rootserverprojekt.de

Package : camlimages
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-2660
Debian Bug : 540146

Tielei Wang discovered that CamlImages, an open source image processing
library, suffers from several integer overflows which may lead to a
potentially exploitable heap overflow and result in arbitrary code
execution. This advisory addresses issues with the reading of JPEG and
GIF Images, while DSA 1832-1 addressed the issue with PNG images.

For the oldstable distribution (etch), this problem has been fixed in
version 2.20-8+etch2.

For the stable distribution (lenny), this problem has been fixed in
version 1:2.2.0-4+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 1:3.0.1-3.


We recommend that you upgrade your camlimages package.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : imagemagick
Vulnerability : multiple
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986
CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097
CVE-2009-1882
Debian Bug : 418057 412945 444267 530838

Several vulnerabilities have been discovered in the imagemagick image
manipulation programs which can lead to the execution of arbitrary code,
exposure of sensitive information or cause DoS. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2007-1667

Multiple integer overflows in XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial of
service (crash) or obtain sensitive information via crafted images with
large or negative values that trigger a buffer overflow. It only affects
the oldstable distribution (etch).

CVE-2007-1797

Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
crafted XWD image. It only affects the oldstable distribution (etch).

CVE-2007-4985

A crafted image file can trigger an infinite loop in the ReadDCMImage
function or in the ReadXCFImage function. It only affects the oldstable
distribution (etch).

CVE-2007-4986

Multiple integer overflows allow context-dependent attackers to execute
arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,
which triggers a heap-based buffer overflow. It only affects the
oldstable distribution (etch).

CVE-2007-4987

Off-by-one error allows context-dependent attackers to execute arbitrary
code via a crafted image file, which triggers the writing of a '\0'
character to an out-of-bounds address. It affects only the oldstable
distribution (etch).

CVE-2007-4988

A sign extension error allows context-dependent attackers to execute
arbitrary code via a crafted width value in an image file, which
triggers an integer overflow and a heap-based buffer overflow. It
affects only the oldstable distribution (etch).

CVE-2008-1096

The load_tile function in the XCF coder allows user-assisted remote
attackers to cause a denial of service or possibly execute arbitrary
code via a crafted .xcf file that triggers an out-of-bounds heap write.
It affects only to oldstable (etch).

CVE-2008-1097

Heap-based buffer overflow in the PCX coder allows user-assisted remote
attackers to cause a denial of service or possibly execute arbitrary
code via a crafted .pcx file that triggers incorrect memory allocation
for the scanline array, leading to memory corruption. It affects only to
oldstable (etch).

CVE-2009-1882

Integer overflow allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted TIFF file,
which triggers a buffer overflow.

For the old stable distribution (etch), these problems have been fixed in
version 7:6.2.4.5.dfsg1-0.15+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 7:6.3.7.9.dfsg2-1~lenny3.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems have been fixed in version
7:6.5.1.0-1.1.

We recommend that you upgrade your imagemagick packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : libxml2
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2009-2416 CVE-2009-2414

Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several
vulnerabilities in libxml2, a library for parsing and handling XML data
files, which can lead to denial of service conditions or possibly arbitrary
code execution in the application using the library. The Common
Vulnerabilities and Exposures project identifies the following problems:

An XML document with specially-crafted Notation or Enumeration attribute
types in a DTD definition leads to the use of a pointers to memory areas
which have already been freed (CVE-2009-2416).

Missing checks for the depth of ELEMENT DTD definitions when parsing
child content can lead to extensive stack-growth due to a function
recursion which can be triggered via a crafted XML document (CVE-2009-2414).


For the oldstable distribution (etch), this problem has been fixed in
version 2.6.27.dfsg-6+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.32.dfsg-5+lenny1.

For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.


We recommend that you upgrade your libxml2 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : ruby1.8, ruby1.9
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0642 CVE-2009-1904

Several vulnerabilities have been discovered in Ruby. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-0642

The return value from the OCSP_basic_verify function was not checked
properly, allowing continued use of a revoked certificate.

CVE-2009-1904

An issue in parsing BigDecimal numbers can result in a
denial-of-service condition (crash).

The following matrix identifies fixed versions:

ruby1.8 ruby1.9
oldstable (etch) 1.8.5-4etch5 1.9.0+20060609-1etch5
stable (lenny) 1.8.7.72-3lenny1 1.9.0.2-9lenny1
unstable (sid) 1.8.7.173-1 (soon)

We recommend that you upgrade your Ruby packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : libxml
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2009-2416 CVE-2009-2414

Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several
vulnerabilities in libxml, a library for parsing and handling XML data
files, which can lead to denial of service conditions or possibly arbitrary
code execution in the application using the library. The Common
Vulnerabilities and Exposures project identifies the following problems:

An XML document with specially-crafted Notation or Enumeration attribute
types in a DTD definition leads to the use of a pointers to memory areas
which have already been freed (CVE-2009-2416).

Missing checks for the depth of ELEMENT DTD definitions when parsing
child content can lead to extensive stack-growth due to a function
recursion which can be triggered via a crafted XML document (CVE-2009-2414).


For the oldstable distribution (etch), this problem has been fixed in
version 1.8.17-14+etch1.

The stable (lenny), testing (squeeze) and unstable (sid) distribution
do not contain libxml anymore but libxml2 for which DSA-1859-1 has been
released.


We recommend that you upgrade your libxml packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : linux-2.6
Vulnerability : privilege escalation
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-2692

A vulnerability has been discovered in the Linux kernel that may lead
to privilege escalation. The Common Vulnerabilities and Exposures project
identifies the following problem:

CVE-2009-2692

Tavis Ormandy and Julien Tinnes discovered an issue with how the
sendpage function is initialized in the proto_ops structure.
Local users can exploit this vulnerability to gain elevated
privileges.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-17lenny2.

For the oldstable distribution (etch), this problem will be fixed in
updates to linux-2.6 and linux-2.6.24.

We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+17lenny2

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Package : linux-2.6.24
Vulnerability : privilege escalation
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-2692

A vulnerability has been discovered in the Linux kernel that may lead
to privilege escalation. The Common Vulnerabilities and Exposures
project identifies the following problem:

CVE-2009-2692

Tavis Ormandy and Julien Tinnes discovered an issue with how the
sendpage function is initialized in the proto_ops structure.
Local users can exploit this vulnerability to gain elevated
privileges.

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.24-6~etchnhalf.8etch3.

We recommend that you upgrade your linux-2.6.24 packages.

Note: Debian 'etch' includes linux kernel packages based upon both the
2.6.18 and 2.6.24 linux releases. All known security issues are
carefully tracked against both packages and both packages will receive
security updates until security support for Debian 'etch'
concludes. However, given the high frequency at which low-severity
security issues are discovered in the kernel and the resource
requirements of doing an update, lower severity 2.6.18 and 2.6.24
updates will typically release in a staggered or "leap-frog" fashion.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : linux-2.6
Vulnerability : denial of service/privilege escalation
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633
CVE-2009-2692

Several vulnerabilities have been discovered in the Linux kernel that
may lead to denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-1385

Neil Horman discovered a missing fix from the e1000 network
driver. A remote user may cause a denial of service by way of a
kernel panic triggered by specially crafted frame sizes.

CVE-2009-1389

Michael Tokarev discovered an issue in the r8169 network driver.
Remote users on the same LAN may cause a denial of service by way
of a kernel panic triggered by receiving a large size frame.

CVE-2009-1630

Frank Filz discovered that local users may be able to execute
files without execute permission when accessed via an nfs4 mount.

CVE-2009-1633

Jeff Layton and Suresh Jayaraman fixed several buffer overflows in
the CIFS filesystem which allow remote servers to cause memory
corruption.

CVE-2009-2692

Tavis Ormandy and Julien Tinnes discovered an issue with how the
sendpage function is initialized in the proto_ops structure.
Local users can exploit this vulnerability to gain elevated
privileges.

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-24etch3.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

The following matrix lists additional source packages that were rebuilt for
compatability with or to take advantage of this update:

Debian 4.0 (etch)
fai-kernels 1.17+etch.24etch3
user-mode-linux 2.6.18-1um-2etch.24etch3

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : kdegraphics
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-0945 CVE-2009-1709
Debian Bugs : 534918 534951

Two security issues have been discovered in kdegraphics, the graphics
apps from the official KDE release. The Common Vulnerabilities and
Exposures project identifies the following problems:


CVE-2009-0945

It was discovered that the KSVG animation element implementation suffers
from a null pointer dereference flaw, which could lead to the execution
of arbitrary code.

CVE-2009-1709

It was discovered that the KSVG animation element implementation is
prone to a use-after-free flaw, which could lead to the execution of
arbitrary code.


For the stable distribution (lenny), these problems have been fixed in
version 4:3.5.9-3+lenny2.

For the oldstable distribution (etch), these problems have been fixed
in version 4:3.5.5-3etch4.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 4:4.0.


We recommend that you upgrade your kdegraphics packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : kdelibs
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687
Debian Bugs : 534952

Several security issues have been discovered in kdelibs, core libraries
from the official KDE release. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-1690

It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.

CVE-2009-1698

It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious
website.

CVE-2009-1687

It was discovered that the JavaScript garbage collector does not handle
allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.


For the stable distribution (lenny), these problems have been fixed in
version 4:3.5.10.dfsg.1-0lenny2.

For the oldstable distribution (etch), these problems have been fixed
in version 4:3.5.5a.dfsg.1-8etch2.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.


We recommend that you upgrade your kdelibs packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : kde4libs
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687
Debian Bugs : 534949

Several security issues have been discovered in kde4libs, core libraries
for all KDE 4 applications. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-1690

It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.

CVE-2009-1698

It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious
website.

CVE-2009-1687

It was discovered that the JavaScript garbage collector does not handle
allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.


For the stable distribution (lenny), these problems have been fixed in
version 4:4.1.0-3+lenny1.

The oldstable distribution (etch) does not contain kde4libs.

For the testing distribution (squeeze), these problems will be fixed
soon.

For the unstable distribution (sid), these problems have been fixed in
version 4:4.3.0-1.


We recommend that you upgrade your kde4libs packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : curl
Vulnerability : insufficient input validation
Problem type : remote
Debian-specific: no
Debian bug : 541991
CVE ID : CVE-2009-2417

It was discovered that curl, a client and library to get files from servers
using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against
SSL/TLS Certificates" recently published at the Blackhat conference. This
allows an attacker to perform undetected man-in-the-middle attacks via a
crafted ITU-T X.509 certificate with an injected null byte in the Common
Name field.


For the oldstable distribution (etch), this problem has been fixed in
version 7.15.5-1etch3.

For the stable distribution (lenny), this problem has been fixed in
version 7.18.2-8lenny3.

For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.


We recommend that you upgrade your curl packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : pidgin
Vulnerability : insufficient input validation
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2694

Federico Muttis discovered that libpurple, the shared library that adds
support for various instant messaging networks to the pidgin IM client, is
vulnerable to a heap-based buffer overflow. This issue exists because of
an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can
exploit this by sending two consecutive SLP packets to a victim via MSN.

The first packet is used to create an SLP message object with an offset of
zero, the second packet then contains a crafted offset which hits the
vulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and
allows an attacker to execute arbitrary code.

Note: Users with the "Allow only the users below" setting are not vulnerable
to this attack. If you can't install the below updates you may want to
set this via Tools->Privacy.


For the stable distribution (lenny), this problem has been fixed in
version 2.4.3-4lenny3.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.5.9-1.

We recommend that you upgrade your pidgin packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Package : wordpress
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2854
CVE-2009-2851 CVE-2009-2853 CVE-2008-1502 CVE-2008-4106
CVE-2008-4769 CVE-2008-4796 CVE-2008-5113
Debian Bugs : 531736 536724 504243 500115 504234 504771


Several vulnerabilities have been discovered in wordpress, weblog
manager. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2008-6762

It was discovered that wordpress is prone to an open redirect
vulnerability which allows remote attackers to conduct phishing atacks.

CVE-2008-6767

It was discovered that remote attackers had the ability to trigger an
application upgrade, which could lead to a denial of service attack.

CVE-2009-2334

It was discovered that wordpress lacks authentication checks in the
plugin configuration, which might leak sensitive information.

CVE-2009-2854

It was discovered that wordpress lacks authentication checks in various
actions, thus allowing remote attackers to produce unauthorised edits or
additions.

CVE-2009-2851

It was discovered that the administrator interface is prone to a
cross-site scripting attack.

CVE-2009-2853

It was discovered that remote attackers can gain privileges via certain
direct requests.

CVE-2008-1502

It was discovered that the _bad_protocol_once function in KSES, as used
by wordpress, allows remote attackers to perform cross-site scripting
attacks.

CVE-2008-4106

It was discovered that wordpress lacks certain checks around user
information, which could be used by attackers to change the password of
a user.

CVE-2008-4769

It was discovered that the get_category_template function is prone to a
directory traversal vulnerability, which could lead to the execution of
arbitrary code.

CVE-2008-4796

It was discovered that the _httpsrequest function in the embedded snoopy
version is prone to the execution of arbitrary commands via shell
metacharacters in https URLs.

CVE-2008-5113

It was discovered that wordpress relies on the REQUEST superglobal array
in certain dangerous situations, which makes it easier to perform
attacks via crafted cookies.


For the stable distribution (lenny), these problems have been fixed in
version 2.5.1-11+lenny1.

For the oldstable distribution (etch), these problems have been fixed in
version 2.0.10-1etch4.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.8.3-1.


We recommend that you upgrade your wordpress packages.



Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : linux-2.6
Vulnerability : denial of service/privilege escalation/information leak
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-2698 CVE-2009-2846 CVE-2009-2847 CVE-2009-2848
CVE-2009-2849

Several vulnerabilities have been discovered in the Linux kernel that
may lead to denial of service, privilege escalation or a leak of
sensitive memory. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-2698

Herbert Xu discovered an issue in the way UDP tracks corking
status that could allow local users to cause a denial of service
(system crash). Tavis Ormandy and Julien Tinnes discovered that
this issue could also be used by local users to gain elevated
privileges.

CVE-2009-2846

Michael Buesch noticed a typing issue in the eisa-eeprom driver
for the hppa architecture. Local users could exploit this issue to
gain access to restricted memory.

CVE-2009-2847

Ulrich Drepper noticed an issue in the do_sigalstack routine on
64-bit systems. This issue allows local users to gain access to
potentially sensitive memory on the kernel stack.

CVE-2009-2848

Eric Dumazet discovered an issue in the execve path, where the
clear_child_tid variable was not being properly cleared. Local
users could exploit this issue to cause a denial of service
(memory corruption).

CVE-2009-2849

Neil Brown discovered an issue in the sysfs interface to md
devices. When md arrays are not active, local users can exploit
this vulnerability to cause a denial of service (oops).

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-24etch4.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.

The following matrix lists additional source packages that were rebuilt for
compatability with or to take advantage of this update:

Debian 4.0 (etch)
fai-kernels 1.17+etch.24etch4
user-mode-linux 2.6.18-1um-2etch.24etch4

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : dhcp3
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0692 CVE-2009-1892
CERT advisory : VU#410676

The previous dhcp3 update (DSA-1833-1) did not properly apply the
required changes to the stable (lenny) version. The old stable (etch)
version is not affected by this problem.

The original advisory description follows.

Several remote vulnerabilities have been discovered in ISC's DHCP
implementation:

It was discovered that dhclient does not properly handle overlong
subnet mask options, leading to a stack-based buffer overflow and
possible arbitrary code execution. (CVE-2009-0692)

Christoph Biedl discovered that the DHCP server may terminate when
receiving certain well-formed DHCP requests, provided that the server
configuration mixes host definitions using "dhcp-client-identifier"
and "hardware ethernet". This vulnerability only affects the lenny
versions of dhcp3-server and dhcp3-server-ldap. (CVE-2009-1892)

For the stable distribution (lenny), this problem has been fixed in
version 3.1.1-6+lenny3.

We recommend that you upgrade your dhcp3 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : wordpress
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2008-6762 CVE-2008-6767 CVE-2009-2334 CVE-2009-2854
CVE-2009-2851 CVE-2009-2853 CVE-2008-1502 CVE-2008-4106
CVE-2008-4769 CVE-2008-4796 CVE-2008-5113
Debian Bugs : 531736 536724 504243 500115 504234 504771


The previous wordpress update introduced a regression when fixing
CVE-2008-4769 due to a function that was not backported with the patch.
Please note that this regression only affects the oldstable distribution
(etch). For reference the original advisory text follows.


Several vulnerabilities have been discovered in wordpress, weblog
manager. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2008-6762

It was discovered that wordpress is prone to an open redirect
vulnerability which allows remote attackers to conduct phishing atacks.

CVE-2008-6767

It was discovered that remote attackers had the ability to trigger an
application upgrade, which could lead to a denial of service attack.

CVE-2009-2334

It was discovered that wordpress lacks authentication checks in the
plugin configuration, which might leak sensitive information.

CVE-2009-2854

It was discovered that wordpress lacks authentication checks in various
actions, thus allowing remote attackers to produce unauthorised edits or
additions.

CVE-2009-2851

It was discovered that the administrator interface is prone to a
cross-site scripting attack.

CVE-2009-2853

It was discovered that remote attackers can gain privileges via certain
direct requests.

CVE-2008-1502

It was discovered that the _bad_protocol_once function in KSES, as used
by wordpress, allows remote attackers to perform cross-site scripting
attacks.

CVE-2008-4106

It was discovered that wordpress lacks certain checks around user
information, which could be used by attackers to change the password of
a user.

CVE-2008-4769

It was discovered that the get_category_template function is prone to a
directory traversal vulnerability, which could lead to the execution of
arbitrary code.

CVE-2008-4796

It was discovered that the _httpsrequest function in the embedded snoopy
version is prone to the execution of arbitrary commands via shell
metacharacters in https URLs.

CVE-2008-5113

It was discovered that wordpress relies on the REQUEST superglobal array
in certain dangerous situations, which makes it easier to perform
attacks via crafted cookies.


For the stable distribution (lenny), these problems have been fixed in
version 2.5.1-11+lenny1.

For the oldstable distribution (etch), these problems have been fixed in
version 2.0.10-1etch5.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.8.3-1.


We recommend that you upgrade your wordpress packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Package : xulrunner
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2654

Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid
URLs could be used for spoofing the location bar and the SSL certificate
status of a web page.

Xulrunner is no longer supported for the old stable distribution (etch).

For the stable distribution (lenny), this problem has been fixed in
version 1.9.0.13-0lenny1.

For the unstable distribution (sid), this problem has been fixed in
version 1.9.0.13-1.

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : nss
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-2404 CVE-2009-2408 CVE-2009-2409

Several vulnerabilities have been discovered in the Network Security
Service libraries. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-2404

Moxie Marlinspike discovered that a buffer overflow in the regular
expression parser could lead to the execution of arbitrary code.

CVE-2009-2408

Dan Kaminsky discovered that NULL characters in certificate
names could lead to man-in-the-middle attacks by tricking the user
into accepting a rogue certificate.

CVE-2009-2409

Certificates with MD2 hash signatures are no longer accepted
since they're no longer considered cryptograhically secure.


The old stable distribution (etch) doesn't contain nss.

For the stable distribution (lenny), these problems have been fixed in
version 3.12.3.1-0lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 3.12.3.1-1.

We recommend that you upgrade your nss packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : ikiwiki
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2944

Josh Triplett discovered that the blacklist for potentially harmful TeX
code of the teximg module of the Ikiwiki wiki compiler was incomplete,
resulting in information disclosure.

The old stable distribution (etch) is not affected.

For the stable distribution (lenny), this problem has been fixed in
version 2.53.4.

For the unstable distribution (sid), this problem has been fixed in
version 3.1415926.

We recommend that you upgrade your ikiwiki package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny