging code of Super, a tool to execute scripts as if they were root. The default Debian configuration is not affected.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2390-1 openssl -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensslSeveral vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. CVE-2011-4576 The SSL 3.0 implementation does not properly initialise data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. CVE-2011-4619 The Server Gated Cryptography implementation in OpenSSL does not properly handle handshake restarts, unnecessarily simplifying CPU exhaustion attacks.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2402-1 iceape -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0444 "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code. CVE-2012-0449 Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2356-1 openjdk-6 -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openjdk-6Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform: CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code to elevate its privileges. CVE-2011-3547 The skip method in java.io.InputStream uses a shared buffer, allowing untrusted Java code to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory method, allowing untrusted Java code to bypass security policy restrictions.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2321-1 moin -- cross-site scriptingDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0moinA cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2350-1 freetype -- missing input sanitisingDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0freetypeIt was discovered that missing input sanitising in Freetype's processing of CID-keyed fonts could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2440-1 libtasn1-3 – missing bounds checkDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libtasn1-3Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2387-1 simplesamlphp -- insufficient input sanitationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0simplesamlphptimtai1 discovered that simpleSAMLphp, an authentication and federation platform, is vulnerable to a cross site scripting attack, allowing a remote attacker to access sensitive client data. The oldstable distribution does not contain a simplesamlphp package.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2420-1 openjdk-6 -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openjdk-6Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. CVE-2011-3377 The Iced Tea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix with the required domain name. CVE-2011-3563 The Java Sound component did not properly check for array boundaries. A malicious input or an untrusted Java application or applet could use this flaw to cause Java Virtual Machine to crash or disclose portion of its memory. CVE-2011-5035 The OpenJDK embedded web server did not guard against an excessive number of a request parameters, leading to a denial of service vulnerability involving hash collisions. CVE-2012-0497 It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. This could lead to JVM crash or Java sandbox bypass. CVE-2012-0501 The ZIP central directory parser used by java.util.zip.ZipFile entered an infinite recursion in native code when processing a crafted ZIP file, leading to a denial of service. CVE-2012-0502 A flaw was found in the AWT KeyboardFocusManager class that could allow untrusted Java applets to acquire keyboard focus and possibly steal sensitive information. CVE-2012-0503 The java.util.TimeZone.setDefault method lacked a security manager invocation, allowing an untrusted Java application or applet to set a new default time zone. CVE-2012-0505 The Java serialization code leaked references to serialization exceptions, possibly leaking critical objects to untrusted code in Java applets and applications. CVE-2012-0506 It was discovered that CORBA implementation in Java did not properly protect repository identifiers on certain Corba objects. This could have been used to perform modification of the data that should have been immutable. CVE-2012-0507 The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine to crash or bypass Java sandbox restrictionsSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2392-1 openssl -- out-of-bounds readDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensslAntonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2443-1 linux-2.6 -- privilege escalation/denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4307 Nageswara R Sastry reported an issue in the ext4 filesystem. Local users with the privileges to mount a filesystem can cause a denial of service by providing a s_log_groups_per_flex value greater than 31. CVE-2011-1833 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information leak in the eCryptfs filesystem. Local users were able to mount arbitrary directories. CVE-2011-4347 Sasha Levin reported an issue in the device assignment functionality in KVM. Local users with permission to access /dev/kvm could assign unused pci devices to a guest and cause a denial of service. CVE-2012-0045 Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest running on a 64-bit system can crash the guest with a syscall instruction. CVE-2012-1090 CAI Qian reported an issue in the CIFS filesystem. A reference count leak can occur during the lookup of special files, resulting in a denial of service on umount. CVE-2012-1097 H. Peter Anvin reported an issue in the regset infrastructure. Local users can cause a denial of service by triggering the write methods of readonly regsets.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2359-1 mojarra -- EL injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mojarraIt was discovered that Mojarra, an implementation of JavaServer Faces, evaluates untrusted values as EL expressions if includeViewParameters is set to true.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2326-1 pam -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0pamKees Cook of the ChromeOS security team discovered a buffer overflow in pam_env, a PAM module to set environment variables through the PAM stack, which allowed the execution of arbitrary code. An additional issue in argument parsing allows denial of service. The oldstable distribution is not affected.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2368-1 lighttpd -- multipleDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0lighttpdSeveral vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions. CVE-2011-3389 When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called "BEAST" attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack on an HTTPS session. Technically this is no lighttpd vulnerability. However, lighttpd offers a workaround to mitigate this problem by providing a possibility to disable CBC ciphers. This updates includes this option by default. System administrators are advised to read the NEWS file of this update.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2311-1 openjdk-6 -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openjdk-6Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code could access information about network interfaces which was not intended to be public. CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code to crash the virtual machine. CVE-2011-0869 Untrusted code could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code could elevate its privileges through the Swing MediaTracker code. In addition, this update removes support for the Zero/Shark and Cacao Hotspot variants from the i386 and amd64 due to stability issues. These Hotspot variants are included in the openjdk-6-jre-zero and icedtea-6-jre-cacao packages, and these packages must be removed during this update.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2334-1 mahara -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0maharaSeveral vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder: CVE-2011-2771 Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. CVE-2011-2772 Richard Mansfield discovered that insufficient upload restrictions allowed denial of service. CVE-2011-2773 Richard Mansfield that the management of institutions was prone to cross-site request forgery. Andrew Nichols discovered a privilege escalation vulnerability in MNet handling.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2332-1 python-django -- several issuesDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0python-djangoPaul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework: CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session. CVE-2011-4137, CVE-2011-4138 Django's field type URLfield by default checks supplied URL's by issuing a request to it, which doesn't time out. A Denial of Service is possible by supplying specially prepared URL's that keep the connection open indefinately or fill the Django's server memory. CVE-2011-4139 Django used X-Forwarded-Host headers to construct full URL"s. This header may not contain trusted input and could be used to poison the cache. CVE-2011-4140 The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2438-1 raptor -- programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0raptorIt was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2435-1 gnash -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gnashSeveral vulnerabilities have been identified in Gnash, the GNU Flash player. CVE-2012-1175 Tielei Wang from Georgia Tech Information Security Center discovered a vulnerability in GNU Gnash which is caused due to an integer overflow error and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted SWF file. CVE-2011-4328 Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie files are stored under /tmp and have predictable names, vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for, and are also world-readable which may cause information leak. CVE-2010-4337 Jakub Wilk discovered an unsafe management of temporary files during the build process. Files are stored under /tmp and have predictable names, vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2348-1 systemtap -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0systemtapSeveral vulnerabilities were discovered in SystemTap, an instrumentation system for Linux: CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation. CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation. CVE-2010-4171 It was discovered that insufficient validation of module unloading could lead to denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2412-1 libvorbis -- buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libvorbisIt was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2408-1 php5 -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1072 It was discoverd that insecure handling of temporary files in the PEAR installer could lead to denial of service. CVE-2011-4153 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the zend_strndup function could lead to denial of service. CVE-2012-0781 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the tidy_diagnose function could lead to denial of service. CVE-2012-0788 It was discovered that missing checks in the handling of PDORow objects could lead to denial of service. CVE-2012-0831 It was discovered that the magic_quotes_gpc setting could be disabled remotely This update also addresses PHP bugs, which are not treated as security issues in Debian , but which were fixed nonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2378-1 ffmpeg -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ffmpegSeveral vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2338-1 moodle -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0moodleSeveral cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning: * MSA-11-0020 Continue links in error messages can lead offsite * MSA-11-0024 Recaptcha images were being authenticated from an older server * MSA-11-0025 Group names in user upload CSV not escaped * MSA-11-0026 Fields in user upload CSV not escaped * MSA-11-0031 Forms API constant issue * MSA-11-0032 MNET SSL validation issue * MSA-11-0036 Messaging refresh vulnerability * MSA-11-0037 Course section editing injection vulnerability * MSA-11-0038 Database injection protection strengthenedSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2373-1 inetutils -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0inetutilsIt was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2323-1 radvd -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0radvdMultiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var function doesnt check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local access, or specific files overwrites otherwise. CVE-2011-3604 process_ra function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs function calls mdelay unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed. An attacked could flood the daemon with router solicitations in order to fill the input queue, causing a temporary denial of service. Note: upstream and Debian default is to use anycast mode.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2388-1 t1lib -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0t1libSeveral vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts. CVE-2010-2642 A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0433 Another heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0764 An invalid pointer dereference allows execution of arbitrary code using crafted Type 1 fonts. CVE-2011-1552 Another invalid pointer dereference results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1553 A use-after-free vulnerability results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1554 An off-by-one error results in an invalid memory read and application crash, triggered by crafted Type 1 fonts.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2328-1 freetype -- missing input sanitisingDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0freetypeIt was discovered that missing input sanitising in Freetype's glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2441-1 gnutls26 -- missing bounds checkDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gnutls26Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2335-1 man2html -- missing input sanitisationDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0man2htmlTim Starling discovered that the Debian-native CGI wrapper for man2html, a program to convert UNIX man pages to HTML, is not properly escaping user-supplied input when displaying various error messages. A remote attacker can exploit this flaw to conduct cross-site scripting attacks.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2419-1 puppet -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0puppetTwo vulnerabilities were discovered in Puppet, a centralized configuration management tool. CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. CVE-2012-1054 The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2363-1 tor -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0torIt was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. In Tor's default configuration this issue can only be triggered by clients that can connect to Tor's socks port, which listens only on localhost by default. In non-default configurations where Tor's SocksPort listens not only on localhost or where Tor was configured to use another socks server for all of its outgoing connections, Tor is vulnerable to a larger set of malicious parties.