rootserverprojekt.de

Package : phpgroupware
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2010-0403 CVE-2010-0404

Several remote vulnerabilities have been discovered in phpgroupware, a
Web based groupware system written in PHP. The Common Vulnerabilities
and Exposures project identifies the following problems:


CVE-2010-0403

A local file inclusion vulnerability allows remote attackers to execute
arbitrary PHP code and include arbitrary local files.


CVE-2010-0404

Multiple SQL injection vulnerabilities allows remote attackers to execute
arbitrary SQL commands.


For the stable distribution (lenny), these problems have been fixed in
version 1:0.9.16.012+dfsg-8+lenny2

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.

We recommend that you upgrade your phpgroupware package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : pidgin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0420 CVE-2010-0423
Debian Bug : 566775 579601

The packages for Pidgin released as DSA 2038-1 had a regression, as they
unintentionally disabled the Zephyr instant messaging protocol. This
update restores Zephyr functionality. For reference the original
advisory text below.

Several remote vulnerabilities have been discovered in Pidgin, a multi
protocol instant messaging client. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2010-0420

Crafted nicknames in the XMPP protocol can crash Pidgin remotely.

CVE-2010-0423

Remote contacts may send too many custom smilies, crashing Pidgin.

Since a few months, Microsoft's servers for MSN have changed the protocol,
making Pidgin non-functional for use with MSN. It is not feasible to port
these changes to the version of Pidgin in Debian Lenny. This update
formalises that situation by disabling the protocol in the client. Users
of the MSN protocol are advised to use the version of Pidgin in the
repositories of www.backports.org.

For the stable distribution (lenny), these problems have been fixed in
version 2.4.3-4lenny7.

For the unstable distribution (sid), these problems have been fixed in
version 2.6.6-1.

We recommend that you upgrade your pidgin package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Package : aria2
Vulnerability : insufficient input sanitising
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2010-1512

A vulnerability was discovered in aria2, a download client. The "name"
attribute of the "file" element of metalink files is not properly
sanitised before using it to download files. If a user is tricked into
downloading from a specially crafted metalink file, this can be
exploited to download files to directories outside of the intended
download directory.

For the stable distribution (lenny), this problem has been fixed in
version 0.14.0-1+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 1.9.3-1.

We recommend that you upgrade your aria2 package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : barnowl
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id : CVE-2010-0793
Debian Bug : 574418

It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM
and Zephyr client, is prone to a buffer overflow via its "CC:" handling,
which could lead to the execution of arbitrary code.


For the stable distribution (lenny), this problem has been fixed in
version 1.0.1-4+lenny1.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.5.1-1.


We recommend that you upgrade your barnowl packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : dvipng
Vulnerability : buffer overflow
Problem type : remote (local)
Debian-specific: no
CVE Id : CVE-2010-0829
Debian Bug : 580628

Dan Rosenberg discovered that in dvipng, a utility that converts DVI
files to PNG graphics, several array index errors allow context-dependent
attackers, via a specially crafted DVI file, to cause a denial of
service (crash of the application), and possibly arbitrary code
execution.

For the stable distribution (lenny), this problem has been fixed in
version dvipng_1.11-1+lenny1.

For the testing distribution (squeeze), this problem has been fixed in
version 1.13-1.

For the unstable distribution (sid), this problem has been fixed in
version 1.13-1.

We recommend that you upgrade your dvipng package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.



Debian GNU/Linux 5.0 alias lenny

Package : kdegraphics
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609

Several local vulnerabilities have been discovered in KPDF, a PDF viewer
for KDE, which allow the execution of arbitrary code or denial of
service if a user is tricked into opening a crafted PDF document.

For the stable distribution (lenny), these problems have been fixed in
version 4:3.5.9-3+lenny3.

The unstable distribution (sid) no longer contains kpdf. It's replacement,
Okular, links against the poppler PDF library.

