Debian 5.3 2008-11-19T19:33:09.188-04:00 Debian GNU/Linux 3.1 proftpd What information can i put there? 2007-01-07 Martin Loewer discovered that the proftpd FTP daemon is vulnerable to denial of service if the addon module for Radius authentication is enabled. Debian GNU/Linux 3.1 openoffice.org What information can i put there? 2007-01-08 John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code. Debian GNU/Linux 3.1 libapache-mod-auth-kerb What information can i put there? 2007-01-08 An off-by-one error leading to a heap-based buffer overflow has been identified in libapache-mod-auth-kerb, an Apache module for Kerberos authentication. The error could allow an attacker to trigger an application crash or potentially execute arbitrary code by sending a specially crafted kerberos message. Debian GNU/Linux 3.1 libsoup What information can i put there? 2007-01-12 Roland Lezuo and Josselin Mouette discovered that the libsoup HTTP library performs insufficient sanitising when parsing HTTP headers, which might lead to denial of service. Debian GNU/Linux 3.1 xfree86 What information can i put there? 2007-01-15 Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: Sean Larsson discovered an integer overflow in the Render extension, which might lead to denial of service or local privilege escalation. Sean Larsson discovered an integer overflow in the DBE extension, which might lead to denial of service or local privilege escalation. Sean Larsson discovered an integer overflow in the DBE extension, which might lead to denial of service or local privilege escalation. Debian GNU/Linux 3.1 cacti What information can i put there? 2007-01-17 It was discovered that cacti, a frontend to rrdtool, performs insufficient validation of data passed to the <q>cmd</q> script, which allows SQL injection and the execution of arbitrary shell commands. Debian GNU/Linux 3.1 netrik What information can i put there? 2007-01-21 It has been discovered that netrik, a text mode WWW browser with vi like keybindings, doesn't properly sanitize temporary filenames when editing textareas which could allow attackers to execute arbitrary commands via shell metacharacters. Debian GNU/Linux 3.1 vlc What information can i put there? 2007-01-27 Kevin Finisterre discovered several format string problems in vlc, a multimedia player and streamer, that could lead to the execution of arbitrary code. Debian GNU/Linux 3.1 mozilla-firefox What information can i put there? 2007-01-27 Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68] "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. [MFSA 2006-70] Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. [MFSA 2006-71] "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code. [MFSA 2006-72] Debian GNU/Linux 3.1 bind9 What information can i put there? 2007-01-27 It was discovered that the Bind name server daemon is vulnerable to denial of service by triggering an assertion through a crafted DNS query. This only affects installations which use the DNSSEC extentions. Debian GNU/Linux 3.1 libgtop2 What information can i put there? 2007-01-31 Liu Qishuai discovered that the GNOME gtop library performs insufficient sanitising when parsing the system's /proc table, which may lead to the execution of arbitrary code. Debian GNU/Linux 3.1 gtk+2.0 What information can i put there? 2007-01-31 It was discovered that the image loading code in the GTK+ graphical user interface library performs insufficient error handling when loading malformed images, which may lead to denial of service. Debian GNU/Linux 3.1 samba What information can i put there? 2007-02-05 Several remote vulnerabilities have been discovered in samba, a free implementation of the SMB/CIFS protocol, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that incorrect handling of deferred file open calls may lead to an infinite loop, which results in denial of service. "zybadawg333" discovered that the AFS ACL mapping VFS plugin performs insecure format string handling, which may lead to the execution of arbitrary code. Debian GNU/Linux 3.1 mozilla-thunderbird What information can i put there? 2007-02-07 Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68] "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. [MFSA 2006-70] Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. [MFSA 2006-71] "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code. [MFSA 2006-72] Debian GNU/Linux 3.1 fetchmail What information can i put there? 2007-02-14 Isaac Wilcox discovered that fetchmail, a popular mail retrieval and forwarding utility, insufficiently enforces encryption of connections, which might lead to information disclosure. Debian GNU/Linux 3.1 imagemagick What information can i put there? 2007-02-14 Vladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective. To avoid confusion a new CVE ID has been assigned; the original issue was tracked as <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456">CVE-2006-5456</a>. Debian GNU/Linux 3.1 postgresql What information can i put there? 2007-02-15 It was discovered that the PostgreSQL database performs insufficient type checking for SQL function arguments, which might lead to denial of service or information disclosure. Debian GNU/Linux 3.1 gnomemeeting What information can i put there? 2007-03-04 <q>Mu Security</q> discovered that a format string vulnerability in the VoIP solution GnomeMeeting allows the execution of arbitrary code. Debian GNU/Linux 3.1 clamav What information can i put there? 2007-03-06 Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that malformed CAB archives may exhaust file descriptors, which allows denial of service. It was discovered that a directory traversal vulnerability in the MIME header parser may lead to denial of service. Debian GNU/Linux 3.1 php4 What information can i put there? 2007-03-07 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that an integer overflow in the str_replace() function could lead to the execution of arbitrary code. It was discovered that a buffer underflow in the sapi_header_op() function could crash the PHP interpreter. Stefan Esser discovered that a programming error in the wddx extension allows information disclosure. It was discovered that a format string vulnerability in the odbc_result_all() functions allows the execution of arbitrary code. It was discovered that super-global variables could be overwritten with session data. Stefan Esser discovered that the zend_hash_init() function could be tricked into an endless loop, allowing denial of service through resource consumption until a timeout is triggered. Debian GNU/Linux 3.1 mozilla What information can i put there? 2007-03-10 Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68] <q>shutdown</q> discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. [MFSA 2006-70] Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. [MFSA 2006-71] <q>moz_bug_r_a4</q> reported that the src attribute of an IMG element could be used to inject JavaScript code. [MFSA 2006-72] Georgi Guninski discovered several heap-based buffer overflows that allow remote attackers to execute arbitrary code. [MFSA 2006-74] Debian GNU/Linux 3.1 gnupg What information can i put there? 2007-03-13 Gerardo Richarte discovered that GnuPG, a free PGP replacement, provides insufficient user feedback if an OpenPGP message contains both unsigned and signed portions. Inserting text segments into an otherwise signed message could be exploited to forge the content of signed messages. This update prevents such attacks; the old behaviour can still be activated by passing the --allow-multiple-messages option. Debian GNU/Linux 3.1 webcalendar What information can i put there? 2007-03-15 It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion. Debian GNU/Linux 3.1 libwpd What information can i put there? 2007-03-17 iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents. Attackers were able to exploit these with carefully crafted Word Perfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. Debian GNU/Linux 3.1 lookup-el What information can i put there? 2007-03-18 Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. Debian GNU/Linux 3.1 openoffice.org What information can i put there? Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems: iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents that is included in OpenOffice.org. Attackers are able to exploit these with carefully crafted WordPerfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. Next Generation Security discovered that the StarCalc parser in OpenOffice.org contains an easily exploitable stack overflow that could be used by a specially crafted document to execute arbitrary code. It has been reported that OpenOffice.org does not escape shell meta characters and is hence vulnerable to execute arbitrary shell commands via a specially crafted document after the user clicked to a prepared link. This updated advisory only provides packages for the upcoming etch release alias Debian GNU/Linux 4.0. Debian GNU/Linux 3.1 openafs What information can i put there? 2007-03-20 A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian. OpenAFS historically has enabled setuid filesystem support for the local cell. However, with its existing protocol, OpenAFS can only use encryption, and therefore integrity protection, if the user is authenticated. Unauthenticated access doesn't do integrity protection. The practical result is that it's possible for an attacker with knowledge of AFS to forge an AFS FetchStatus call and make an arbitrary binary file appear to an AFS client host to be setuid. If they can then arrange for that binary to be executed, they will be able to achieve privilege escalation. OpenAFS 1.3.81-3sarge2 changes the default behavior to disable setuid files globally, including the local cell. It is important to note that this change will not take effect until the AFS kernel module, built from the openafs-modules-source package, is rebuilt and loaded into your kernel. As a temporary workaround until the kernel module can be reloaded, setuid support can be manually disabled for the local cell by running the following command as root Following the application of this update, if you are certain there is no security risk of an attacker forging AFS fileserver responses, you can re-enable setuid status selectively with the following command, however this should not be done on sites that are visible to the Internet Debian GNU/Linux 3.1 tcpdump What information can i put there? 2007-03-22 Moritz Jodeit discovered an off-by-one buffer overflow in tcpdump, a powerful tool for network monitoring and data acquisition, which allows denial of service. Debian GNU/Linux 3.1 nas What information can i put there? 2007-03-27 Several vulnerabilities have been discovered in nas, the Network Audio System. A stack-based buffer overflow in the accept_att_local function in server/os/connection.c in nas allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. An integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. The AddResource function in server/dia/resource.c allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. An array index error allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. The ReadRequestFromClient function in server/os/io.c allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference. Debian GNU/Linux 3.1 file What information can i put there? 2007-04-02 An integer underflow bug has been found in the file_printf function in file, a tool to determine file types based analysis of file content. The bug could allow an attacker to execute arbitrary code by inducing a local user to examine a specially crafted file that triggers a buffer overflow. Debian GNU/Linux 3.1 zope2.7 What information can i put there? 2007-04-02 A cross-site scripting vulnerability in zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser. This code would run within the security context of the web browser, potentially allowing the attacker to access private data such as authentication cookies, or to affect the rendering or behavior of zope web pages. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 krb5 What information can i put there? 2007-04-03 Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the krb5 telnet daemon performs insufficient validation of usernames, which might allow unauthorized logins or privilege escalation. iDefense discovered that a buffer overflow in the logging code of the KDC and the administration daemon might lead to arbitrary code execution. It was discovered that a double free in the RPCSEC_GSS part of the GSS library code might lead to arbitrary code execution. Debian GNU/Linux 3.1 xmms What information can i put there? 2007-04-04 Multiple errors have been found in the skin handling routines in xmms, the X Multimedia System. These vulnerabilities could allow an attacker to run arbitrary code as the user running xmms by inducing the victim to load specially crafted interface skin files. Debian GNU/Linux 3.1 man-db What information can i put there? 2007-04-06 A buffer overflow has been discovered in the man command that could allow an attacker to execute code as the man user by providing specially crafted arguments to the -H flag. This is likely to be an issue only on machines with the man and mandb programs installed setuid. Debian GNU/Linux 3.1 webcalendar What information can i put there? 2007-04-22 It was discovered that WebCalendar, a PHP-based calendar application, performs insufficient sanitising in the exports handler, which allows injection of web script. Debian GNU/Linux 4.0 aircrack-ng What information can i put there? 2007-04-24 It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs insufficient validation of 802.11 authentication packets, which allows the execution of arbitrary code. The oldstable distribution (sarge) doesn't contain aircrack-ng packages. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 clamav What information can i put there? 2007-04-25 Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that a file descriptor leak in the CHM handler may lead to denial of service. It was discovered that a buffer overflow in the CAB handler may lead to the execution of arbitrary code. It was discovered that a file descriptor leak in the PDF handler may lead to denial of service. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 php4 What information can i put there? 2007-04-26 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286">CVE-2007-1286</a> Stefan Esser discovered an overflow in the object reference handling code of the unserialize() function, which allows the execution of arbitrary code if malformed input is passed from an application. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1380">CVE-2007-1380</a> Stefan Esser discovered that the session handler performs insufficient validation of variable name length values, which allows information disclosure through a heap information leak. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521">CVE-2007-1521</a> Stefan Esser discovered a double free vulnerability in the session_regenerate_id() function, which allows the execution of arbitrary code. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711">CVE-2007-1711</a> Stefan Esser discovered a double free vulnerability in the session management code, which allows the execution of arbitrary code. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718">CVE-2007-1718</a> Stefan Esser discovered that the mail() function performs insufficient validation of folded mail headers, which allows mail header injection. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1777">CVE-2007-1777</a> Stefan Esser discovered that the extension to handle ZIP archives performs insufficient length checks, which allows the execution of arbitrary code. Debian GNU/Linux 4.0 php5 What information can i put there? 2007-04-29 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286">CVE-2007-1286</a> Stefan Esser discovered an overflow in the object reference handling code of the unserialize() function, which allows the execution of arbitrary code if malformed input is passed from an application. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1375">CVE-2007-1375</a> Stefan Esser discovered that an integer overflow in the substr_compare() function allows information disclosure of heap memory. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1376">CVE-2007-1376</a> Stefan Esser discovered that insufficient validation of shared memory functions allows the disclosure of heap memory. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1380">CVE-2007-1380</a> Stefan Esser discovered that the session handler performs insufficient validation of variable name length values, which allows information disclosure through a heap information leak. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1453">CVE-2007-1453</a> Stefan Esser discovered that the filtering framework performs insufficient input validation, which allows the execution of arbitrary code through a buffer underflow. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1454">CVE-2007-1454</a> Stefan Esser discovered that the filtering framework can be bypassed with a special whitespace character. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521">CVE-2007-1521</a> Stefan Esser discovered a double free vulnerability in the session_regenerate_id() function, which allows the execution of arbitrary code. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583">CVE-2007-1583</a> Stefan Esser discovered that a programming error in the mb_parse_str() function allows the activation of <q>register_globals</q>. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1700">CVE-2007-1700</a> Stefan Esser discovered that the session extension incorrectly maintains the reference count of session variables, which allows the execution of arbitrary code. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711">CVE-2007-1711</a> Stefan Esser discovered a double free vulnerability in the session management code, which allows the execution of arbitrary code. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718">CVE-2007-1718</a> Stefan Esser discovered that the mail() function performs insufficient validation of folded mail headers, which allows mail header injection. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1777">CVE-2007-1777</a> Stefan Esser discovered that the extension to handle ZIP archives performs insufficient length checks, which allows the execution of arbitrary code. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1824">CVE-2007-1824</a> Stefan Esser discovered an off-by-one error in the filtering framework, which allows the execution of arbitrary code. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1887">CVE-2007-1887</a> Stefan Esser discovered that a buffer overflow in the sqlite extension allows the execution of arbitrary code. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1889">CVE-2007-1889</a> Stefan Esser discovered that the PHP memory manager performs an incorrect type cast, which allows the execution of arbitrary code through buffer overflows. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900">CVE-2007-1900</a> Stefan Esser discovered that incorrect validation in the email filter extension allows the injection of mail headers. The oldstable distribution (sarge) doesn't include php5. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 qemu What information can i put there? 2007-05-01 Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: Tavis Ormandy discovered that a memory management routine of the Cirrus video driver performs insufficient bounds checking, which might allow the execution of arbitrary code through a heap overflow. Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. Tavis Ormandy discovered that the <q>icebp</q> instruction can be abused to terminate the emulation, resulting in denial of service. Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. Tavis Ormandy discovered that the <q>aam</q> instruction can be abused to crash qemu through a division by zero, resulting in denial of service. Debian GNU/Linux 4.0 wordpress What information can i put there? 2007-05-01 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to <q>publish a previously saved post.</q> Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. SQL injection vulnerability in xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. Debian GNU/Linux 4.0 linux-2.6 What information can i put there? 2007-05-02 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Daniel Roethlisberger discovered two buffer overflows in the cm4040 driver for the Omnikey CardMan 4040 device. A local user or malicious device could exploit this to execute arbitrary code in kernel space. Santosh Eraniose reported a vulnerability that allows local users to read otherwise unreadable files by triggering a core dump while using PT_INTERP. This is related to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073">CVE-2004-1073</a>. Jean Delvare reported a vulnerability in the appletalk subsystem. Systems with the appletalk module loaded can be triggered to crash by other systems on the local network via a malformed frame. Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). This problem has been fixed in the stable distribution in version 2.6.18.dfsg.1-12etch1. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Updated packages for the mips and mipsel architectures are not yet available. They will be provided later. Debian GNU/Linux 3.1 ldap-account-manager What information can i put there? 2007-05-07 Two vulnerabilities have been identified in the version of ldap-account-manager shipped with Debian 3.1 (sarge). An untrusted PATH vulnerability could allow a local attacker to execute arbitrary code with elevated privileges by providing a malicious rm executable and specifying a PATH environment variable referencing this executable. Improper escaping of HTML content could allow an attacker to execute a cross-site scripting attack (XSS) and execute arbitrary code in the victim's browser in the security context of the affected web site. Debian GNU/Linux 4.0 pptpd What information can i put there? 2007-05-08 It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service. The oldstable distribution (sarge) is not affected by this problem. Debian GNU/Linux 4.0 linux-2.6 What information can i put there? 2007-05-13 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Michal Miroslaw reported a DoS vulnerability (crash) in netfilter. A remote attacker can cause a NULL pointer dereference in the nfnetlink_log function. Patrick McHardy reported an vulnerability in netfilter that may allow attackers to bypass certain firewall rules. The nfctinfo value of reassembled IPv6 packet fragments were incorrectly initialized to 0 which allowed these packets to become tracked as ESTABLISHED. Jaco Kroon reported a bug in which NETLINK_FIB_LOOKUP packages were incorrectly routed back to the kernel resulting in an infinite recursion condition. Local users can exploit this behavior to cause a DoS (crash). Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 squirrelmail What information can i put there? 2007-05-13 It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages. Debian GNU/Linux 4.0 samba What information can i put there? 2007-05-15 Several issues have been identified in Samba, the SMB/CIFS file- and print-server implementation for GNU/Linux. When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol operations as the root user. This window of opportunity may allow the attacker to establish addition means of gaining root access to the server. Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data. Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution. Debian GNU/Linux 4.0 qt4-x11 What information can i put there? 2007-05-15 Andreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 quagga What information can i put there? 2007-05-17 Paul Jakma discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon. Debian GNU/Linux 3.1 xfree86 What information can i put there? 2007-05-17 Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Sean Larsson discovered an integer overflow in the XC-MISC extension, which might lead to denial of service or local privilege escalation. Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation. Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation. Sami Leides discovered an integer overflow in the libx11 library which might lead to the execution of arbitrary code. This update introduces tighter sanity checking of input passed to XCreateImage(). To cope with this an updated rdesktop package is delivered along with this security update. Another application reported to break is the proprietary Opera browser, which isn't part of Debian. The vendor has released updated packages, though. Debian GNU/Linux 4.0 php5 What information can i put there? 2007-05-19 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that missing input sanitising inside the ftp extension permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server. It was discovered that a buffer overflow in the SOAP extension permits the execution of arbitrary code. The oldstable distribution (sarge) doesn't include php5. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 php4 What information can i put there? 2007-05-21 It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server. Debian GNU/Linux 4.0 gforge-plugin-scmcvs What information can i put there? 2007-05-24 Bernhard R. Link discovered that the CVS browsing interface of Gforge, a collaborative development tool, performs insufficient escaping of URLs, which allows the execution of arbitrary shell commands with the privileges of the www-data user. The oldstable distribution (sarge) is not affected by this problem. Debian GNU/Linux 4.0 otrs2 What information can i put there? 2007-05-28 It was discovered that the Open Ticket Request System performs insufficient input sanitising for the Subaction parameter, which allows the injection of arbitrary web script code. The oldstable distribution (sarge) doesn't include otrs2. Debian GNU/Linux 4.0 ipsec-tools What information can i put there? 2007-06-07 It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. The oldstable distribution (sarge) isn't affected by this problem. Debian GNU/Linux 4.0 iceape What information can i put there? 2007-06-07 Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: Nicolas Derouet discovered that Iceape performs insufficient validation of cookies, which could lead to denial of service. Gatan Leurent discovered a cryptographical weakness in APOP authentication, which reduces the required efforts for an MITM attack to intercept a password. The update enforces stricter validation, which prevents this attack. Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. Brendan Eich, Igor Bukanov, Jesse Ruderman, <q>moz_bug_r_a4</q> and Wladimir Palant discovered crashes in the javascript engine, which might allow the execution of arbitrary code. <q>moz_bug_r_a4</q> discovered that adding an event listener through the addEventListener() function allows cross-site scripting. Chris Thomas discovered that XUL popups can be abused for spoofing or phishing attacks. Fixes for the oldstable distribution (sarge) are not available. While there will be another round of security updates for Mozilla products, Debian doesn't have the resources to backport further security fixes to the old Mozilla products. You're strongly encouraged to upgrade to stable as soon as possible. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 gimp What information can i put there? 2007-06-09 A buffer overflow has been identified in Gimp's SUNRAS plugin in versions prior to 2.2.15. This bug could allow an attacker to execute arbitrary code on the victim's computer by inducing the victim to open a specially crafted RAS file. Debian GNU/Linux 4.0 freetype What information can i put there? 2007-06-10 A problem was discovered in freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files. Debian GNU/Linux 4.0 lighttpd What information can i put there? 2007-06-10 Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: Remote attackers could cause denial of service by disconnecting partway through making a request. A NULL pointer dereference could cause a crash when serving files with a mtime of 0. Debian GNU/Linux 3.1 kernel-source-2.6.8 What information can i put there? 2007-06-16 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6060">CVE-2006-6060</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6106">CVE-2006-6106</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6535">CVE-2006-6535</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0958">CVE-2007-0958</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1357">CVE-2007-1357</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1592">CVE-2007-1592</a> Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. This update also fixes a regression in the smbfs subsystem which was introduced in DSA-1233 which caused symlinks to be interpreted as regular files. The Common Vulnerabilities and Exposures project identifies the following problems: David Gibson reported an issue in the hugepage code which could permit a local DoS (system crash) on appropriately configured systems. Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling. Ang Way Chuang reported a remote DoS (crash) in the dvb driver which can be triggered by a ULE package with an SNDU length of 0. Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad. Darrick Wong discovered a local DoS (crash) vulnerability resulting from the incorrect initialization of <q>nr_pages</q> in aio_setup_ring(). LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted iso9660 filesystem. LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem. LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted hfs filesystem on systems with SELinux hooks enabled (Debian does not enable SELinux by default). LMH reported a potential local DoS (infinite loop) which could be exploited by a malicious user with the privileges to mount and read a corrupted NTFS filesystem. Marcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitrary code. Kostantin Khorenko discovered an invalid error path in dev_queue_xmit() which could be exploited by a local user to cause data corruption. Santosh Eraniose reported a vulnerability that allows local users to read otherwise unreadable files by triggering a core dump while using PT_INTERP. This is related to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073">CVE-2004-1073</a>. Jean Delvare reported a vulnerability in the appletalk subsystem. Systems with the appletalk module loaded can be triggered to crash by other systems on the local network via a malformed frame. Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). The following matrix explains which kernel version for which architecture fix the problems mentioned above: We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Debian GNU/Linux 4.0 icedove What information can i put there? 2007-06-13 Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems: Gatan Leurent discovered a cryptographical weakness in APOP authentication, which reduces the required efforts for an MITM attack to intercept a password. The update enforces stricter validation, which prevents this attack. Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. Brendan Eich, Igor Bukanov, Jesse Ruderman, <q>moz_bug_r_a4</q> and Wladimir Palant discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Generally, enabling Javascript in Icedove is not recommended. Fixes for the oldstable distribution (sarge) are not available. While there will be another round of security updates for Mozilla products, Debian doesn't have the resources to backport further security fixes to the old Mozilla products. You're strongly encouraged to upgrade to stable as soon as possible. Debian GNU/Linux 4.0 xulrunner What information can i put there? 2007-06-12 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Nicolas Derouet discovered that Xulrunner performs insufficient validation of cookies, which could lead to denial of service. Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. Brendan Eich, Igor Bukanov, Jesse Ruderman, <q>moz_bug_r_a4</q> and Wladimir Palant discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. <q>Marcel</q> discovered that malicous web sites can cause massive resource consumption through the auto completion feature, resulting in denial of service. <q>moz_bug_r_a4</q> discovered that adding an event listener through the <code>addEventListener()</code> function allows cross-site scripting. Chris Thomas discovered that XUL popups can be abused for spoofing or phishing attacks. The oldstable distribution (sarge) doesn't include xulrunner. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 openoffice.org What information can i put there? 2007-06-12 John Heasman discovered a heap overflow in the routines of OpenOffice.org that parse RTF files. A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code. Debian GNU/Linux 4.0 iceweasel What information can i put there? 2007-06-14 Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Nicolas Derouet discovered that Iceweasel performs insufficient validation of cookies, which could lead to denial of service. Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. Brendan Eich, Igor Bukanov, Jesse Ruderman, <q>moz_bug_r_a4</q> and Wladimir Palant discovered crashes in the javascript engine, which might allow the execution of arbitrary code. <q>Marcel</q> discovered that malicous web sites can cause massive resource consumption through the auto completion feature, resulting in denial of service. <q>moz_bug_r_a4</q> discovered that adding an event listener through the <code>addEventListener()</code> function allows cross-site scripting. Chris Thomas discovered that XUL popups can be abused for spoofing or phishing attacks. Fixes for the oldstable distribution (sarge) are not available. While there will be another round of security updates for Mozilla products, Debian doesn't have the resources to backport further security fixes to the old Mozilla products. You're strongly encouraged to upgrade to stable as soon as possible. Debian GNU/Linux 4.0 postgresql-8.1 What information can i put there? 2007-06-16 It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statements, so called <q>security definers</q>, which could lead to SQL privilege escalation. The oldstable distribution (sarge) doesn't contain PostgreSQL 8.1. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 libexif What information can i put there? 2007-06-16 A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 postgresql-7.4 What information can i put there? 2007-06-17 It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statement called <q>security definers</q>, which could lead to SQL privilege escalation. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 libapache-mod-jk What information can i put there? 2007-06-18 It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure. Debian GNU/Linux 4.0 mplayer What information can i put there? 2007-06-19 Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer movie player performs insufficient boundary checks when accessing CDDB data, which might lead to the execution of arbitrary code. The oldstable distribution (sarge) doesn't include MPlayer packages. Debian GNU/Linux 4.0 open-iscsi What information can i put there? 2007-06-19 Several local and remote vulnerabilities have been discovered in open-iscsi, a transport-independent iSCSI implementation. The Common Vulnerabilities and Exposures project identifies the following problems: Olaf Kirch discovered that due to a programming error access to the management interface socket was insufficiently protected, which allows denial of service. Olaf Kirch discovered that access to a semaphore used in the logging code was insufficiently protected, allowing denial of service. The oldstable distribution (sarge) doesn't include open-iscsi. Debian GNU/Linux 4.0 libphp-phpmailer What information can i put there? 2007-06-21 Thor Larholm discovered that libphp-phpmailer, an email transfer class for PHP, performs insufficient input validition if configured to use Sendmail. This allows the execution of arbitrary shell commands. The oldstable distribution (sarge) doesn't include libphp-phpmailer. Debian GNU/Linux 4.0 emacs21 What information can i put there? 2007-06-21 It has been discovered that emacs, the GNU Emacs editor, will crash when processing certain types of images. Debian GNU/Linux 4.0 tinymux What information can i put there? 2007-06-23 duskwave discovered that tinymux, a text-based multi-user virtual world server, performs insufficient boundary checks when working with user-supplied data, which might lead to the execution of arbitrary code. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 ekg What information can i put there? 2007-06-22 Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that memory alignment errors may allow remote attackers to cause a denial of service on certain architectures such as sparc. This only affects Debian Sarge. It was discovered that several endianess errors may allow remote attackers to cause a denial of service. This only affects Debian Sarge. It was discovered that a memory leak in handling image messages may lead to denial of service. This only affects Debian Etch. It was discovered that a null pointer deference in the token OCR code may lead to denial of service. This only affects Debian Etch. It was discovered that a memory leak in the token OCR code may lead to denial of service. This only affects Debian Etch. Debian GNU/Linux 4.0 maradns What information can i put there? 2007-06-23 Several remote vulnerabilities have been discovered in MaraDNS, a simple security-aware Domain Name Service server. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service. It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service. It was discovered that malformed DNS requests can trigger memory leaks, allowing denial of service. The oldstable distribution (sarge) is not affected by these problems. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 clamav What information can i put there? 2007-06-23 Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. It was discovered that the NsPack decompression code performed insufficient sanitising on an internal length variable, resulting in a potential buffer overflow. It was discovered that temporary files were created with insecure permissions, resulting in information disclosure. It was discovered that the decompression code for RAR archives allows bypassing a scan of a RAR archive due to insufficient validity checks. It was discovered that the decompression code for RAR archives performs insufficient validation of header values, resulting in a buffer overflow. Debian GNU/Linux 4.0 evolution-data-server What information can i put there? 2007-06-23 It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code. Debian GNU/Linux 4.0 wireshark What information can i put there? 2007-06-27 Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: Off-by-one overflows were discovered in the iSeries dissector. The MMS and SSL dissectors could be forced into an infinite loop. An off-by-one overflow was discovered in the DHCP/BOOTP dissector. The oldstable distribution (sarge) is not affected by these problems. (In Sarge Wireshark used to be called Ethereal). Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 krb5 What information can i put there? 2007-06-28 Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Wei Wang discovered that the free of an uninitialised pointer in the Kerberos RPC library may lead to the execution of arbitrary code. Wei Wang discovered that insufficient input sanitising in the Kerberos RPC library may lead to the execution of arbitrary code. It was discovered that a buffer overflow in the Kerberos administration daemon may lead to the execution of arbitrary code. Debian GNU/Linux 4.0 hiki What information can i put there? 2007-06-28 Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 evolution What information can i put there? 2007-06-29 Several remote vulnerabilities have been discovered in Evolution, a groupware suite with mail client and organizer. The Common Vulnerabilities and Exposures project identifies the following problems: Ulf Härnhammar discovered that a format string vulnerability in the handling of shared calendars may allow the execution of arbitrary code. It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code. Debian GNU/Linux 4.0 fireflier-server What information can i put there? 2007-07-01 Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitrary files from the local system. Debian GNU/Linux 4.0 gsambad What information can i put there? 2007-07-01 Steve Kemp from the Debian Security Audit project discovered that gsambad, a GTK+ configuration tool for samba, uses temporary files in an unsafe manner which may be exploited to truncate arbitrary files from the local system. Debian GNU/Linux 4.0 unicon-imc2 What information can i put there? 2007-07-01 Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitrary code. Debian GNU/Linux 4.0 php5 What information can i put there? 2007-07-07 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Stefan Esser discovered that a buffer overflow in the zip extension allows the execution of arbitrary code. It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code. The oldstable distribution (sarge) doesn't include php5. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 php4 What information can i put there? 2007-07-07 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Stefan Esser discovered HTTP response splitting vulnerabilities in the session extension. This only affects Debian 3.1 (Sarge). Stefan Esser discovered that an integer overflow in memory allocation routines allows the bypass of memory limit restrictions. This only affects Debian 3.1 (Sarge) on 64 bit architectures. It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 vlc What information can i put there? 2007-07-09 Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: David Thiel discovered that several format string vulnerabilities may lead to the execution of arbitrary code. David Thiel discovered an integer overflow in the WAV processing code. This update also fixes several crashes, which can be triggered through malformed media files. Debian GNU/Linux 4.0 libcurl3-gnutls What information can i put there? 2007-07-18 It has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 gimp What information can i put there? 2007-07-18 Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. Stefan Cornelius discovered an integer overflow in the processing code for PSD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. Debian GNU/Linux 3.1 mozilla-firefox What information can i put there? 2007-07-22 Several remote vulnerabilities have been discovered in Mozilla Firefox. This will be the last security update of Mozilla-based products for the oldstable (sarge) distribution of Debian. We recommend to upgrade to stable (etch) as soon as possible. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: It was discovered that an integer overflow in text/enhanced message parsing allows the execution of arbitrary code. It was discovered that a regression in the Javascript engine allows the execution of Javascript with elevated privileges. It was discovered that incorrect parsing of invalid HTML characters allows the bypass of content filters. It was discovered that insecure child frame handling allows cross-site scripting. It was discovered that Firefox handles URI with a null byte in the hostname insecurely. It was discovered that a buffer overflow in the NSS code allows the execution of arbitrary code. It was discovered that a buffer overflow in the NSS code allows the execution of arbitrary code. It was discovered that multiple programming errors in the layout engine allow the execution of arbitrary code. It was discovered that the page cache calculates hashes in an insecure manner. It was discovered that the password manager allows the disclosure of passwords. Debian GNU/Linux 4.0 xulrunner What information can i put there? 2007-07-22 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the javascript engine, which might allow the execution of arbitrary code. <q>moz_bug_r_a4</q> discovered that the addEventListener() and setTimeout() functions allow cross-site scripting. <q>moz_bug_r_a4</q> discovered that a programming error in event handling allows privilege escalation. <q>shutdown</q> and <q>moz_bug_r_a4</q> discovered that the XPCNativeWrapper allows the execution of arbitrary code. The oldstable distribution (sarge) doesn't include xulrunner. Debian GNU/Linux 4.0 iceweasel What information can i put there? 2007-07-23 Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the javascript engine, which might allow the execution of arbitrary code. <q>moz_bug_r_a4</q> discovered that the addEventListener() and setTimeout() functions allow cross-site scripting. <q>moz_bug_r_a4</q> discovered that a programming error in event handling allows privilege escalation. <q>shutdown</q> and <q>moz_bug_r_a4</q> discovered that the XPCNativeWrapper allows the execution of arbitrary code. The Mozilla products in the oldstable distribution (sarge) are no longer supported with security updates. You're strongly encouraged to upgrade to stable as soon as possible. Debian GNU/Linux 4.0 iceape What information can i put there? 2007-07-23 Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the javascript engine, which might allow the execution of arbitrary code. <q>moz_bug_r_a4</q> discovered that the addEventListener() and setTimeout() functions allow cross-site scripting. <q>moz_bug_r_a4</q> discovered that a programming error in event handling allows privilege escalation. <q>shutdown</q> and <q>moz_bug_r_a4</q> discovered that the XPCNativeWrapper allows the execution of arbitrary code. The Mozilla products in the oldstable distribution (sarge) are no longer supported with security updates. You're strongly encouraged to upgrade to stable as soon as possible. Debian GNU/Linux 4.0 clamav What information can i put there? 2007-07-24 A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives. We are currently unable to provide fixed packages for the MIPS architectures. Those packages will be installed in the security archive when they become available. The old stable distribution (sarge) is not affected by this problem. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 bind9 What information can i put there? 2007-07-25 This update provides fixed packages for the oldstable distribution (sarge). For reference the original advisory text: Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks. Debian GNU/Linux 4.0 xfs What information can i put there? 2007-07-30 It was discovered that a race condition in the init.d script of the X Font Server allows the modification of file permissions of arbitrary files if the local administrator can be tricked into restarting the X font server. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 file What information can i put there? 2007-07-31 Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code. Debian GNU/Linux 4.0 iceweasel What information can i put there? 2007-08-03 Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: <q>moz_bug_r_a4</q> discovered that a regression in the handling of <q>about:blank</q> windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The Mozilla products in the oldstable distribution (sarge) are no longer supported with security updates. Debian GNU/Linux 4.0 xulrunner What information can i put there? 2007-08-04 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: <q>moz_bug_r_a4</q> discovered that a regression in the handling of <q>about:blank</q> windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The oldstable distribution (sarge) doesn't include xulrunner. Debian GNU/Linux 4.0 iceape What information can i put there? 2007-08-04 Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: <q>moz_bug_r_a4</q> discovered that a regression in the handling of <q>about:blank</q> windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The Mozilla products in the oldstable distribution (sarge) are no longer supported with security updates. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 xpdf What information can i put there? 2007-08-04 It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. Debian GNU/Linux 4.0 poppler What information can i put there? 2007-08-04 It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. poppler includes a copy of the xpdf code and required an update as well. The oldstable distribution (sarge) doesn't include poppler. Debian GNU/Linux 3.1 libextractor What information can i put there? 2007-08-05 It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. libextractor includes a copy of the xpdf code and required an update as well. Debian GNU/Linux 3.1 tetex-bin What information can i put there? 2007-08-06 It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. tetex-bin includes a copy of the xpdf code and required an update as well. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 bochs What information can i put there? 2007-08-07 Tavis Ormandy discovered that bochs, a highly portable IA-32 PC emulator, is vulnerable to a buffer overflow in the emulated NE2000 network device driver, which may lead to privilege escalation. Debian GNU/Linux 3.1 pdfkit.framework What information can i put there? 2007-08-07 It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. pdfkit.framework includes a copy of the xpdf code and required an update as well. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 tcpdump What information can i put there? 2007-08-11 It was discovered that an integer overflow in the BGP dissector of tcpdump, a powerful tool for network monitoring and data acquisition, may lead to the execution of arbitrary code. Debian GNU/Linux 3.1 gpdf What information can i put there? 2007-08-13 It was discovered that an integer overflow in xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. gpdf includes a copy of the xpdf code and requires an update as well. Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 kdegraphics What information can i put there? 2007-08-13 It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. kpdf includes a copy of the xpdf code and required an update as well. Debian GNU/Linux 4.0 linux-2.6 What information can i put there? 2007-08-15 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following p