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2394-1 libxml2 -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxml2Many security problems had been fixed in libxml2, a popular library to handle XML data files. CVE-2011-3919: Jüri Aedla discovered a heap-based buffer overflow that allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-0216: An Off-by-one error have been discoveried that allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2011-2821: A memory corruption bug has been identified in libxml2's XPath engine. Through it, it is possible to an attacker allows cause a denial of service or possibly have unspecified other impact. This vulnerability does not affect the oldstable distribution. CVE-2011-2834: Yang Dingning discovered a double free vulnerability related to XPath handling. CVE-2011-3905: An out-of-bounds read vulnerability had been discovered, which allows remote attackers to cause a denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2305-1 vsftpd -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0vsftpdTwo security issue have been discovered that affect vsftpd, a lightweight, efficient FTP server written for security. CVE-2011-2189 It was discovered that Linux kernels less than 2.6.35 are considerably slower in releasing than in the creation of network namespaces. As a result of this and because vsftpd is using this feature as a security enhancement to provide network isolation for connections, it is possible to cause denial of service conditions due to excessive memory allocations by the kernel. This is technically no vsftpd flaw, but a kernel issue. However, this feature has legitimate use cases and backporting the specific kernel patch is too intrusive. Additionally, a local attacker requires the CAP_SYS_ADMIN capability to abuse this functionality. Therefore, as a fix, a kernel version check has been added to vsftpd in order to disable this feature for kernels less than 2.6.35. CVE-2011-0762 Maksymilian Arciemowicz discovered that vsftpd is incorrectly handling certain glob expressions in STAT commands. This allows a remote authenticated attacker to conduct denial of service attacks via crafted STAT commands.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2376-1 ipmitool -- insecure pid fileDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ipmitoolIt was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2316-1 quagga -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0quaggaRiku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon: CVE-2011-3323 A stack-based buffer overflow while decoding Link State Update packets with a malformed Inter Area Prefix LSA can cause the ospf6d process to crash or execute arbitrary code. CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. CVE-2011-3327 A heap-based buffer overflow while processing BGP UPDATE messages containing an Extended Communities path attribute can cause the bgpd process to crash or execute arbitrary code. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. In contrast, the BGP UPDATE messages could be propagated by some routers.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2345-1 icedove -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities have been discovered in Icedove, a mail client based on Thunderbird. CVE-2011-3647 The JSSubScriptLoader does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. CVE-2011-3648 A cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. CVE-2011-3650 Iceweasel does not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2314-1 puppet -- multipleDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0puppetMultiple security issues have been discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X.509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. CVE-2011-3870 Ricky Zhou discovered a potential local privilege escalation in the ssh_authorised_keys resource and theoretically in the Solaris and AIX providers, where file ownership was given away before it was written, leading to a possibility for a user to overwrite arbitrary files as root, if their authorised_keys file was managed. CVE-2011-3869 A predictable file name in the k5login type leads to the possibility of symlink attacks which would allow the owner of the home directory to symlink to anything on the system, and have it replaced with the "correct" content of the file, which can lead to a privilege escalation on puppet runs. CVE-2011-3871 A potential local privilege escalation was found in the --edit mode of "puppet resource" due to a persistant, predictable file name, which can result in editing an arbitrary target file, and thus be be tricked into running that arbitrary file as the invoking user. This command is most commonly run as root, this leads to a potential privilege escalation. Additionally, this update hardens the indirector file backed terminus base class against injection attacks based on trusted path names.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2375-1 krb5 -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0krb5It was discovered that the encryption support for BSD telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet port to execute arbitrary code with root privileges.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2362-1 acpid -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0acpidMultiple vulnerabilities were found in the acpid, the Advanced Configuration and Power Interface event daemon: CVE-2011-1159 Vasiliy Kulikov of OpenWall discovered that the socket handling is vulnerable to denial of service. CVE-2011-2777 Oliver-Tobias Ripka discovered that incorrect process handling in the Debian-specific powerbtn.sh script could lead to local privilege escalation. This issue doesn't affect oldstable. The script is only shipped as an example in /usr/share/doc/acpid/examples. See /usr/share/doc/acpid/README.Debian for details. CVE-2011-4578 Helmut Grohne and Michael Biebl discovered that acpid sets a umask of 0 when executing scripts, which could result in local privilege escalation.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2380-1 foomatic-filters -- shell command injectionDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0foomatic-filtersIt was discovered that the foomatic-filters, a support package for setting up printers, allowed authenticated users to submit crafted print jobs which would execute shell commands on the print servers. CVE-2011-2697 was assigned to the vulnerability in the Perl implementation included in lenny, and CVE-2011-2964 to the vulnerability affecting the C reimplementation part of squeeze.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2415-1 libmodplug -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libmodplugSeveral vulnerabilities that can lead to the execution of arbitrary code have been discovered in libmodplug, a library for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1761 epiphant discovered that the abc file parser is vulnerable to several stack-based buffer overflows that potentially lead to the execution of arbitrary code. CVE-2011-2911 Hossein Lotfi of Secunia discovered that the CSoundFile::ReadWav function is vulnerable to an integer overflow which leads to a heap-based buffer overflow. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted WAV files. CVE-2011-2912 Hossein Lotfi of Secunia discovered that the CSoundFile::ReadS3M function is vulnerable to a stack-based buffer overflow. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted S3M files. CVE-2011-2913 Hossein Lotfi of Secunia discovered that the CSoundFile::ReadAMS function suffers from an off-by-one vulnerability that leads to memory corruption. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted AMS files. CVE-2011-2914 It was discovered that the CSoundFile::ReadDSM function suffers from an off-by-one vulnerability that leads to memory corruption. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted DSM files. CVE-2011-2915 It was discovered that the CSoundFile::ReadAMS2 function suffers from an off-by-one vulnerability that leads to memory corruption. An attacker can exploit this flaw to potentially execute arbitrary code by tricking a victim into opening crafted AMS files.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2298-1 apache2 -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0apache2Two issues have been found in the Apache HTTPD web server: CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. For the oldstable distribution, these problems have been fixed in version 2.2.9-10+lenny10. For the stable distribution, this problem has been fixed in version 2.2.16-6+squeeze2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.2.19-2. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version numberSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2290-1 samba -- cross-site scriptingDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0sambaThe Samba Web Administration Tool contains several cross-site request forgery vulnerabilities and a cross-site scripting vulnerability .SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2294-1 freetype -- missing input sanisitingDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0freetypeIt was discovered that insufficient input saniting in Freetype's code to parse Type1 could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2298-2 apache2 -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0apache2The apache2 Upgrade from DSA-2298-1 has caused a regression that prevented some video players from seeking in video files served by Apache HTTPD. This update fixes this bug. The text of the original advisory is reproduced for reference: Two issues have been found in the Apache HTTPD web server: CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. The regression has been fixed in the following packages: For the oldstable distribution, this problem has been fixed in version 2.2.9-10+lenny11. For the stable distribution, this problem has been fixed in version 2.2.16-6+squeeze3. For the testing distribution, this problem will be fixed in version 2.2.20-1. For the unstable distribution, this problem has been fixed in version 2.2.20-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version numberSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2319-1 policykit-1 -- race conditionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0policykit-1Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec. The oldstable distribution does not contain the policykit-1 package.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2302-1 bcfg2 -- missing input sanitisationDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bcfg2It has been discovered that the bcfg2 server, a configuration management server for bcfg2 clients, is not properly sanitising input from bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a bcfg2 client to execute arbitrary commands on the server with root privileges.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2300-2 nss -- compromised certificate authorityDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nssSeveral unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS crypto libraries. As a result from further understanding of the incident, this update to DSA 2300 disables additional DigiNotar issuing certificates.SecPod TeamDRAFTINTERIMACCEPTEDJerome AthiasINTERIMSergey ArtykhovACCEPTEDACCEPTEDDSA-2306-1 ffmpeg -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ffmpegSeveral vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3908 FFmpeg before 0.5.4, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed WMV file. CVE-2010-4704 libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service via a crafted .ogg file, related to the vorbis_floor0_decode function. CVE-2011-0480 Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebM file, related to buffers for the channel floor and the channel residue. CVE-2011-0722 FFmpeg allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed RealMedia file.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2355-1 clearsilver -- format string vulnerabilityDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0clearsilverLeo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2337-1 xen -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xenSeveral vulnerabilities were discovered in the Xen virtual machine hypervisor. CVE-2011-1166 A 64-bit guest can get one of its vCPU"ss into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. CVE-2011-1583, CVE-2011-3262 Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image. CVE-2011-1898 When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS can users to gain host OS privileges by writing to the interrupt injection registers. The old stable distribution contains a different version of Xen not affected by these problems.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2374-1 openswan -- implementation errorDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openswanThe information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon plutoSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2421-1 moodle -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0moodleSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2307-1 chromium-browser -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0chromium-browserSeveral vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2818 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering. CVE-2011-2800 Google Chrome before allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site. CVE-2011-2359 Google Chrome does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. This update blacklists SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2414-2 fex -- insufficient input sanitisationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0fexIt was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2397-1 icu -- buffer underflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icuIt was discovered that a buffer overflow in the Unicode libraray ICU could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2308-1 mantis -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mantisSeveral vulnerabilities were found in Mantis, a web-based bug tracking system: Insufficient input validation could result in local file inclusion and cross-site scripting.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2297-1 icedove -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2327-1 libfcgi-perl -- authentication bypassDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libfcgi-perlFerdinand Smit discovered that libfcgi-perl, a Perl module for writing FastCGI applications, is incorrectly restoring environment variables of a prior request in subsequent requests. In some cases this may lead to authentication bypasses or worse. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2351-1 wireshark -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wiresharkHuzaifa Sidhpurwala discovered a buffer overflow in Wireshark's ERF dissector, which could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2366-1 mediawiki -- multipleDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mediawikiSeveral problems have been discovered in mediawiki, a website engine for collaborative work. CVE-2011-1578 CVE-2011-1587 Masato Kinugawa discovered a cross-site scripting issue, which affects Internet Explorer clients only, and only version 6 and earlier. Web server configuration changes are required to fix this issue. Upgrading MediaWiki will only be sufficient for people who use Apache with AllowOverride enabled. This is an XSS issue for Internet Explorer clients, and a privacy loss issue for other clients since it allows the embedding of arbitrary remote images. CVE-2011-1580 MediaWiki developer Happy-Melon discovered that the transwiki import feature neglected to perform access control checks on form submission. The transwiki import feature is disabled by default. If it is enabled, it allows wiki pages to be copied from a remote wiki listed in $wgImportSources. The issue means that any user can trigger such an import to occur. CVE-2011-4360 Alexandre Emsenhuber discovered an issue where page titles on private wikis could be exposed bypassing different page ids to index.php. In the case of the user not having correct permissions, they will now be redirected to Special:BadTitle. CVE-2011-4361 Tim Starling discovered that action=ajax requests were dispatched to the relevant function without any read permission checks being done. This could have led to data leakage on private wikis.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2371-1 jasper -- buffer overflowsDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0jasperTwo buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2372-1 heimdal -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0heimdalIt was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2395-1 wireshark -- buffer underflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wiresharkLaurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code. This update also addresses several bugs, which can lead to crashes of Wireshark. These are not treated as security issues, but are fixed nonetheless if security updates are scheduled: CVE-2011-3483, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2425-1 plib -- buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0plibIt was discovered that PLIB, a library used by TORCS, contains a buffer overflow in error message processing, which could allow remote attackers to execute arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2370-1 unbound -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0unboundIt was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service. CVE-2011-4528 Unbound attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone. CVE-2011-4869 Unbound does not properly process malformed responses which lack expected NSEC3 records.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2353-1 ldns -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ldnsDavid Wheeler discovered a buffer overflow in ldns's code to parse RR records, which could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2347-1 bind9 -- improper assertDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bind9It was discovered that BIND, a DNS server, crashes while processing certain sequences of recursive DNS queries, leading to a denial of service. Authoritative-only server configurations are not affected by this issue.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2367-1 asterisk -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskSeveral vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit: CVE-2011-4597 Ben Williams discovered that it was possible to enumerate SIP user names in some configurations. Please see README.Debian for more information on how to update your installation. CVE-2011-4598 Kristijan Vrban discovered that Asterisk can be crashed with malformed SIP packets if the "automon" feature is enabled.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2418-1 postgresql-8.4 -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0postgresql-8.4Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked. This could result in privilege escalation. CVE-2012-0867 It was discovered that only the first 32 characters of a host name are checked when validating host names through SSL certificates. This could result in spoofing the connection in limited circumstances. CVE-2012-0868 It was discovered that pg_dump did not sanitise object names. This could result in arbitrary SQL command execution if a malformed dump file is opened.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2429-1 mysql-5.1 -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mysql-5.1Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defectsSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2304-1 squid3 -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0squid3Ben Hawkes discovered that squid3, a full featured Web Proxy cache, is vulnerable to a buffer overflow when processing gopher server replies. An attacker can exploit this flaw by connecting to a gopher server that returns lines longer than 4096 bytes. This may result in denial of service conditions or the possibly the execution of arbitrary code with rights of the squid daemon.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2411-1 mumble -- information disclosureDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mumbleIt was discovered that mumble, a VoIP client, does not probably manage permission on its user-specific configuration files, allowing other local users on the system to access them.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2398-1 curl -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0curlSeveral vulnerabilities have been discovered in Curl, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3389 This update enables OpenSSL workarounds against the "BEAST" attackSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2291-1 squirrelmail -- variousDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0squirrelmailVarious vulnerabilities have been found in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2010-4554 SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. CVE-2010-4555, CVE-2011-2752, CVE-2011-2753 Multiple small bugs in SquirrelMail allowed an attacker to inject malicious script into various pages or alter the contents of user preferences. CVE-2011-2023 It was possible to inject arbitrary web script or HTML via a crafted STYLE element in an HTML part of an e-mail message.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2361-1 chasen -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0chasenIt was discovered that ChaSen, a Japanese morphological analysis system, contains a buffer overflow, potentially leading to arbitrary code execution in programs using the library.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2400-1 iceweasel -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0444 "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code. CVE-2012-0449 Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2437-1 icedove -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. CVE-2012-0458 Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page. CVE-2012-0461 Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2295-1 iceape -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2406-1 icedove -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities have been discovered in Icedove, Debians variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. CVE-2012-0442 Memory corruption bugs could cause Icedove to crash or possibly execute arbitrary code. CVE-2012-0444 Icedove does not properly initialise nsChildView data structures, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Ogg Vorbis file. CVE-2012-0449 Icedove allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a documentSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2315-1 openoffice.org -- multiple vulnerabilitiesDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openoffice.orgRed Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word file format importer of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft Office.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2330-1 simplesamlphp -- xml encryption weaknessDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0simplesamlphpIssues were found in the handling of XML encryption in simpleSAMLphp, an application for federated authentication. The following two issues have been addressed: It may be possible to use an SP as an oracle to decrypt encrypted messages sent to that SP. It may be possible to use the SP as a key oracle which can be used to forge messages from that SP by issuing 300000-2000000 queries to the SP. The oldstable distribution does not contain simplesamlphp.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2369-1 libsoup2.4 -- insufficient input sanitisationDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libsoup2.4It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2331-1 tor -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0torIt has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues. Please see this posting from the Tor blog for more information: https://blog.torproject.org/blog/tor-02234-released-security-patchesSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2427-1 imagemagick -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0imagemagickTwo security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images: CVE-2012-0247 When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address. CVE-2012-0248 Parsing a maliciously crafted image with an IFD whose all IOP tags value offsets point to the beginning of the IFD itself results in an endless loop and a denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2396-1 qemu-kvm -- buffer underflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0qemu-kvmNicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation. This update also fixes a guest-triggerable memory corruption in VNC handling.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2293-1 libxfont -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxfontTomas Hoger found a buffer overflow in the X.Org libXfont library, which may allow for a local privilege escalation through crafted font files.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2317-1 icedove -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveCVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2333-1 phpldapadmin -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0phpldapadminTwo vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. CVE-2011-4075 Input passed to the "orderby" parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a "create_function" function call. This can be exploited to inject and execute arbitrary PHP code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2303-2 linux-2.6 -- privilege escalation/denial of service/information leakDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a regression that can result in an oops during invalid accesses to /proc/<pid>/maps files. The text of the original advisory is reproduced for reference: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion. CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialised struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process" proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service by sending a specially crafted netlink message. CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges. CVE-2011-2723 Brent Meshier reported an issue in the GRO implementation. This can be exploited by remote users to create a denial of service in certain network device configurations. CVE-2011-2905 Christian Ohm discovered that the "perf" analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running "perf" in a directory under the control of the attacker. CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory. CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the "perf" analysis tool could lead to local denial of service. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System. A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2417-1 libxml2 -- computational denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxml2It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. As a result it is possible to perform denial of service attacks against applications using libxml2 functionality because of the computational overhead.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2377-1 cyrus-imapd-2.2 -- NULL pointer dereferenceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cyrus-imapd-2.2It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2296-1 iceweasel -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2322-1 bugzilla -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bugzillaSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2416-1 notmuch -- information disclosureDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0notmuchIt was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing message.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2289-1 typo3-src -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0typo3-srcSeveral remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site scripting, information disclosure, authentication delay bypass, and arbitrary file deletionSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2292-1 isc-dhcp -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0isc-dhcpDavid Zych discovered that the ISC DHCP crashes when processing certain packets, leading to a denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2324-1 wireshark -- programming errorDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wiresharkThe Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2407-1 cvs -- heap overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cvsIt was discovered that a malicious CVS server could cause a heap overflow in the CVS client, potentially allowing the server to execute arbitrary code on the client.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2399-2 php5 -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5A regression was found in the fix for PHP's XSLT transformations. Updated packages are now available to address this regression. For reference, the original advisory text follows. Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit characters, which made it easier for attackers to determine a cleartext password by using knowledge of a password hash. CVE-2011-4566 When used on 32 bit platforms, the exif extension could be used to trigger an integer overflow in the exif_process_IFD_TAG function when processing a JPEG file. CVE-2011-4885 It was possible to trigger hash collisions predictably when parsing form parameters, which allows remote attackers to cause a denial of service by sending many crafted parameters. CVE-2012-0057 When applying a crafted XSLT transform, an attacker could write files to arbitrary places in the filesystem. NOTE: the fix for CVE-2011-2483 required changing the behaviour of this function: it is now incompatible with some old generated hashes for passwords containing 8-bit characters. See the package NEWS entry for details. This change has not been applied to the Lenny version of PHP. NOTE: at the time of release packages for some architectures are still being built. They will be installed into the archive as soon as they arrive.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2409-1 devscripts -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0devscriptsSeveral vulnerabilities have been discovered in debdiff, a script used to compare two Debian packages, which is part of the devscripts package. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: CVE-2012-0210: Paul Wise discovered that due to insufficient input sanitising when processing .dsc and .changes files, it is possible to execute arbitrary code and disclose system information. CVE-2012-0211: Raphael Geissert discovered that it is possible to inject or modify arguments of external commands when processing source packages with specially-named tarballs in the top-level directory of the .orig tarball, allowing arbitrary code execution. CVE-2012-0212: Raphael Geissert discovered that it is possible to inject or modify arguments of external commands when passing as argument to debdiff a specially-named file, allowing arbitrary code execution.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2430-1 python-pam -- double freeDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0python-pamMarkus Vervier discovered a double free in the Python interface to the PAM library, which could lead to denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2325-1 kfreebsd-8 -- privilege escalation/denial of serviceDebian GNU/kFreeBSD 6.0kfreebsd-8Buffer overflow in the "linux emulation" support in FreeBSD kernel allows local users to cause a denial of service and possibly execute arbitrary code by calling the bind system call with a long path for a UNIX-domain socket, which is not properly handled when the address is used by other unspecified system calls.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2336-1 ffmpeg -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ffmpegMultiple vulnerabilities were found in the ffmpeg, a multimedia player, server and encoder: CVE-2011-3362 An integer signedness error in decode_residual_block function of the Chinese AVS video decoder in libavcodec can lead to denial of service or possible code execution via a crafted CAVS file. CVE-2011-3973/CVE-2011-3974 Multiple errors in the Chinese AVS video decoder can lead to denial of service via an invalid bitstream. CVE-2011-3504 A memory allocation problem in the Matroska format decoder can lead to code execution via a crafted file.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2379-1 krb5 -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0krb5It was discovered that the Key Distribution Center in Kerberos 5 crashes when processing certain crafted requests: CVE-2011-1528 When the LDAP backend is used, remote users can trigger a KDC daemon crash and denial of service. CVE-2011-1529 When the LDAP or Berkeley DB backend is used, remote users can trigger a NULL pointer dereference in the KDC daemon and a denial of service. The oldstable distribution is not affected by these problems.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2364-1 xorg -- incorrect permission checkDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xorgThe Debian X wrapper enforces that the X server can only be started from a console. "vladz" discovered that this wrapper could be bypassed. The oldstable distribution is not affected.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2428-1 freetype -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0freetypeMateusz Jurczyk from the Google Security Team discovered several vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2309-1 openssl -- compromised certificate authorityDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensslSeveral fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar's signing certificates can no longer be trusted. Debian, like other software distributors and vendors, has decided to distrust all of DigiNotar's CAs. In this update, this is done in the crypto library by marking such certificates as revoked. Any application that uses said component should now reject certificates signed by DigiNotar. Individual applications may allow users to overrride the validation failure. However, making exceptions is highly discouraged and should be carefully verified. Additionally, a vulnerability has been found in the ECDHE_ECDS cipher where timing attacks make it easier to determine private keys. The Common Vulnerabilities and Exposures project identifies it as CVE-2011-1945.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2349-1 spip -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0spipTwo vulnerabilities have been found in SPIP, a website engine for publishing, which allow privilege escalation to site administrator privileges and cross-site scripting. The oldstable distribution doesn't include spip.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2312-1 iceape -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2385-1 pdns -- packet loopDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0pdnsRay Morris discovered that the PowerDNS authoritative sever responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2339-1 nss -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nssThis update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authoritySecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2301-1 rails -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsSeveral vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4214 A cross-site scripting vulnerability had been found in the strip_tags function. An attacker may inject non-printable characters that certain browsers will then evaluate. This vulnerability only affects the oldstable distribution. CVE-2011-2930 A SQL injection vulnerability had been found in the quote_table_name method could allow malicious users to inject arbitrary SQL into a query. CVE-2011-2931 A cross-site scripting vulnerability had been found in the strip_tags helper. An parsing error can be exploited by an attacker, who can confuse the parser and may inject HTML tags into the output document. CVE-2011-3186 A newline injection vulnerability had been found in response.rb. This vulnerability allows an attacker to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2423-1 movabletype-opensource -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0movabletype-opensourceSeveral vulnerabilities were discovered in Movable Type, a blogging system: Under certain circumstances, a user who has "Create Entries" or "Manage Blog" permissions may be able to read known files on the local file system. The file management system contains shell command injection vulnerabilities, the most serious of which may lead to arbitrary OS command execution by a user who has a permission to sign-in to the admin script and also has a permission to upload files. Session hijack and cross-site request forgery vulnerabilities exist in the commenting and the community script. A remote attacker could hijack the user session or could execute arbitrary script code on victim's browser under the certain circumstances. Templates which do not escape variable properly and mt-wizard.cgi contain cross-site scripting vulnerabilities.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2433-1 iceweasel -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. CVE-2012-0458 Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page. CVE-2012-0461 Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2386-1 openttd -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openttdSeveral vulnerabilities have been discovered in openttd, a transport business simulation game. Multiple buffer overflows and off-by-one errors allow remote attackers to cause denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2424-1 libxml-atom-perl -- XML external entity expansionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxml-atom-perlIt was discovered that the XML::Atom Perl module did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2442-1 openarena -- UDP traffic amplificationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openarenaIt has been discovered that spoofed "getstatus" UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine. These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2343-1 openssl -- CA trust revocationDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensslSeveral weak certificates were issued by Malaysian intermediate CA "Digicert Sdn. Bhd." This event, along with other issues, has lead to Entrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed certificates. This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this decision by marking Digicert Sdn. Bhd.'s certificates as revoked.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2344-1 python-django-piston -- deserialization vulnerabilityDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0python-django-pistonIt was discovered that the Piston framework can deserializes untrusted YAML and Pickle data, leading to remote code execution. The old stable distribution does not contain a python-django-piston package.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2303-1 linux-2.6 -- privilege escalation/denial of service/information leakDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion. CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialised struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process" proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service by sending a specially crafted netlink message. CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges. CVE-2011-2723 Brent Meshier reported an issue in the GRO implementation. This can be exploited by remote users to create a denial of service in certain network device configurations. CVE-2011-2905 Christian Ohm discovered that the "perf" analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running "perf" in a directory under the control of the attacker. CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory. CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the "perf" analysis tool could lead to local denial of service. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System. A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2276-1 asterisk -- multiple denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskPaul Belanger reported a vulnerability in Asterisk identified as AST-2011-008 through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures. Jared Mauch reported a vulnerability in Asterisk identified as AST-2011-009 through which an unauthenticated attacker may crash an Asterisk server remotely. If a user sends a package with a Contact header with a missing left angle bracket the server will crash. A possible workaround is to disable chan_sip. The vulnerability identified as AST-2011-010 reported about an input validation error in the IAX2 channel driver. An unauthenticated attacker may crash an Asterisk server remotely by sending a crafted option control frame.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2237-2 apr -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0aprThe recent APR update DSA-2237-1 introduced a regression that could lead to an endless loop in the apr_fnmatch function, causing a denial of service. This update fixes this problem. For reference, the description of the original DSA, which fixed CVE-2011-0419: A flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2254-1 oprofile -- command injectionDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0oprofileOProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorised by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2281-1 opie -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opieSebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation and an off-by-one error, which can lead to the execution of arbitrary code. Adam Zabrocki and Maksymilian Arciemowicz also discovered another off-by-one error, which only affects the lenny version as the fix was already included for squeeze.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2275-1 openoffice.org -- stack-based buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openoffice.orgWill Dormann and Jared Allar discovered that the Lotus Word Pro import filter of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft Office, is not properly handling object ids in the ".lwp" file format. An attacker can exploit this with a specially crafted file and execute arbitrary code with the rights of the victim importing the file. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2265-1 perl -- lack of tainted flag propagationDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0perlMark Martinec discovered that Perl incorrectly clears the tainted flag on values returned by case conversion functions such as "lc". This may expose preexisting vulnerabilities in applications which use these functions while processing untrusted input. No such applications are known at this stage. Such applications will cease to work when this security update is applied because taint checks are designed to prevent such unsafe use of untrusted input data.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2246-1 mahara -- several vulnerabilitiesDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0maharaSeveral vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2011-1402 It was discovered that previous versions of Mahara did not check user credentials before adding a secret URL to a view or suspending a user. CVE-2011-1403 Due to a misconfiguration of the Pieform package in Mahara, the cross-site request forgery protection mechanism that Mahara relies on to harden its form was not working and was essentially disabled. This is a critical vulnerability which could allow attackers to trick other users into performing malicious actions on behalf of the attacker. Most Mahara forms are vulnerable. CVE-2011-1404 Many of the JSON structures returned by Mahara for its AJAX interactions included more information than what ought to be disclosed to the logged in user. New versions of Mahara limit this information to what is necessary for each page. CVE-2011-1405 Previous versions of Mahara did not escape the contents of HTML emails sent to users. Depending on the filters enabled in one's mail reader, it could lead to cross-site scripting attacks. CVE-2011-1406 It has been pointed out to us that if Mahara is configured to use HTTPS, it will happily let users login via the HTTP version of the site if the web server is configured to serve content over both protocol. The new version of Mahara will, when the wwwroot points to an HTTPS URL, automatically redirect to HTTPS if it detects that it is being run over HTTP. We recommend that sites wanting to run Mahara over HTTPS make sure that their web server configuration does not allow the serving of content over HTTP and merely redirects to the secure version. We also suggest that site administrators consider adding the HSTS headers to their web server configuration.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2224-1 openjdk-6 -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openjdk-6Several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform. CVE-2010-4351 The JNLP SecurityManager returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. CVE-2010-4448 Malicious applets can perform DNS cache poisoning. CVE-2010-4450 An empty LD_LIBRARY_PATH environment variable results in a misconstructed library search path, resulting in code execution from possibly untrusted sources. CVE-2010-4465 Malicious applets can extend their privileges by abusing Swing timers. CVE-2010-4469 The Hotspot just-in-time compiler miscompiles crafted byte sequences, resulting in heap corruption. CVE-2010-4470 JAXP can be exploited by untrusted code to elevate privileges. CVE-2010-4471 Java2D can be exploited by untrusted code to elevate privileges. CVE-2010-4472 Untrusted code can replace the XML DSIG implementation. CVE-2011-0025 Signatures on JAR files are not properly verified, which allows remote attackers to trick users into executing code that appears to come from a trusted source. CVE-2011-0706 The JNLPClassLoader class allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor In addition, this security update contains stability fixes, such as switching to the recommended Hotspot version for this particular version of OpenJDK.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2279-1 libapache2-mod-authnz-external -- SQL injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libapache2-mod-authnz-externalIt was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user paramter.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2268-1 iceweasel -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2267-1 perl -- restriction bypassDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0perlIt was discovered that Perl's Safe module - a module to compile and execute code in restricted compartments - could by bypassed. Please note that this update is known to break Petal, an XML-based templating engine. A fix is not yet available. If you use Petal, you might consider to put the previous Perl packages on hold.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2272-1 bind9 -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bind9It was discovered that BIND, a DNS server, does not correctly process certain UPDATE requests, resulting in a server crash and a denial of service. This vulnerability affects BIND installations even if they do not actually use dynamic DNS updates.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2280-1 libvirt -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libvirtIt was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow. Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe. For the stable distribution, these problems have been fixed in version 0.8.3-5+squeeze2.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2210-1 tiff -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tiffSeveral vulnearbilities were discovered in the TIFF manipulation and conversion library: CVE-2011-0191 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. This issue affects the Debian 5.0 Lenny package only. CVE-2011-0192 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding. CVE-2011-1167 Heap-based buffer overflow in the thunder decoder allows to execute arbitrary code via a TIFF file that has an unexpected BitsPerSample value.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2233-1 postfix -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0postfixSeveral vulnerabilities were discovered in Postfix, a mail transfer agent. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. CVE-2011-0411 The STARTTLS implementation does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place. CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2226-1 libmodplug -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libmodplugM. Lucinskij and P. Tumenas discovered a buffer overflow in the code for processing S3M tracker files in the Modplug tracker music library, which may result in the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDSA-2240-1 linux-2.6 -- privilege escalation/denial of service/information leakDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0linux-2.6CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service. CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory. CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization. CVE-2011-1016 Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video chips. Local users could pass arbitrary values to video memory and the graphics translation table, resulting in denial of service or escalated privileges. On default Debian installations, this is exploitable only by members of the "video" group. CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1090 Neil Horman discovered a memory leak in the setacl call on NFSv4 filesystems. Local users can explot this to cause a denial of service. CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition. CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware. CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges. CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. CVE-2011-1476 Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to cause a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1478 Ryan Sweat reported an issue in the Generic Receive Offload support in the Linux networking subsystem. If an interface has GRO enabled and is running in promiscuous mode, remote users can cause a denial of service by sending packets on an unknown VLAN. CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP protocol. A remote user can cause a denial of service by providing specially crafted facilities fields. CVE-2011-1494 Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges by specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1495 Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges and ready arbitrary kernel memory by using specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1585 Jeff Layton reported an issue in the Common Internet File System. Local users can bypass authentication requirements for shares that are already mounted by another user. CVE-2011-1593 Robert Swiecki reported a signednes issue in the next_pidmap function, which can be exploited my local users to cause a denial of service. CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call. CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialisation. CVE-2011-1770 Dan Rosenberg reported an issue in the Datagram Congestion Control Protocol. Remote users can cause a denial of service or potentially obtain access to sensitive kernel memory. CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian installations, this is exploitable only by users in the video group. This update also includes changes queued for the next point release of Debian 6.0, which also fix various non-security issuesSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2288-1 libsndfile -- integer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libsndfileHossein Lotfi discovered an integer overflow in libsndfile's code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2227-1 iceape -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history. CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2285-1 mapserver -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mapserverSeveral vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2703 Several instances of insufficient escaping of user input, leading to SQL injection attacks via OGC filter encoding. CVE-2011-2704 Missing length checks in the processing of OGC filter encoding that can lead to stack-based buffer overflows and the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2271-1 curl -- improper delegation of client credentialsDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0curlRichard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a very sensitive operation, which should only be done when the user explicitly so directs.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2229-1 spip -- programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0spipA vulnerability has been found in SPIP, a website engine for publishing, which allows a malicious registered author to disconnect the website from its database, resulting in denial of service. The oldstable distribution doesn't include spip.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2245-1 chromium-browser -- several vulnerabilitiesDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0chromium-browserSeveral vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1292 Use-after-free vulnerability in the frame-loader implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1293 Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1440 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets token sequences. CVE-2011-1444 Race condition in the sandbox launcher implementation in Google Chrome on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1797 Google Chrome does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-1799 Google Chrome does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2222-1 tinyproxy -- incorrect ACL processingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tinyproxyChristoph Martin discovered that incorrect ACL processing in TinyProxy, a lightweight, non-caching, optionally anonymizing http proxy could lead to unintended network access rights. The oldstable distribution is not affected.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2238-1 vino -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0vinoKevin Chen discovered that incorrect processing of framebuffer requests in the Vino VNC server could lead to denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2204-1 imp4 -- Insufficient input sanitisingDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0imp4Moritz Naumann discovered that imp4, a webmail component for the horde framework, is prone to cross-site scripting attacks by a lack of input sanitising of certain fetchmail information.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2230-1 qemu-kvm -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0qemu-kvmTwo vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-0011 Setting the VNC password to an empty string silently disabled all authentication. CVE-2011-1750 The virtio-blk driver performed insufficient validation of read/write I/O from the guest instance, which could lead to denial of service or privilege escalation. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2187-1 icedove -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. CVE-2011-0053 Crashes in the layout engine may lead to the execution of arbitrary code. CVE-2011-0051 Zach Hoffmann discovered that incorrect parsing of recursive eval calls could lead to attackers forcing acceptance of a confirmation dialogue. CVE-2011-0054, CVE-2010-0056 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2011-0055 "regenrecht" and Igor Bukanov discovered a use-after-free error in the JSON-Implementation, which could lead to the execution of arbitrary code. CVE-2011-0057 Daniel Kozlowski discovered that incorrect memory handling the web workers implementation could lead to the execution of arbitrary code. CVE-2011-0059 Peleus Uhley discovered a cross-site request forgery risk in the plugin code. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2218-1 vlc -- heap-based buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0vlcAliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially crafted MP4 file and possibly execute arbitrary code or crash the media player. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2181-1 subversion -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0subversionPhilip Martin discovered that HTTP-based Subversion servers crash when processing lock requests on repositories which support unauthenticated read access.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2252-1 dovecot -- programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0dovecotIt was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denial of service through malformed mail headers. The oldstable distribution is not affected.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDSA-2178-1 pango1.0 -- NULL pointer dereferenceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0pango1.0It was discovered that pango did not check for memory allocation failures, causing a NULL pointer dereference with an adjustable offset. This can lead to application crashes and potentially arbitrary code execution. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2210-2 tiff -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tiffThe recent tiff update DSA-2210-1 introduced a regression that could lead to encoding problems of tiff files. This update fixes this problem. For reference, the description of the original DSA, which fixed CVE-2011-0191 CVE-2011-0192 CVE-2011-1167 CVE-2011-0191 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. This issue affects the Debian 5.0 Lenny package only. CVE-2011-0192 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding. CVE-2011-1167 Heap-based buffer overflow in the thunder decoder allows to execute arbitrary code via a TIFF file that has an unexpected BitsPerSample value.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2190-1 wordpress -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wordpressSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2184-1 isc-dhcp -- denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0isc-dhcpIt was discovered that the ISC DHCPv6 server does not correctly process requests which come from unexpected source addresses, leading to an assertion failure and a daemon crash. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2282-1 qemu-kvm -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0qemu-kvmTwo vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2527 Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2198-1 tex-common -- insufficient input sanitisationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tex-commonMathias Svensson discovered that tex-common, a package shipping a number of scripts and configuration files necessary for TeX, contains insecure settings for the "shell_escape_commands" directive. Depending on the scenario, this may result in arbitrary code execution when a victim is tricked into processing a malicious tex-file or this is done in an automated fashion. The oldstable distribution is not affected by this problem due to shell_escape being disabled.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2237-1 apr -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0aprA flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2213-1 x11-xserver-utils -- missing input sanitisationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0x11-xserver-utilsSebastian Krahmer discovered that the xrdb utility of x11-xserver-utils, a X server resource database utility, is not properly filtering crafted hostnames. This allows a remote attacker to execute arbitrary code with root privileges given that either remote logins via xdmcp are allowed or the attacker is able to place a rogue DHCP server into the victims network. The oldstable distribution, this problem has been fixed in version 7.3+6.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2248-1 ejabberd -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ejabberdWouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2162-1 openssl -- invalid memory accessDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensslNeel Mehta discovered that an incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications may be vulnerable to expose contents of a parsed OCSP nonce extension. Packages in the oldstable distribution are not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2208-1 bind9 -- denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bind9It was discovered that BIND, a DNS server, contains a race condition when processing zones updates in an authoritative server, either through dynamic DNS updates or incremental zone transfer. Such an update while processing a query could result in deadlock and denial of service. In addition, this security update addresses a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains. This workaround applies to the version in oldstable, too. Configurations not using DNSSEC validations are not affected by this second issue.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2225-1 asterisk -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskSeveral vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit. CVE-2011-1147 Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service of the execution of arbitrary code. CVE-2011-1174 Blake Cornell discovered that incorrect connection handling in the manager interface may lead to denial of service. CVE-2011-1175 Blake Cornell and Chris May discovered that incorrect TCP connection handling may lead to denial of service. CVE-2011-1507 Tzafrir Cohen discovered that insufficient limitation of connection requests in several TCP based services may lead to denial of service. CVE-2011-1599 Matthew Nicholson discovered a privilege escalation vulnerability in the manager interface.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2175-1 samba -- missing input sanitisationDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0sambaVolker Lendecke discovered that missing range checks in Samba's file descriptor handling could lead to memory corruption, resulting in denial of service.SecPod TeamDRAFTINTERIMACCEPTEDJerome AthiasINTERIMSergey ArtykhovACCEPTEDACCEPTEDDSA-2166-1 chromium-browser -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0chromium-browserSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2160-1 tomcat6 -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tomcat6Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine: CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. CVE-2011-0534 It was discovered that NIO connector performs insufficient validation of the HTTP headers, which could lead to denial of service. The oldstable distribution is not affected by these issues.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2247-1 rails -- several vulnerabilitiesDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0railsSeveral vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0446 Multiple cross-site scripting vulnerabilities when JavaScript encoding is used, allow remote attackers to inject arbitrary web script or HTML. CVE-2011-0447 Rails does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery attacks.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2284-1 opensaml2 -- implementation errorDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0opensaml2Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacksSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2263-1 movabletype-opensource -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0movabletype-opensourceIt was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities: A remote attacker could execute arbitrary code in a logged-in users" web browser. A remote attacker could read or modify the contents in the system under certain circumstances.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2161-1 openjdk-6 -- denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openjdk-6It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2250-1 citadel -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0citadelWouter Coekaerts discovered that the jabber server component of citadel, a complete and feature-rich groupware server, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2235-1 icedove -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0icedoveSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history. CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2209-1 tgt -- double freeDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tgtEmmanuel Bouillon discovered a double free in tgt, the Linux SCSI target user-space tools, which could lead to denial of service. The oldstable distribution doesn't include tgt.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2203-1 nss -- none in nssDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0nssThis update for the Network Security Service libraries marks several fraudulent HTTPS certificates as unstrusted.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2186-1 iceweasel -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. CVE-2011-0053 Crashes in the layout engine may lead to the execution of arbitrary code. CVE-2011-0051 Zach Hoffmann discovered that incorrect parsing of recursive eval calls could lead to attackers forcing acceptance of a confirmation dialogue. CVE-2011-0054, CVE-2010-0056 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2011-0055 "regenrecht" and Igor Bukanov discovered a use-after-free error in the JSON-Implementation, which could lead to the execution of arbitrary code. CVE-2011-0057 Daniel Kozlowski discovered that incorrect memory handling the web workers implementation could lead to the execution of arbitrary code. CVE-2011-0059 Peleus Uhley discovered a cross-site request forgery risk in the plugin code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2164-1 shadow -- insufficient input sanitisationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0shadowKees Cook discovered that the chfn and chsh utilities do not properly sanitise user input that includes newlines. An attacker could use this to to corrupt passwd entries and may create users or groups in NIS environments. Packages in the oldstable distribution are not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2182-1 logwatch -- shell command injectionDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0logwatchDominik George discovered that logwatch does not guard against shell meta-characters in crafted log file names. As a result, an attacker might be able to execute shell commands on the system running logwatch.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2180-1 iceape -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. CVE-2011-0051 Zach Hoffmann discovered that incorrect parsing of recursive eval calls could lead to attackers forcing acceptance of a confirmation dialogue. CVE-2011-0053 Crashes in the layout engine may lead to the execution of arbitrary code. CVE-2011-0054 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2010-0056 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2011-0055 "regenrecht" and Igor Bukanov discovered a use-after-free error in the JSON-Implementation, which could lead to the execution of arbitrary code. CVE-2011-0057 Daniel Kozlowski discovered that incorrect memory handling the web workers implementation could lead to the execution of arbitrary code. CVE-2011-0059 Peleus Uhley discovered a cross-site request forgery risk in the plugin code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2254-2 oprofile -- command injectionDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0oprofileJamie Strandboge noticed that the patch propoused to fix CVE-2011-1760 in OProfile has been incomplete. For reference, the description of the original DSA, is: OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorised by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2220-1 request-tracker3.6, request-tracker3.8 -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0request-tracker3.6, request-tracker3.8Several vulnerabilities were in Request Tracker, an issue tracking system. CVE-2011-1685 If the external custom field feature is enabled, Request Tracker allows authenticated users to execute arbitrary code with the permissions of the web server, possible triggered by a cross-site request forgery attack. CVE-2011-1686 Multiple SQL injection attacks allow authenticated users to obtain data from the database in an unauthorised way. CVE-2011-1687 An information leak allows an authenticated privileged user to obtain sensitive information, such as encrypted passwords, via the search interface. CVE-2011-1688 When running under certain web servers, Request Tracker is vulnerable to a directory traversal attack, allowing attackers to read any files accessible to the web server. Request Tracker instances running under Apache or Nginx are not affected. CVE-2011-1689 Request Tracker contains multiple cross-site scripting vulnerabilities. CVE-2011-1690 Request Tracker enables attackers to redirect authentication credentials supplied by legitimate users to third-party servers.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2283-1 krb5-appl -- programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0krb5-applTim Zingelmann discovered that due an incorrect configure script the kerborised FTP server failed to set the effective GID correctly, resulting in privilege escalation. The oldstable distribution is not affected.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDSA-2205-1 gdm3 -- privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gdm3Sebastian Krahmer discovered that the gdm3, the GNOME Desktop Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges. The oldstable distribution does not contain a gdm3 package. The gdm package is not affected by this issue.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2192-1 chromium-browser -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0chromium-browserSeveral vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0779 Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service via a crafted extension. CVE-2011-1290 Integer overflow in WebKit allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2256-1 tiff -- buffer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tiffTavis Ormandy discovered that the Tag Image File Format library is vulnerable to a buffer overflow triggered by a crafted OJPEG file which allows for a crash and potentially execution of arbitrary code. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2278-1 horde3 -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0horde3It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2185-1 proftpd-dfsg -- integer overflowDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0proftpd-dfsgIt was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service. The oldstable distribution is not affected.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2195-1 php5 -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system. When upgrading your php5-common package take special care to _accept_ the changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2236-1 exim4 -- command injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0exim4It was discovered that Exim, Debian's default mail transfer agent, is vulnerable to command injection attacks in its DKIM processing code, leading to arbitrary code execution. The default configuration supplied by Debian does not expose this vulnerability. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2189-1 chromium-browser -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0chromium-browserSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2244-1 bind9 -- incorrect boundary conditionDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0bind9It was discovered that BIND, an implementation of the DNS protocol, does not correctly process certain large RRSIG record sets in DNSSEC responses. The resulting assertion failure causes the name server process to crash, making name resolution unavailable. In addition, this update fixes handling of certain signed/unsigned zone combinations when a DLV service is used. Previously, data from certain affected zones could become unavailable from the resolver.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2269-1 iceape -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2231-1 otrs2 -- cross-site scriptingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0otrs2Multiple cross-site scripting vulnerabilities were discovered in Open Ticket Request System, a trouble-ticket system. In addition, this security update a failure when upgrading the package from lenny to squeeze. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2223-1 doctrine -- SQL injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0doctrineIt was discovered that Doctrine, a PHP library for implementing object persistence, contains SQL injection vulnerabilities. The exact impact depends on the application which uses the Doctrine library.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2168-1 openafs -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0openafsTwo vulnerabilities were discovered the distributed filesystem AFS: CVE-2011-0430 Andrew Deason discovered that a double free in the Rx server process could lead to denial of service or the execution of arbitrary code. CVE-2011-0431 It was discovered that insufficient error handling in the kernel module could lead to denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2257-1 kolab-cyrus-imapd -- implementation errorDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0kolab-cyrus-imapdIt was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2219-1 xmlsec1 -- arbitrary file overwriteDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xmlsec1Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2286-1 phpymadmin -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0phpymadminSeveral vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2505 Possible session manipulation in Swekey authentication. CVE-2011-2506 Possible code injection in setup script, in case session variables are compromised. CVE-2011-2507 Regular expression quoting issue in Synchronize code. CVE-2011-2508 Possible directory traversal in MIME-type transformation. CVE-2011-2642 Cross site scripting in table Print view when the attacker can create crafted table names. No CVE name yet Possible superglobal and local variables manipulation in Swekey authentication. The oldstable distribution is only affected by CVE-2011-2642, which has been fixed in version 2.11.8.1-5+lenny9.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2259-1 fex -- authentication bypassDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0fexIt was discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all, can bypass the authentication procedure. The oldstable distribution does not include fex.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2212-1 tmux -- privilege escalationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0tmuxDaniel Danner discovered that tmux, a terminal multiplexer, is not properly dropping group privileges. Due to a patch introduced by Debian, when invoked with the -S option, tmux is not dropping permissions obtained through its setgid installation. The oldstable distribution is not affected by this problem, it does not include tmux.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2159-1 vlc -- missing input sanitisingDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0vlcDan Rosenberg discovered that insufficient input validation in VLC's processing of Matroska/WebM containers could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2251-1 subversion -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0subversionSeveral vulnerabilities were discovered in Subversion, the version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1752 The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. CVE-2011-1783 The mod_dav_svn Apache HTTPD server module can trigger a loop which consumes all available memory on the system. CVE-2011-1921 The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2193-1 libcgroup -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libcgroupSeveral issues have been discovered in libcgroup, a library to control and monitor control groups: CVE-2011-1006 Heap-based buffer overflow by converting list of controllers for given task into an array of strings could lead to privilege escalation by a local attacker. CVE-2011-1022 libcgroup did not properly check the origin of Netlink messages, allowing a local attacker to send crafted Netlink messages which could lead to privilege escalation. The oldstable distribution does not contain libgroup packages.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2228-1 iceweasel -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0iceweaselSeveral vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history. CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2163-2 dajaxice -- multipleDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0dajaxiceThe changes in python-django DSA-2163 necessary to fix the issues CVE-2011-0696 and CVE-2011-0697 introduced an unavoidable backward incompatibility, which caused a regression in dajaxice, which depends on python-django. This update supplies fixed packages for dajaxice.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2221-1 libmojolicious-perl -- directory traversalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libmojolicious-perlViacheslav Tykhanovskyi discovered a directory traversal vulnerability in Mojolicious, a Perl Web Application Framework. The oldstable distribution doesn't contain libmojolicious-perl.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2241-1 qemu-kvm -- implementation errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0qemu-kvmNelson Elhage discovered that incorrect memory handling during the removal of ISA devices in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2173-1 pam-pgsql -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0pam-pgsqlIt was discovered that pam-pgsql, a PAM module to authenticate using a PostgreSQL database, was vulnerable to a buffer overflow in supplied IP-addresses.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2249-1 jabberd14 -- denial of serviceDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0jabberd14Wouter Coekaerts discovered that jabberd14, an instant messaging server using the Jabber/XMPP protocol, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it. The oldstable distribution, does not contain jabberd14.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2255-1 libxml2 -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libxml2Chris Evans discovered that libxml was vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2242-1 cyrus-imapd-2.2 -- implementation errorDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0cyrus-imapd-2.2It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2194-1 libvirt -- insufficient checksDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libvirtIt was discovered that libvirt, a library for interfacing with different virtualization systems, did not properly check for read-only connections. This allowed a local attacker to perform a denial of service or possibly escalate privileges. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2177-1 pywebdav -- SQL injectionDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0pywebdavIt was discovered that python-webdav, a WebDAV server implementation, contains several SQL injection vulnerabilities in the processing of user credentials. The oldstable distribution does not contain a python-webdav package.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2287-1 libpng -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libpngThe PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image. The other vulnerabilities are less critical and allow an attacker to cause a crash in the program via a crafted PNG image.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2174-1 avahi -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0avahiIt was discovered that avahi, an implementation of the zeroconf protocol, can be crashed remotely by a single UDP packet, which may result in a denial of service.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2206-1 mahara -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0maharaTwo security vulnerabilities have been discovered in Mahara, a fully featured electronic portfolio, weblog, resume builder and social networking system: CVE-2011-0439 A security review commissioned by a Mahara user discovered that Mahara processes unsanitised input which can lead to cross-site scripting. CVE-2011-0440 Mahara Developers discovered that Mahara doesn't check the session key under certain circumstances which can be exploited as cross-site request forgery and can lead to the deletion of blogs.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2277-1 xml-security-c -- stack-based buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0xml-security-cIt has been discovered that xml-security-c, an implementation of the XML Digital Signature and Encryption specifications, is not properly handling RSA keys of sizes on the order of 8192 or more bits. This allows an attacker to crash applications using this functionality or potentially execute arbitrary code by tricking an application into verifying a signature created with a sufficiently long RSA key.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2197-1 quagga -- denial of serviceDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0quaggaIt has been discovered that the Quagga routing daemon contains two denial-of-service vulnerabilities in its BGP implementation: CVE-2010-1674 A crafted Extended Communities attribute triggers a null pointer dereference which causes the BGP daemon to crash. The crafted attributes are not propagated by the Internet core, so only explicitly configured direct peers are able to exploit this vulnerability in typical configurations. CVE-2010-1675 The BGP daemon resets BGP sessions when it encounters malformed AS_PATHLIMIT attributes, introducing a distributed BGP session reset vulnerability which disrupts packet forwarding. Such malformed attributes are propagated by the Internet core, and exploitation of this vulnerability is not restricted to directly configured BGP peers. This security update removes AS_PATHLIMIT processing from the BGP implementation, preserving the configuration statements for backwards compatibilitySecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2171-1 asterisk -- buffer overflowDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0asteriskMatthew Nicholson discovered a buffer overflow in the SIP channel driver of Asterisk, an open source PBX and telephony toolkit, which could lead to the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2270-1 qemu-kvm -- programming errorDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0qemu-kvmIt was discovered that incorrect sanitising of virtio queue commands in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code. The oldstable distribution is not affected by this problem.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2163-1 python-django -- multipleDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0python-djangoSeveral vulnerabilities were discovered in the django web development framework: CVE-2011-0696 For several reasons the internal CSRF protection was not used to validate ajax requests in the past. However, it was discovered that this exception can be exploited with a combination of browser plugins and redirects and thus is not sufficient. CVE-2011-0697 It was discovered that the file upload form is prone to cross-site scripting attacks via the file name. It is important to note that this update introduces minor backward incompatibilities due to the fixes for the above issues. Packages in the oldstable distribution are not affected by these problems.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2167-1 phpmyadmin -- sql injectionDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0phpmyadminIt was discovered that phpMyAdmin, a a tool to administer MySQL over the web, when the bookmarks feature is enabled, allowed to create a bookmarked query which would be executed unintentionally by other users.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2170-1 mailman -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0mailmanTwo cross site scripting vulnerabilities were been discovered in Mailman, a web-based mailing list manager. These allowed an attacker to retreive session cookies via inserting crafted JavaScript into confirmation messages and in the list admin interface .SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2266-1 php5 -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0php5Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code. CVE-2010-2531 An information leak was found in the var_export function. CVE-2011-0421 The Zip module could crash. CVE-2011-0708 An integer overflow was discovered in the Exif module. CVE-2011-1466 An integer overflow was discovered in the Calendar module. CVE-2011-1471 The Zip module was prone to denial of service through malformed archives. CVE-2011-2202 Path names in form based file uploads were incorrectly validated. This update also fixes two bugs, which are not treated as security issues, but fixed nonetheless, see README.Debian.security for details on the scope of security support for PHP.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2188-1 webkit -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0webkitSeveral vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1783 WebKit does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. CVE-2010-2901 The rendering implementation in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2010-4199 WebKit does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. CVE-2010-4040 WebKit does not properly handle animated GIF images, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. CVE-2010-4492 Use-after-free vulnerability in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. CVE-2010-4493 Use-after-free vulnerability in Webkit allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events CVE-2010-4577 The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit does not properly parse Cascading Style Sheets token sequences, which allows remote attackers to cause a denial of service via a crafted local font, related to "Type Confusion." CVE-2010-4578 WebKit does not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." CVE-2011-0482 WebKit does not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document CVE-2011-0778 WebKit does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2262-1 moodle -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0moodleSeveral cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning: * MSA-11-0002 Cross-site request forgery vulnerability in RSS block * MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete * MSA-11-0008 IMS enterprise enrolment file may disclose sensitive information * MSA-11-0011 Multiple cross-site scripting problems in media filter * MSA-11-0015 Cross Site Scripting through URL encoding * MSA-11-0013 Group/Quiz permissions issueSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2239-1 libmojolicious-perl -- severalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0libmojolicious-perlSeveral vulnerabilities have been discovered Mojolicious, a Perl Web Application Framework. The link_to helper was affected by cross-site scripting and implementation errors in the MD5 HMAC and CGI environment handling have been corrected. The oldstable distribution doesn't include libmojolicious-perl.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2215-1 gitolite -- directory traversalDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0gitoliteDylan Simon discovered that gitolite, a SSH-based gatekeeper for git repositories, is prone to directory traversal attacks when restricting admin defined commands. This allows an attacker to execute arbitrary commands with privileges of the gitolite server via crafted command names. Please note that this only affects installations that have ADC enabled. The oldstable distribution is not affected by this problem, it does not include gitolite.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2214-1 ikiwiki -- missing input validationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0ikiwikiTango discovered that ikiwiki, a wiki compiler, is not validating if the htmlscrubber plugin is enabled or not on a page when adding alternative stylesheets to pages. This enables an attacker who is able to upload custom stylesheets to add malicious stylesheets as an alternate stylesheet, or replace the default stylesheet, and thus conduct cross-site scripting attacks. The oldstable distribution, this problem has been fixed in version 2.53.6.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2169-1 telepathy-gabble -- insufficient input validationDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0telepathy-gabbleIt was discovered that telepathy-gabble, the Jabber/XMMP connection manager for the Telepathy framework, is processing google:jingleinfo updates without validating their origin. This may allow an attacker to trick telepathy-gabble into relaying streamed media data through a server of his choice and thus intercept audio and video calls.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2274-1 wireshark -- severalDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0wiresharkHuzaifa Sidhpurwala, David Maciejak and others discovered several vulnerabilities in the X.509if and DICOM dissectors and in the code to process various capture and dictionary files, which could lead to denial of service or the execution of arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2232-1 exim4 -- format string vulnerabilityDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0exim4It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code. The oldstable distribution is not affected by this problem because it does not contain DKIM support.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2216-1 isc-dhcp -- missing input sanitisationDebian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0isc-dhcpSebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2211-1 vlc -- missing input sanitisingDebian GNU/Linux 5.0Debian GNU/Linux 6.0Debian GNU/kFreeBSD 6.0vlcRicardo Narvaja discovered that missing input sanitising in VLC, a multimedia player and streamer, could lead to the execution of arbitrary code if a user is tricked into opening a malformed media file. This update also provides updated packages for oldstable for vulnerabilities, which have already been addressed in Debian stable , either during the freeze or in DSA-2159SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDebian GNU/Linux 5.0 is installedDebian GNU/Linux 5.0Debian GNU/Linux 5.0 (lenny) is installedSecPod TeamDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDebian GNU/Linux is installedDebian GNU/LinuxDebian GNU/Linux is installedMaria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDDebian GNU/kFreeBSD is installedDebian GNU/kFreeBSDDebian GNU/kFreeBSD is installedMaria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDDebian 6.0 is installedDebian 6.0Debian 6.0 (squeeze) is installedSecPod TeamDRAFTINTERIMChandan SACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDlibapache2-mod-perl2ircd-ratboxrxvt-unicodelibstruts1.2-javaxbuffymod-wsgilibmmsopensshlibxalan2-javaudisksmuttlighttpdpidginstrongswanqemua2psdpkgvirtualboxgraphvizlibgadulibyamldjvulibrensprdenyhostsmemcachedsrtpasterisklibtarlibcommons-fileupload-javagnupgvarnishdrupal6dhcpcdhpliplibgdatakrb5libjakarta-poi-javapcptinyproxyweechatca-certificateszendframeworkzabbixzonemindergridenginesup-mailexactimagebeakergajimcactiapache2pixmanikiwikipolarsslsudoexpatlibxsltpidgin-otrpostgresql-8.4gnupg2libxresgangliacupslighttpdglobus-gridftp-serverpython-djangonss-pam-ldapddevscriptsxen-qemu-dm-4.0trousersfirebird2.5libxvffmpegnascurllibxextmediawiki-extensionslibapache-mod-securitylibapache2-mod-fcgidxml-security-cstunnel4monoircd-hybridpolarsslopenjpegasteriskrtfmnagios3tiffelinksmesacups-pk-helpericeweasellibxtlibxrandricucurlvirtualbox-oseruby1.8phpbb3openssllibvirtexim4wiresharklibxxf86dgaqemuquaggaspipnbdlibxfixesgnupgtelepathy-gabblersshcactiwiresharklibupnpkfreebsd-8mysql-5.1torquephp5baculaimagemagickmantisicedoveproftpd-dfsgdrupal6linux-2.6linux-2.6redmineruby1.9.1mediawikiextplorerxenpyopenssltryton-clientspiplibxcbdavfs2sambamysql-5.1strongswanlibpngimp4chronypython-cryptowordpressnssfail2banopenafsrailsinspircdlibxxf86vmlibrack-rubyxorg-serverperllinks2ejabberdlibxml2ircd-ratboxtypo3-srcopenoffice.orgrequest-tracker3.8libspring-2.5-javapython-djangoisc-dhcpiceapebind9nssotrs2php5php-radiuslibmodplugopenjdk-6tifflibgcrypt11gnupgwiresharkphp5ruby1.9.1nsd3rsshbind9tomcat6libdmxopenafsopenttdlibfsxen-qemu-dm-4.0libxsltsympaasterisklibxml2libupnp4subversionlibxiarpwatchlighttpdfckeditoriceweaselcfingerdiceapemaharakolab-cyrus-imapdsqlalchemysambaspipexactimagekrb5libxtstlibxvmcinetutilslibproxycgiircbind9asterisktincbogofilterlibapache2-mod-rpaflibotricingamysql-5.1freeradiussmokepingwiresharklinux-2.6openjpeggajimlibx11libxpffmpeghostapdopenoffice.orgemacs23libxcursorgnupggnupg2squid3popplerlibxrenderqemu-kvmcurlputtypidginquaggapostgresql-8.4postgresql-8.3python-djangoradsecproxyxml-security-chaproxyzendframeworknutstrongswanopenconnectopenjdk-6ghostscriptphp5fusionforgedropbearperlicedovemovabletype-opensourcerequest-tracker3.8libxineramalibexifapache2isc-dhcplibapache-mod-securitytiff/etcdebian_version^(\d).*$1xserver-xorg-video-openchromeopenarenapuppetotrs2viewvclibcgi-pm-perlfirebird2.1moinopenssllibsshxorg-serverrailsbcfg2nssxentornginxecryptfs-utilscactitryton-serverxen-qemu-dm-4.0bipfilelibdbd-pg-perllibarchivegimpcupslibapache2-mod-fcgidtorquelibyaml-libyaml-perlnginxsupermoinlibtasn1-3mojarrapamlighttpdraptorgnashsystemtaplibvorbisinetutilsradvdt1libgnutls26man2htmlvsftpdipmitoolpuppetacpidfoomatic-filtersapache2policykit-1bcfg2clearsilverxenopenswanicumantislibfcgi-perlmediawikijasperheimdalplibunboundldnspostgresql-8.4mysql-5.1squid3mumblesquirrelmailchasensimplesamlphplibsoup2.4torimagemagicklibxfontphpldapadminbugzillanotmuchtypo3-srccvsdevscriptspython-pamkfreebsd-8ffmpegkrb5xorgfreetypepdnsopenttdlibxml-atom-perlopenarenapython-django-pistonopieopenoffice.orglibapache2-mod-authnz-externalperlpostfixlibmodpluglinux-2.6libsndfilemapservercurlspiptinyproxyvinoimp4dovecotpango1.0wordpresstex-commonaprx11-xserver-utilsejabberdopensslsambatomcat6railsopensaml2movabletype-opensourceopenjdk-6citadelicedovetgtnssshadowlogwatchoprofilerequest-tracker3.6, request-tracker3.8krb5-applgdm3tiffhorde3proftpd-dfsgchromium-browserbind9iceapeotrs2doctrineopenafskolab-cyrus-imapdxmlsec1phpymadminfextmuxsubversionlibcgroupiceweaseldajaxicepam-pgsqljabberd14libxml2cyrus-imapd-2.2libvirtpywebdavlibpngavahimaharaxml-security-cquaggaasteriskqemu-kvmpython-djangophpmyadminmailmanphp5webkitmoodlelibmojolicious-perlgitoliteikiwikitelepathy-gabblewiresharkexim4isc-dhcp/etcos-release^NAME="(.*)"$1/etcdebian_version^(\d\.\d).*$1vlc0:0.8.3-5+squeeze50:5.04-5+squeeze20:5.11-2+deb7u20:5.04-5+squeeze40:0.1.3-1+deb6u20:0.1.4-2+deb7u20:2.0.11-40:3.5.16-60:0.7.15+squeeze4-00:4.0.1-5.80:3.5.16-150:3.6.1+dfsg-1~deb7u20:3.6.1+dfsg-1~deb6u21:1.6.2.9-2+squeeze82:1.0.7-1+deb7u22:1.0.5-1+squeeze20:7.21.0-2.1+squeeze20:5.10.1-17squeeze60:2.0.4-7+squeeze10:1.3+dfsg-4+squeeze20:1.3+dfsg-4.70:1.1.0-4+squeeze10:2.6-10+deb7u20:2.6-7+deb6u21:1.6.2.9-2+squeeze108:6.6.0.4-3+squeeze30:7.21.0-2.1+squeeze50:7.26.0-1+wheezy50:3.0.11-1+squeeze30:1.9.9.dfsg2-2.1+squeeze10:1.4.6-1.1+squeeze10:1.4.6-1.1+deb7u10:2.7.23-1~deb7u20:2.6.2-5+squeeze90:1.4.28-2+squeeze1.50:1.4.31-4+deb7u20:3.0.6.dfsg-2+squeeze10:3.5.16-50:9.15-2+deb7u10:9.07-2+deb6u10:1.15.9-00:1.16.13-01:1.4.5-41:1.4.1-50:1.16.14-00:1.15.10-00:1.2.9-5+deb7u10:1.2.9-4+deb6u10:3.3.bl.3.dfsg-8+deb7u10:3.3.bl.3.dfsg-8+deb6u10:4.5.2-1.5+deb7u40:4.4.1-5.60:1.4.5-1+deb7u70:1.2.3-3+squeeze100:6b31-1.13.3-1~deb7u10:6b31-1.13.3-1~deb6u10:2.4.8+dfsg-9squeeze40:2.4.16+dfsg-1+deb7u30:0.12.5+dfsg-5+squeeze110:1.1.2+dfsg-6+deb7u10:7.21.0-2.1+squeeze80:7.26.0-1+wheezy90:3.6.1+dfsg-1~deb6u20:3.6.1+dfsg-1~deb7u20:3.3-4+deb7u10:3.3-2+deb6u10:0.6.2-3+deb7u10:0.6-1+squeeze20:4.1.18-dfsg-2+deb7u30:3.2.10-dfsg-1+squeeze30:6.31-10:3.30.0-3+squeeze20:3.30.0-6+deb7u10:2.6.32-48squeeze61:6.0p1-4+deb7u11:5.5p1-6+squeeze50:0.1.4-2+deb7u40:0.1.3-1+deb6u40:2.7.1-5+deb6u10:2.7.1-7+deb7u10:2.6.32-48squeeze50:1.0.1+git20100614-3squeeze10:1.0.4-7wheezy10:1.5.21-6.2+deb7u20:1.5.20-9+squeeze30:1.6.1-3+deb7u20:1.4.12.1+dfsg-4+squeeze30:1.4.31-4+deb7u30:1.4.28-2+squeeze1.60:2.8.6-1+squeeze30:2.12.20-8+deb7u10:8.4.20-0squeeze10:2.7.3-1+squeeze40:2.1.0b6+dfsg.2-1+squeeze20:2.1.0b6+dfsg.3-4+deb7u10:0.33-1+squeeze20:0.38-3+deb7u10:4.5.2-1.5+deb7u30:4.4.1-5.50:0.4.5-3+squeeze20:0.5.4-1+deb7u10:0.12.5+dfsg-3squeeze40:1.1.2+dfsg-6a+deb7u11:4.14-1.1+deb6u11:4.14-1.1+deb7u10:1.8.2-5wheezy100:1.2.11-6+squeeze140:1.15.11-00:1.16.15-00:3.2.10-dfsg-1+squeeze20:4.1.18-dfsg-2+deb7u28:6.7.7.10-5+deb7u38:6.6.0.4-3+squeeze40:0.33-1+squeeze30:0.38-3+deb7u20:1.4.4-7+squeeze40:1.2.16-1+deb7u20:1.2.11-6+deb6u20:3.1.7+dfsg1-8+deb7u40:2.4.9+dfsg1-3+squeeze50:5.11-2+deb7u20:5.04-5+squeeze40:5.3.3-7+squeeze190:5.4.4-14+deb7u80:5.04-5+squeeze30:5.11-2+deb7u11:2.6.37-3+deb7u11:2.6.28+dfsg-5+squeeze20:2.26.3-5+squeeze20:2.26.3-14+deb7u10:7.21.0-2.1+squeeze70:7.26.0-1+wheezy80:5.1.73-11:1.9.0-2+squeeze21:1.11.2-1+deb7u10:6.30-10:1.2.2-1+deb7u20:1.2.2-1+deb6u20:0.1.4-2+deb7u20:0.1.3-1+deb6u20:3.3.8+debian0-30:3.5.23-3+squeeze10:4.3.8+dfsg-0+squeeze40:5.1.4+dfsg-4+deb7u11:1.4.5-31:1.4.1-40:2.6.2-5+squeeze90:2.7.23-1~deb7u22:4.9.2-1+deb7u10:4.8.6-1+squeeze10:2.6-7+deb6u20:2.6-10+deb7u20:4.3.9+dfsg1-1+squeeze90:4.5.19+dfsg1-5+wheezy20:1.4.13-0.2+deb7u10:1.4.5-1+deb6u10:1.4.4+20100615~dfsg-2+deb7u10:1.4.4~dfsg-6+deb6u11:1.6.2.9-2+squeeze121:1.8.13.1~dfsg1-3+deb7u30:1.2.16-1+deb7u10:1.2.11-6+deb6u10:1.2.2-1+deb7u10:1.2.2-1+deb6u12:3.5.6~dfsg-3squeeze112:3.6.6-6+deb7u22:1.7.7-182:1.12.4-6+deb7u20:1.4.12-7+deb7u30:1.4.10-4+squeeze40:5.3.3-7+squeeze180:5.4.4-14+deb7u70:3.0.2-2+deb7u10:2.1.3-8+deb6u10:6.29-10:2.8.2-2+deb7u10:2.6.10-1+squeeze40:2.2.16-6+squeeze10:3.0.11-1+squeeze30:3.3.2+dfsg-1~squeeze11:3.2.3-5+squeeze10:3.10.6-2+squeeze20:3.12.6-3.1+deb7u14:0.5.9-11:1.6.2.9-2+squeeze50:0.6.4-2+squeeze10:1.8.3+dfsg-4squeeze60:2.4.2-4+squeeze10:2.7.8.dfsg-2+squeeze50:3.6+dfsg-1+squeeze10:3.3.3-squeeze20:1.8.2-1squeeze30:0.3.2-1+squeeze10:20090814+nmu3-00:1.10.6-1squeeze20:4.0.1-5.51:1.8.2-1squeeze40:1.24.2-8+squeeze10:2.0.11-150:3.5.16-140:6.2u5-1squeeze10:1.4.28-2+squeeze1.40:1.4.31-4+deb7u10:0.12.1+git20120407.aaa852f-1+deb7u10:0.11-2+nmu1+deb6u10:0.8.1-3+deb6u30:0.8.5-5+deb7u30:1.5.4-4+squeeze10:0.13.4-3+squeeze30:1.7.4p4-2.squeeze.40:0.8.8a+dfsg-5+deb7u20:0.8.7g-1+squeeze30:2.2.16-6+squeeze70:2.0.11-170:0.16.4-1+deb6u10:0.26.0-4+deb7u10:3.20100815.9-00:0.12.1-1squeeze10:1.7.4p4-2.squeeze.30:2.0.1-7+squeeze10:1.1.26-6+squeeze30:3.2.0-5+squeeze10:8.4.16-0squeeze10:4.3.9+dfsg1-1+squeeze30:2.0.19-2+deb7u10:2.0.14-2+squeeze20:4.3.9+dfsg1-1+squeeze80:2.7.8.dfsg-2+squeeze80:2.8.0+dfsg1-7+nmu22:1.0.6-1+deb7u12:1.0.4-1+squeeze0:3.8.8-7+squeeze70:3.5.16-160:3.1.7-1+squeeze10:1.4.4-7+squeeze21:9.7.3.dfsg-1~squeeze70:1.4.28-2+squeeze1.20:3.23-1+squeeze10:1.2.3-3+squeeze80:1.4.5-1+deb7u40:0.7.15+squeeze3-00:1.2.3-3+squeeze30:2.10.69+squeeze4-00:4.0.1-2+squeeze20:0.3.5-2+squeeze10:2.4.16+dfsg-1+deb7u10:2.4.8+dfsg-9squeeze20:2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze12:1.0.5-1+squeeze12:1.0.7-1+deb7u10:4.0.1-5.110:4.1.4-3+deb7u14:0.5.10-10:2.6.32-48squeeze10:1.9.3-5wheezy10:1.9.2-4squeeze10:1.2.11-6+squeeze100:3.0.11-1+squeeze90:7.21.0-2.1+squeeze32:1.1.2-1+squeeze12:1.3.1-2+deb7u10:2.3squeeze2-00:1.2.11-6+squeeze130:1.8.2-5wheezy71:9.7.3.dfsg-1~squeeze80:2.5.12-1+squeeze11:2.3.6-1.2+deb7u11:2.3.6-1+squeeze20:1.6.1-5+deb7u10:1.5.1-3+squeeze23:4.29-1+squeeze10:2.7.8.dfsg-2+squeeze70:5.3.3-7+squeeze130:2.6.7-5.10:3.9.4-5+squeeze90:4.0.2-6+deb7u11:7.2.2.dfsg.2-6.2+squeeze10:1.2.9-1~deb6u10:1.2.9-1~deb7u10:1.3+dfsg-4+squeeze20:1.3+dfsg-4.71:1.6.2.9-2+squeeze70:4.4.1-5.40:4.5.2-1.5+deb7u20:2.4.2-4+squeeze20:3.2.1-2+squeeze10:1.3.4a-5+deb7u10:1.3.3a-6squeeze70:3.9.4-5+squeeze50:0.12~pre5-2+squeeze10:0.12.5+dfsg-3squeeze20:8.0.5-4+deb7u10:7.7.1-60:0.1.0-30:3.5.16-170:4.3.9+dfsg1-1+squeeze51:1.1.3-1+deb7u11:1.0.7-1+squeeze12:1.3.2-2+deb7u12:1.3.0-3+squeeze10:3.0.11-1+squeeze130:4.8.1.1-12+deb7u10:4.4.1-8+squeeze20:7.21.0-2.1+squeeze50:7.26.0-1+wheezy50:3.2.10-dfsg-1+squeeze10:1.8.7.358-7.1+deb7u10:1.8.7.302-2squeeze20:3.0.7-PL1-4+squeeze10:3.0.10-4+deb7u10:0.9.8o-4squeeze120:0.8.3-5+squeeze40:4.72-6+squeeze30:1.2.11-6+squeeze82:1.1.1-2+squeeze12:1.1.3-2+deb7u10:0.12.5+dfsg-3squeeze30:0.99.22.4-1+wheezy10:0.99.20.1-0+squeeze50:2.1.17-1+deb7u20:2.1.1-3squeeze71:3.2-4~deb7u41:2.9.16-8+squeeze11:5.0-4+deb7u11:4.0.5-1+squeeze10:1.4.12-7+deb7u20:1.4.10-4+squeeze30:4.3.9+dfsg1-1+squeeze70:0.16.5-1+deb7u10:0.9.15-1+squeeze20:2.3.2-13squeeze30:0.8.8a+dfsg-5+deb7u10:0.8.7g-1+squeeze20:1.2.11-6+squeeze120:1.8.2-5wheezy61:1.6.6-5+squeeze10:8.1+dfsg-8+squeeze30:5.1.63-0+squeeze10:2.4.16+dfsg-1+deb7u20:2.4.8+dfsg-9squeeze30:3.0.11-1+squeeze150:4.0.1-5.100:5.3.3-7+squeeze140:5.0.2-2.2+squeeze18:6.6.0.4-3+squeeze30:1.1.8+dfsg-10squeeze20:3.0.11-1+squeeze100:4.0.1-5.70:1.3.3a-6squeeze50:6.28-10:2.6.32-48squeeze40:2.6.32-48squeeze30:1.0.1-20:1.9.2.0-2+deb6u20:1.9.3.194-8.1+deb7u21:1.19.5-1+deb7u11:1.15.5-2squeeze60:2.1.0b6+dfsg.2-1+squeeze10:4.0.1-5.30:3.6.1+dfsg-1~deb6u10:3.6.1+dfsg-1~deb7u10:0.13-2+deb7u10:0.10-1+squeeze10:1.6.1-1+deb6u10:2.2.3-1+deb7u10:3.8.8-7+squeeze40:2.1.17-1+deb7u10:2.1.1-3squeeze60:1.6-1+squeeze10:1.8.1-2+deb7u10:1.4.6-1.1+deb7u10:1.4.6-1.1+squeeze12:3.5.6~dfsg-3squeeze70:2.3.5-1.2+squeeze70:5.1.72-20:4.4.1-5.20:2.3.5-1.2+squeeze4.10:2.1.0-2+squeeze10:1.2.44-1+squeeze40:4.3.7+debian0-2.20:1.24-3+squeeze10:1.24-3.1+deb7u20:2.6-4+deb7u10:2.1.0-2+squeeze20:3.5.2+dfsg-1~deb6u10:3.5.2+dfsg-1~deb7u10:3.12.8-1+squeeze50:0.8.6-3wheezy20:0.8.4-3+squeeze20:1.4.12.1+dfsg-4+squeeze10:2.3.5-1.2+squeeze30:1.1.22+dfsg-4+squeeze10:1.1.22+dfsg-4+wheezy11:1.1.2-1+deb7u11:1.1.0-2+squeeze10:1.1.0-4+squeeze12:1.7.7-172:1.12.4-6+deb7u10:5.10.1-17squeeze41:3.2.1-11+squeeze70:2.7-1+deb7u10:2.3~pre1-1+squeeze20:2.1.10-4+deb7u10:2.1.5-3+squeeze20:2.7.8.dfsg-2+squeeze60:3.0.6.dfsg-2squeeze10:4.3.9+dfsg1-1+squeeze41:3.2.1-11+squeeze80:3.8.8-7+squeeze20:2.5.6.SEC02-2+squeeze10:1.2.3-3+squeeze50:4.1.1-P1-15+squeeze40:2.0.11-161:9.7.3.dfsg-1~squeeze102:3.14.5-10:3.12.8-1+squeeze70:3.1.7+dfsg1-8+deb7u30:2.4.9+dfsg1-3+squeeze40:5.4.4-14+deb7u30:5.3.3-7+squeeze160:1.2.5-2+squeeze10:1.2.5-2.3+deb7u11:0.8.8.1-1+squeeze2+git201308281:0.8.8.4-3+deb7u1+git201308280:6b27-1.12.6-1~deb6u10:6b27-1.12.6-1~deb7u10:3.9.4-5+squeeze100:4.0.2-6+deb7u20:1.5.0-5+deb7u10:1.4.5-2+squeeze10:1.4.12-7+deb7u10:1.4.10-4+squeeze20:1.8.2-5wheezy50:1.2.11-6+squeeze110:1.4.5-1+deb7u30:1.2.3-3+squeeze70:5.4.4-14+deb7u40:5.3.3-7+squeeze170:1.9.3.194-8.1+deb7u10:1.9.2.0-2+deb6u10:3.2.5-1.squeeze20:2.0.11-130:0.99.20.1-0+squeeze10:2.3.2-13squeeze10:2.6.2-5+squeeze61:9.8.4.dfsg.P1-6+nmu2+deb7u11:9.7.3.dfsg-1~squeeze110:2.6.2-5+squeeze50:4.0.1-5.20:0.99.20.1-0+squeeze20:3.8.8-7+squeeze30:6.0.35-1+squeeze30:6.0.35-6+deb7u10:3.0.11-1+squeeze121:9.7.3.dfsg-1~squeeze50:4.1.1-P1-15+squeeze50:1.2.6-2+squeeze61:1.1.2-1+deb7u11:1.1.0-2+squeeze10:3.5.16-180:1.6.1-3+deb7u10:1.4.12.1+dfsg-4+squeeze20:1.0.4-62:1.0.4-1+deb7u12:1.0.2-1+squeeze10:3.5.16-200:1.2.6-2+squeeze50:4.0.1-2+squeeze30:0.9.8o-4squeeze141:1.6.2.9-2+squeeze90:3.0.11-1+squeeze110:1.1.26-6+squeeze22:3.5.6~dfsg-3squeeze90:2.3.5-1.2+squeeze40:2.25-0.1+squeeze20:8.4.12-0squeeze10:6.0.1+dfsg-4+squeeze11:1.6.2.9-2+squeeze111:1.8.13.1~dfsg-3+deb7u10:2.7.8.dfsg-2+squeeze40:2.0.11-140:1.8.0~svn20100507-1+squeeze10:1.2.11-6+squeeze90:1.6.12dfsg-70:1.6.17dfsg-4+deb7u32:1.3-82:1.6.1-1+deb7u10:2.1a15-1.1+squeeze11:3.2.1-11+squeeze60:4.1.1-P1-15+squeeze80:1.4.28-2+squeeze1.31:2.6.6-1squeeze10:3.5.16-190:2.6.2-5+squeeze80:2.7.18-50:1.4.3-3+squeeze10:2.0.11-110:1.2.6-2+squeeze40:2.2.13-5+lenny30:2.2.13-9.10:3.12.8-1+squeeze60:0.6.3-3+squeeze10:8.4.13-0squeeze12:3.5.6~dfsg-3squeeze80:3.9.4-5+squeeze40:2.1.1-3squeeze30:0.8.5-5+deb7u20:0.8.1-3+deb6u20:2.2.16-6+squeeze100:1.8.3+dfsg-4squeeze70:1.10.1+dfsg-5+deb7u12:1.2.1-1+deb7u12:1.1.0-3+squeeze12:1.0.7-1+deb7u12:1.0.5-1+squeeze12:1.6-3.1+squeeze20:0.3.1-2+squeeze10:0.5.9-3squeeze10:0.5.9-3lenny31:9.7.3.dfsg-1~squeeze61:1.6.2.9-2+squeeze60:1.0.13-1+squeeze10:1.2.2-2+squeeze10:0.5-3+squeeze10:3.2.0-2+squeeze10:1.0.2-2+squeeze10:5.1.66-0+squeeze10:2.1.10+dfsg-2+squeeze10:2.3.6-5+squeeze10:1.2.11-6+squeeze10:1.0.2-3+lenny130:2.6.32-440:3.8.8-7+squeeze60:2.3.5-1.2+squeeze60:1.3+dfsg-4+squeeze10:0.13.4-3+squeeze22:1.3.3-4+squeeze12:1.5.0-1+deb7u11:1.0.1-2+deb7u11:1.0.0.xsf1-2+squeeze14:0.5.8-11:0.6.10-2+squeeze11:3.2.1-11+squeeze50:23.2+1-7+squeeze11:1.1.10-2+squeeze11:1.1.13-1+deb7u10:1.4.10-4+squeeze10:2.0.14-2+squeeze10:3.1.6-1.2+squeeze30:0.12.4-1.2+squeeze31:0.9.6-1+squeeze11:0.9.7-1+deb7u10:0.12.5+dfsg-5+squeeze90:3.9.4-5+squeeze70:0.12.5+dfsg-5+squeeze100:7.26.0-1+wheezy30:7.21.0-2.1+squeeze40:8.4.17-0squeeze10:0.62-9+deb7u10:0.60+2010-02-20-1+squeeze20:2.7.3-1+squeeze30:0.99.20.1-0+squeeze30:8.4.9-0squeeze10:8.3.16-0lenny10:1.4.5-1+deb7u10:1.2.3-3+squeeze60:1.4-1+squeeze10:1.5.1-3+squeeze30:1.6.1-5+deb7u20:1.4.8-1+squeeze10:1.10.6-1squeeze10:2.4.3-1.1squeeze20:4.4.1-5.30:4.5.2-1.5+deb7u10:2.25-0.1+squeeze10:6b18-1.8.13-0+squeeze20:5.3.3-7+squeeze150:8.71~dfsg2-9+squeeze10:5.3.3-7+squeeze90:5.0.2-5+squeeze20:0.52-5+squeeze10:5.10.1-17squeeze60:3.0.11-1+squeeze140:4.3.8+dfsg-0+squeeze30:3.8.8-7+squeeze52:1.1.2-1+deb7u12:1.1-3+squeeze10:0.6.19-1+squeeze10:2.2.16-6+squeeze110:4.1.1-P1-15+squeeze60:1.9.3-1+squeeze40:3.9.4-5+squeeze80:2.5.12-1+squeeze20:3.9.4-5+squeeze671:0.2.904+svn842-2+squeeze11:0.2.906-2+deb7u10:0.9.8o-4squeeze110:0.8.5-5+squeeze30:2.6.2-5+squeeze70:2.4.9+dfsg1-3+squeeze30:1.1.5-1.1+squeeze20:3.49-1squeeze20:2.1.3.18185-0.ds1-11+squeeze10:1.9.3-1+squeeze20:0.9.8o-4squeeze130:2.3.5-1.2+squeeze80:0.4.5-3+squeeze12:1.7.7-160:2.3.5-1.2+squeeze50:1.0.1-3+squeeze20:3.12.3.1-0lenny50:3.12.8-1+squeeze20:4.0.1-5.40:0.2.2.39-10:0.7.67-3+squeeze30:68-1+lenny10:83-4+squeeze10:2.6.32-39squeeze10:0.8.7b-2.1+lenny40:0.8.7g-1+squeeze10:1.2.44-1+squeeze20:1.6.1-2+squeeze10:4.0.1-2+squeeze10:5.2.6.dfsg.1-1+lenny140:5.3.3-7+squeeze54:3.3.7-70:1.2.44-1+squeeze30:1.3.3a-6squeeze40:1.3.1-17lenny80:0.8.2-1squeeze40:5.04-5+squeeze10:2.17.1-2+squeeze10:2.8.4-1+squeeze10:2.2.16-6+squeeze60:2.2.9-10+lenny120:1.9.0.19-150:3.5.16-110:2.6.10-1+squeeze30:1.3.8-1+lenny100:1.4.4-7+squeeze10:20100208+debian1-1+squeeze20:2.0.11-90:2.2.13-19+squeeze20:2.2.13-14+lenny50:3.1.6-1.2+squeeze20:6.0.35-1+squeeze20:2.6.2-5+squeeze30:0.24.5-3+lenny20:5.3.3-7+squeeze70:1:2.3.6-1+squeeze10:2.4.8+dfsg-9squeeze10:0.33-1+squeeze10:1.8.9-2+squeeze10:2.3.5-1.2+squeeze20:2.1.0-7+lenny20:0.7.67-3+squeeze20:3.30.0-3+squeeze10:3.30.0-2+lenny10:0.9.8g-15+lenny150:0.9.8o-4squeeze50:2.0.11-100:6b18-1.8.10-0+squeeze10:1.7.1-3+lenny60:1.9.3-1+squeeze10:2.3.7-2+lenny80:2.4.2-2.1+squeeze30:2.7-1+squeeze+10:1.6.3-30:6b18-1.8.13-0+squeeze10:0.9.8g-15+lenny160:0.9.8o-4squeeze70:2.6.32-41squeeze20:2.0.3-1+squeeze10:1.1.1-6.1+squeeze10:1.4.19+lenny3-00:1.4.28-2+squeeze10:6b18-1.8.9-0.1~squeeze10:1.2.6-2+squeeze30:1.0.4-4+lenny110:1.2.3-3+squeeze20:1.0.2-1+lenny30:1.4.21-2+squeeze10:0.8.8-5+squeeze10:1.2-5+squeeze10:1.3.1-1+squeeze10:5.3.3-7+squeeze80:4:0.5.6-30:1.9.9.dfsg2-2.1+squeeze20:1.6-3.1+squeeze10:1.5.dfsg.1-9+lenny10:1:1.1-3.10:1:1.6-1.10:5.1.2-3+squeeze10:5.1.2-3+lenny10:2.3.7-2+lenny70:2.4.2-2.1+squeeze20:2.8.6-1+squeeze20:1.6f-3+lenny10:1.6f+repack-1+squeeze10:2.6.2-5+squeeze40:0.2.1.32-10:0.2.2.35-1~squeeze+10:2.7.8.dfsg-2+squeeze20:2.6.32.dfsg-5+lenny50:2.3.2-3+squeeze20:2.0.7-1+lenny10:1.8.11-2+squeeze20:0.99.10-1lenny60:0.99.17-2+squeeze30:3.0.11-1+squeeze60:2.6.2-5+squeeze10:1.6.dfsg.4~beta1-5lenny71:1.0.1-1.20:1.0.8-1lenny40:2.0.7-1squeeze30:3.0.2-20080211-3.2+lenny10:4.0.5-6+squeeze10:1:0.8.8.1-1+squeeze20:2.2.9-10+lenny100:2.2.16-6+squeeze20:2:3.5.6~dfsg-3squeeze50:2:3.2.5-4lenny150:2.4.2-2.1+squeeze10:2.3.7-2+lenny60:2.2.9-10+lenny110:2.2.16-6+squeeze30:0.96-4+squeeze10:1.0.1-3+squeeze10:0.9.5.7-1.1+lenny10:3.12.8-1+squeeze30:3.12.3.1-0lenny60:4:0.5.4-10:0.10.5-1+squeeze10:0.10.4-1.3+lenny10:4.0.1-40:2.6.28+dfsg-5+squeeze10:2.4.12+dfsg-1.3+lenny40:1.9.9.dfsg2-2.1+squeeze30:6.0.472.63~r59945-5+squeeze60:20100208+debian1-1+squeeze30:4.4.1-80:3.8.1-3+lenny30:1.1.6+dfsg-2lenny60:1.1.8+dfsg-10squeeze10:3.0.11-1+squeeze40:0.71-1+squeeze10:1.0.2-3+lenny160:1.2.11-6+squeeze50:1:1.15.5-2squeeze20:1:1.12.0-2lenny90:1.900.1-7+squeeze10:1.4.0~git20100726.dfsg.1-2+squeeze10:1.2.dfsg.1-2.1+lenny10:1.2.11-6+squeeze60:1.8.5-5+squeeze10:1.4.6-1~lenny20:1.4.6-1+squeeze20:1.6.6-2+squeeze10:1.4.0-1+lenny20:1:9.7.3.dfsg-1~squeeze40:1:9.6.ESV.R4+dfsg-0+lenny40:1:1.6.2.9-2+squeeze40:1:1.4.21.2~dfsg-3+lenny60:8.4.11-0squeeze10:5.1.61-0+squeeze10:3.1.6-1.2+squeeze10:3.0.STABLE8-3+lenny50:1.2.2-6+squeeze10:7.18.2-8lenny60:7.21.0-2.1+squeeze10:1.4.15-4+lenny50:1.4.21-20:2.4.4-2+lenny20:2.4.4-11+squeeze20:3.5.16-120:3.0.11-1+squeeze80:2.0.11-70:3.0.11-1+squeeze70:1:2.4.1+dfsg-1+lenny120:1:3.2.1-11+squeeze40:1.6.3-20:2.4.1-2+lenny10:2.30.2-1+squeeze10:0.2.1.31-1~lenny+10:0.2.1.31-18:6.6.0.4-3+squeeze10:0.12.5+dfsg-5+squeeze80:1.3.3-20:1.4.1-30:3.0.11-1+squeeze50:1.1.0.5-6+lenny20:1.2.0.5-2+squeeze10:2.6.32-35squeeze20:2.7.8.dfsg-2+squeeze30:2.2.13-14+lenny60:2.2.13-19+squeeze30:1.9.0.19-130:3.5.16-90:3.6.2.0-4.40:0.3.1+squeeze1-00:4.3.9+dfsg1-1+squeeze10:4.2.5-1+lenny80:4.1.1-P1-15+squeeze30:3.1.1-6+lenny60:1.2.11-6+squeeze40:1.0.2-3+lenny150:1:1.12.13-12+squeeze10:5.3.3-7+squeeze60:5.2.6.dfsg.1-1+lenny150:2.10.69+squeeze2-00:0.4.2-12.2+squeeze10:8.1+dfsg-8+squeeze20:4:0.5.5-10:1.8.3+dfsg-4squeeze51:7.5+8+squeeze1-00:2.4.2-2.1+squeeze40:0.9.8g-15+lenny120:0.9.8o-4squeeze20:2.1.1-3squeeze20:2.0.11-80:2.9.22-8+squeeze10:2.9.21.2-1+lenny10:3.12.3.1-0lenny70:3.12.8-1+squeeze40:2.1.0-7+lenny10:2.3.5-1.2+squeeze10:4.3.8+dfsg-0+squeeze20:3.5.16-130:0.6.2-1+lenny40:1.0.4-40:0.37-1+squeeze10:0.8.5-5+squeeze20:0.9.8g-15+lenny140:0.9.8o-4squeeze40:0.2.2-1+squeeze10:2.6.32-35squeeze10:1.6.2.9-2+squeeze30:1.4.21.2~dfsg-3+lenny30:1.2.12-5+lenny40:1.4.2-6+squeeze20:0.9.6-1.1+squeeze10:0.9.3-2+lenny10:2.32.dfsg.1-0.2+squeeze10:2.32-10.2+lenny20:1:3.2.1-11+squeeze30:5.10.0-19lenny40:5.10.1-17squeeze10:1.0.4-4+lenny100:1.2.6-2+squeeze20:6b18-1.8.7-2~lenny10:6b18-1.8.7-2~squeeze10:3.2.4-2+squeeze10:1.9.0.19-120:3.5.16-90:5.10.0-19lenny50:5.10.1-17squeeze20:1:9.6.ESV.R4+dfsg-0+lenny30:1:9.7.3.dfsg-1~squeeze30:0.8.3-5+squeeze20:0.4.6-10+lenny20:3.9.4-5+squeeze10:2.5.5-1.1+lenny10:2.7.1-1+squeeze10:1:0.8.8.1-1+squeeze11:0.8.4-1+lenny20:2.6.32-34squeeze10:1.0.17-4+lenny30:1.0.21-3+squeeze10:2.0.11-50:5.0.3-3+lenny70:5.6.5-2+squeeze20:7.21.0-20:7.18.2-8lenny50:2.1.1-3squeeze10:6.0.472.63~r59945-5+squeeze50:1.8.2-1squeeze10:2.28.2-2+squeeze10:4.3.7+debian0-2.10:4.2-4lenny30:0.12.5+dfsg-5+squeeze10:3.0.11-1+squeeze10:1.1.3-1squeeze50:1.6.12dfsg-50:1.5.1dfsg1-61:1.2.15-70:1.28.3-1+squeeze20:3.8.2-11.50:3.9.4-5+squeeze30:3.0.5+dfsg-0+squeeze10:4.1.1-P1-15+squeeze10:0.12.5+dfsg-5+squeeze60:2.08.1-00:1.2.12-5+lenny30:1.4.2-6+squeeze10:7.5+3-00:2.0.1-6+lenny30:2.1.5-3+squeeze10:0.9.8o-4squeeze10:1:9.7.3.dfsg-1~squeeze10:1:1.6.2.9-2+squeeze20:1:1.4.21.2~dfsg-3+lenny2.10:3.2.5-4lenny140:3.5.6~dfsg-3squeeze20:6.0.472.63~r59945-5+squeeze20:6.0.28-9+squeeze10:2.1.0-7+lenny0.10:2.3.5-1.2+squeeze0.10:2.3-2+squeeze10:2.0-2+lenny30:4.3.5+dfsg-2+squeeze20:6b18-1.8.3-2+squeeze10:7.83-2squeeze20:7.37-8+lenny10:3.0.11-1+squeeze20:1:1.0.4-2squeeze10:3.12.8-1+squeeze10:3.12.3.1-0lenny40:1.9.0.19-80:3.5.16-50:1:4.1.4.2+svn3283-2+squeeze10:7.3.6.cvs20080702-2lenny10:7.3.6.cvs20090906-1squeeze10:2.0.11-30:0.9.3-2+lenny20:0.9.6-1.1+squeeze20:3.6.7-5+lenny60:3.8.8-7+squeeze11:1.0.1-1.10:2.30.5-6squeeze20:6.0.472.63~r59945-5+squeeze40:3.9.4-5+squeeze20:3.3.8+debian0-20:3.2.2+debian0-2+lenny30:1.3.3a-6squeeze10:5.3.3-7+squeeze10:5.2.6.dfsg.1-1+lenny100:4.72-6+squeeze20:6.0.472.63~r59945-5+squeeze30:1:9.6.ESV.R4+dfsg-0+lenny20:1:9.7.3.dfsg-1~squeeze20:2.0.11-60:2.4.9+dfsg1-3+squeeze10:1.2.2-2+squeeze10:1.4.12.1+dfsg-40:1.4.7.dfsg1-6+lenny40:2.2.13-9.10:2.2.13-5+lenny30:1.2.14-1+squeeze10:1.2.9-5+lenny10:3.3.7-60:20100208+debian1-1+squeeze10:1.3-2+squeeze10:1.1.3-1squeeze30:1.5.1dfsg1-70:1.6.12dfsg-60:0.36.2-3+squeeze10:3.5.16-70:0.1.5-1squeeze10:0.999926-1+squeeze10:0.12.5+dfsg-5+squeeze20:0.7.1-4+squeeze10:0.6.3-2+lenny10:1.6.1.1-5+squeeze10:2.6.32.dfsg-5+lenny40:2.7.8.dfsg-2+squeeze10:2.2.13-14+lenny40:2.2.13-19+squeeze10:0.8.3-5+squeeze10:0.9.4-1+squeeze10:1.2.27-2+lenny50:1.2.44-1+squeeze10:0.6.27-2+squeeze10:0.6.23-3lenny30:1.2.6-2+squeeze10:1.0.4-4+lenny80:1.4.0-3+lenny30:1.5.1-3+squeeze10:0.99.17-2+squeeze20:0.99.10-1lenny50:1.6.2.9-2+squeeze10:1.4.21.2~dfsg-3+lenny20:0.12.5+dfsg-5+squeeze40:1.2.3-3+squeeze10:4:2.11.8.1-5+lenny80:4:3.3.7-50:1:2.1.13-50:5.3.3-7+squeeze30:5.2.6.dfsg.1-1+lenny120:1.2.7-0+squeeze10:1.9.9.dfsg2-2.1+squeeze10:0.999926-1+squeeze20:1.5.4-2+squeeze10:3.20100815.7-00:0.9.15-1+squeeze10:0.7.6-1+lenny10:1.0.2-3+lenny140:1.2.11-6+squeeze20:4.72-6+squeeze10:4.1.1-P1-15+squeeze25.0Debian GNU/LinuxDebian GNU/kFreeBSD6.00:1.1.3-1squeeze40:0.8.6.h-4+lenny3