We recommend that you upgrade your kdegraphics packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : postgresql-8.3
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975

Several local vulnerabilities have been discovered in PostgreSQL, an
object-relational SQL database. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2010-1169

Tim Bunce discovered that the implementation of the procedural
language PL/Perl insufficiently restricts the subset of allowed
code, which allows authenticated users the execution of arbitrary
Perl code.

CVE-2010-1170

Tom Lane discovered that the implementation of the procedural
language PL/Tcl insufficiently restricts the subset of allowed
code, which allows authenticated users the execution of arbitrary
Tcl code.

CVE-2010-1975

It was discovered that an unprivileged user could reset
superuser-only parameter settings.

For the stable distribution (lenny), these problems have been fixed in
version 8.3.11-0lenny1. This update also introduces a fix for
CVE-2010-0442, which was originally scheduled for the next Lenny point
update.

For the unstable distribution (sid), these problems have been fixed in
version 8.4.4-1 of postgresql-8.4.

We recommend that you upgrade your postgresql-8.3 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : krb5
Vulnerability : null pointer dereference
Problem type : remote
Debian-specific: no
CVE Id : CVE-2010-1321
Debian Bug : 582261

Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for
authenticating users and services on a network, a null pointer
dereference flaw in the Generic Security Service Application Program
Interface (GSS-API) library could allow an authenticated remote attacker
to crash any server application using the GSS-API authentication
mechanism, by sending a specially-crafted GSS-API token with a missing
checksum field.

For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny4.

For the testing distribution (squeeze), this problem has been fixed in
version 1.8.1+dfsg-3.

For the testing distribution (sid), this problem has been fixed in
version 1.8.1+dfsg-3.

We recommend that you upgrade your krb5 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-4537 CVE-2010-0727 CVE-2010-1083 CVE-2010-1084
CVE-2010-1086 CVE-2010-1087 CVE-2010-1088 CVE-2010-1162
CVE-2010-1173 CVE-2010-1187 CVE-2010-1437 CVE-2010-1446
CVE-2010-1451
Debian Bug(s) : 573071

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-4537

Fabian Yamaguchi reported a missing check for Ethernet frames larger
than the MTU in the r8169 driver. This may allow users on the local
network to crash a system, resulting in a denial of service.

CVE-2010-0727

Sachin Prabhu reported an issue in the GFS2 filesystem. Local users
can trigger a BUG() altering the permissions on a locked file,
resulting in a denial of service.

CVE-2010-1083

Linus Torvalds reported an issue in the USB subsystem, which may allow
local users to obtain portions of sensitive kernel memory.

CVE-2010-1084

Neil Brown reported an issue in the Bluetooth subsystem that may
permit remote attackers to overwrite memory through the creation
of large numbers of sockets, resulting in a denial of service.

CVE-2010-1086

Ang Way Chuang reported an issue in the DVB subsystem for Digital
TV adapters. By creating a specially-encoded MPEG2-TS frame, a remote
attacker could cause the receiver to enter an endless loop, resulting
in a denial of service.

CVE-2010-1087

Trond Myklebust reported an issue in the NFS filesystem. A local
user may cause an oops by sending a fatal signal during a file
truncation operation, resulting in a denial of service.

CVE-2010-1088

Al Viro reported an issue where automount symlinks may not
be followed when LOOKUP_FOLLOW is not set. This has an unknown
security impact.

CVE-2010-1162

Catalin Marinas reported an issue in the tty subsystem that allows
local attackers to cause a kernel memory leak, possibly resulting
in a denial of service.

CVE-2010-1173

Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from
Codenomicon Ltd reported an issue in the SCTP subsystem that allows
a remote attacker to cause a denial of service using a malformed init
package.

CVE-2010-1187

Neil Hormon reported an issue in the TIPC subsystem. Local users can
cause a denial of service by way of a NULL pointer dereference by
sending datagrams through AF_TIPC before entering network mode.

CVE-2010-1437

Toshiyuki Okajima reported a race condition in the keyring subsystem.
Local users can cause memory corruption via keyctl commands that
access a keyring in the process of being deleted, resulting in a
denial of service.

CVE-2010-1446

Wufei reported an issue with kgdb on the PowerPC architecture,
allowing local users to write to kernel memory. Note: this issue
does not affect binary kernels provided by Debian. The fix is
provided for the benefit of users who build their own kernels
from Debian source.

CVE-2010-1451

Brad Spengler reported an issue on the SPARC architecture that allows
local users to execute non-executable pages.

This update also includes fixes a regression introduced by a previous
update. See the referenced Debian bug page for details.

For the stable distribution (lenny), these problems have been fixed in
version 2.6.26-22lenny1.

We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.

The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update:

Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+22lenny1

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Package : bind9
Vulnerability : DNS cache poisoning
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0097 CVE-2010-0290 CVE-2010-0382

Several cache-poisoning vulnerabilities have been discovered in BIND.
These vulnerabilities are apply only if DNSSEC validation is enabled and
trust anchors have been installed, which is not the default.

The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2010-0097
BIND does not properly validate DNSSEC NSEC records, which allows
remote attackers to add the Authenticated Data (AD) flag to a forged
NXDOMAIN response for an existing domain.

CVE-2010-0290
When processing crafted responses containing CNAME or DNAME records,
BIND is subject to a DNS cache poisoning vulnerability, provided that
DNSSEC validation is enabled and trust anchors have been installed.

CVE-2010-0382
When processing certain responses containing out-of-bailiwick data,
BIND is subject to a DNS cache poisoning vulnerability, provided that
DNSSEC validation is enabled and trust anchors have been installed.

In addition, this update introduce a more conservative query behavior
in the presence of repeated DNSSEC validation failures, addressing the
"roll over and die" phenomenon. The new version also supports the
cryptographic algorithm used by the upcoming signed ICANN DNS root
(RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence
algorithm used by some signed top-level domains.

This update is based on a new upstream version of BIND 9, 9.6-ESV-R1.
Because of the scope of changes, extra care is recommended when
installing the update. Due to ABI changes, new Debian packages are
included, and the update has to be installed using "apt-get
dist-upgrade" (or an equivalent aptitude command).

For the stable distribution (lenny), these problems have been fixed in
version 1:9.6.ESV.R1+dfsg-0+lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 1:9.7.0.dfsg-1.

We recommend that you upgrade your bind9 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get dist-upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : openoffice.org
Vulnerability : macro execution
Problem type : local
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-0395

It was discovered that OpenOffice.org, a full-featured office productivity
suite that provides a near drop-in replacement for Microsoft(R) Office, is
not properly handling python macros embedded in an office document. This
allows an attacker to perform user-assisted execution of arbitrary code in
certain use cases of the python macro viewer component.


For the stable distribution (lenny), this problem has been fixed in
version 1:2.4.1+dfsg-1+lenny7.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1:3.2.1-1.


We recommend that you upgrade your openoffice.org packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : zonecheck
Vulnerability : missing input sanitizing
Problem type : remote
Debian-specific: no
CVE Id : CVE-2010-2052 CVE-2010-2155 CVE-2009-4882
Debian Bug : 583290

It was discovered that in zonecheck, a tool to check DNS configurations,
the CGI does not perform sufficient sanitation of user input; an
attacker can take advantage of this and pass script code in order to
perform cross-site scripting attacks.

For the stable distribution (lenny), this problem has been fixed in
version 2.0.4-13lenny1.

For the testing distribution (squeeze), this problem has been fixed in
version 2.1.1-1.

For the testing distribution (sid), this problem has been fixed in
version 2.1.1-1.

We recommend that you upgrade your zonecheck packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : mysql-dfsg-5.0
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850

Several vulnerabilities have been discovered in the MySQL
database server.
The Common Vulnerabilities and Exposures project identifies the
following problems:


CVE-2010-1626

MySQL allows local users to delete the data and index files of another
user's MyISAM table via a symlink attack in conjunction with the DROP
TABLE command.


CVE-2010-1848

MySQL failed to check the table name argument of a COM_FIELD_LIST
command packet for validity and compliance to acceptable table name
standards. This allows an authenticated user with SELECT privileges on
one table to obtain the field definitions of any table in all other
databases and potentially of other MySQL instances accessible from the
server's file system.


CVE-2010-1849

MySQL could be tricked to read packets indefinitely if it received a
packet larger than the maximum size of one packet.
This results in high CPU usage and thus denial of service conditions.


CVE-2010-1850

MySQL was susceptible to a buffer-overflow attack due to a
failure to perform bounds checking on the table name argument of a
COM_FIELD_LIST command packet. By sending long data for the table
name, a buffer is overflown, which could be exploited by an
authenticated user to inject malicious code.


For the stable distribution (lenny), these problems have been fixed in
version 5.0.51a-24+lenny4

The testing (squeeze) and unstable (sid) distribution do not contain
mysql-dfsg-5.0 anymore.

We recommend that you upgrade your mysql-dfsg-5.0 package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : glibc, eglibc
Vulnerability : multiple
Problem type : remote (local)
Debian-specific: no
CVE Id(s) : CVE-2008-1391 CVE-2009-4880, CVE-2009-4881
CVE-2010-0296 CVE-2010-0830
Debian Bug : 583908

Several vulnerabilities have been discovered in the GNU C Library (aka
glibc) and its derivatives. The Common Vulnerabilities and Exposures
project identifies the following problems:


CVE-2008-1391, CVE-2009-4880, CVE-2009-4881

Maksymilian Arciemowicz discovered that the GNU C library did not
correctly handle integer overflows in the strfmon family of
functions. If a user or automated system were tricked into
processing a specially crafted format string, a remote attacker
could crash applications, leading to a denial of service.


CVE-2010-0296

Jeff Layton and Dan Rosenberg discovered that the GNU C library did
not correctly handle newlines in the mntent family of functions. If
a local attacker were able to inject newlines into a mount entry
through other vulnerable mount helpers, they could disrupt the
system or possibly gain root privileges.


CVE-2010-0830

Dan Rosenberg discovered that the GNU C library did not correctly
validate certain ELF program headers. If a user or automated system
were tricked into verifying a specially crafted ELF program, a
remote attacker could execute arbitrary code with user privileges.

For the stable distribution (lenny), these problems have been fixed in
version 2.7-18lenny4 of the glibc package.

For the testing distribution (squeeze), these problems will be fixed soon.

For the unstable distribution (sid), these problems has been fixed in
version 2.1.11-1 of the eglibc package.

We recommend that you upgrade your glibc or eglibc packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : pcsc-lite
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2010-0407

It was discovered that PCSCD, a daemon to access smart cards, was vulnerable
to a buffer overflow allowing a local attacker to elevate his privileges
to root.

For the stable distribution (lenny), this problem has been fixed in version
1.4.102-1+lenny1.

For the unstable distribution (sid), this problem has been fixed in
version 1.5.4-1.

We recommend that you upgrade your pcsc-lite package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : cacti
Vulnerability : insufficient input sanitization
Problem type : remote
Debian-specific: no
Debian bug : 582691
CVE ID : CVE-2010-2092

Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring
systems and services, is not properly validating input passed to the rra_id
parameter of the graph.php script. Due to checking the input of $_REQUEST
but using $_GET input in a query an unauthenticated attacker is able to
perform SQL injections via a crafted rra_id $_GET value and an additional
valid rra_id $_POST or $_COOKIE value.


For the stable distribution (lenny), this problem has been fixed in
version 0.8.7b-2.1+lenny3.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.7e-4.


We recommend that you upgrade your cacti packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : bind9
Vulnerability : DNS cache poisoning
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0097 CVE-2010-0290 CVE-2010-0382

This update restores the PID file location for bind to the location
before the last security update. For reference, here is the original
advisory text that explains the security problems fixed:

Several cache-poisoning vulnerabilities have been discovered in BIND.
These vulnerabilities are apply only if DNSSEC validation is enabled and
trust anchors have been installed, which is not the default.

The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2010-0097
BIND does not properly validate DNSSEC NSEC records, which allows
remote attackers to add the Authenticated Data (AD) flag to a forged
NXDOMAIN response for an existing domain.

CVE-2010-0290
When processing crafted responses containing CNAME or DNAME records,
BIND is subject to a DNS cache poisoning vulnerability, provided that
DNSSEC validation is enabled and trust anchors have been installed.

CVE-2010-0382
When processing certain responses containing out-of-bailiwick data,
BIND is subject to a DNS cache poisoning vulnerability, provided that
DNSSEC validation is enabled and trust anchors have been installed.

In addition, this update introduce a more conservative query behavior
in the presence of repeated DNSSEC validation failures, addressing the
"roll over and die" phenomenon. The new version also supports the
cryptographic algorithm used by the upcoming signed ICANN DNS root
(RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence
algorithm used by some signed top-level domains.

This update is based on a new upstream version of BIND 9, 9.6-ESV-R1.
Because of the scope of changes, extra care is recommended when
installing the update. Due to ABI changes, new Debian packages are
included, and the update has to be installed using "apt-get
dist-upgrade" (or an equivalent aptitude command).

For the stable distribution (lenny), these problems have been fixed in
version 1:9.6.ESV.R1+dfsg-0+lenny2.

The unstable distribution is not affected by the wrong PID file location.

We recommend that you upgrade your bind9 packages.


Upgrade Instructions
- --------------------

wget url
will flenny the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : samba
Vulnerability : memory corruption
Problem type : remote
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-2063

Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol
for Unix systems, is not properly handling certain offset values when
processing chained SMB1 packets. This enables an unauthenticated attacker
to write to an arbitrary memory location resulting in the possibility to
execute arbitrary code with root privileges or to perform denial of service
attacks by crashing the samba daemon.


For the stable distribution (lenny), this problem has been fixed in
version 3.2.5-4lenny12.

This problem does not affect the versions in the testing (squeeze) and
unstable (sid) distribution.


We recommend that you upgrade your samba packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : sudo
Vulnerability : missing input sanitization
Problem type : local
Debian-specific: no
CVE Id : CVE-2010-1646
Debian Bug : 585394


Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a
program designed to allow a sysadmin to give limited root privileges to
users, that allows a user with sudo permissions on certain programs to
use those programs with an untrusted value of PATH.
This could possibly lead to certain intended restrictions being bypassed,
such as the secure_path setting.


For the stable distribution (lenny), this problem has been fixed in
version 1.6.9p17-3

For the unstable distribution (sid), this problem has been fixed in
version 1.7.2p7-1, and will migrate to the testing distribution (squeeze)
shortly.


We recommend that you upgrade your sudo package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny

Package : pmount
Vulnerability : insecure temporary file
Problem type : local
Debian-specific: no
CVE Id : CVE-2010-2192


Dan Rosenberg discovered that pmount, a wrapper around the standard mount
program which permits normal users to mount removable devices without a
matching /etc/fstab entry, creates files in /var/lock insecurely.
A local attacker could overwrite arbitrary files utilising a symlink attack.


For the stable distribution (lenny), this problem has been fixed in
version 0.9.18-2+lenny1

For the unstable distribution (sid), this problem has been fixed in
version 0.9.23-1, and will migrate to the testing distribution (squeeze)
shortly.

We recommend that you upgrade your pmount package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny