rootserverprojekt.de

Package : tomcat6
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190
CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063
CVE-2011-5064 CVE-2012-0022

Several vulnerabilities have been found in Tomcat, a servlet and JSP
engine:

CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064

The HTTP Digest Access Authentication implementation performed
insufficient countermeasures against replay attacks.

CVE-2011-2204

In rare setups passwords were written into a logfile.

CVE-2011-2526

Missing input sanisiting in the HTTP APR or HTTP NIO connectors
could lead to denial of service.

CVE-2011-3190

AJP requests could be spoofed in some setups.

CVE-2011-3375

Incorrect request caching could lead to information disclosure.

CVE-2011-4858 CVE-2012-0022

This update adds countermeasures against a collision denial of
service vulnerability in the Java hashtable implementation and
addresses denial of service potentials when processing large
amounts of requests.

Additional information can be
found at http://tomcat.apache.org/security-6.html

For the stable distribution (squeeze), this problem has been fixed in version 6.0.35-1+squeeze2.

For the unstable distribution (sid), this problem has been fixed in version 6.0.35-1.

We recommend that you upgrade your tomcat6 packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : iceape
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey:

CVE-2011-3670

Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,
resulting in potential information disclosure.

CVE-2012-0442

Jesse Ruderman and Bob Clary discovered memory corruption bugs, which
may lead to the execution of arbitrary code.

CVE-2012-0444

"regenrecht" discovered that missing input sanisiting in the Ogg Vorbis
parser may lead to the execution of arbitrary code.

CVE-2012-0449

Nicolas Gregoire and Aki Helin discovered that missing input
sanisiting in XSLT processing may lead to the execution of arbitrary
code.

For the stable distribution (squeeze), this problem has been fixed in version 2.0.11-10.

For the unstable distribution (sid), this problem has been fixed in version 2.0.14-10.

We recommend that you upgrade your iceape packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : php5
Vulnerability : code injection
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0830

Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.

For the oldstable distribution (lenny), no fix is available at this time.

For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7.

The testing distribution (wheezy) and unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : cacti
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-1644 CVE-2010-1645 CVE-2010-2543 CVE-2010-2545
CVE-2011-4824

It was discovered that the last security update for cacti, DSA-2384-1, introduced a regression in lenny.

For the oldstable distribution (lenny), this problem has been fixed in version 0.8.7b-2.1+lenny5.

The stable distribution (squeeze) is not affected by this regression.

We recommend that you upgrade your cacti packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : xen-qemu-dm-4.0
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0029

Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.

The old stable distribution (lenny) does not contain the
xen-qemu-dm-4.0 package.

For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-2+squeeze1.

The testing distribution (wheezy) and the unstable distribution (sid) will be fixed soon.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : apache2
Vulnerability : multiple issues
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3607 CVE-2011-3368 CVE-2011-3639 CVE-2011-4317
CVE-2012-0031 CVE-2012-0053

Several vulnerabilities have been found in the Apache HTTPD Server:

CVE-2011-3607:

An integer overflow in ap_pregsub() could allow local attackers to
execute arbitrary code at elevated privileges via crafted .htaccess
files.

CVE-2011-3368 CVE-2011-3639 CVE-2011-4317:

The Apache HTTP Server did not properly validate the request URI for
proxied requests. In certain reverse proxy configurations using the
ProxyPassMatch directive or using the RewriteRule directive with the
[P] flag, a remote attacker could make the proxy connect to an
arbitrary server. The could allow the attacker to access internal
servers that are not otherwise accessible from the outside.

The three CVE ids denote slightly different variants of the same
issue.

Note that, even with this issue fixed, it is the responsibility of
the administrator to ensure that the regular expression replacement
pattern for the target URI does not allow a client to append arbitrary
strings to the host or port parts of the target URI. For example, the
configuration

ProxyPassMatch ^/mail(.*) http://internal-host$1

is still insecure and should be replaced by one of the following
configurations:

ProxyPassMatch ^/mail(/.*) http://internal-host$1
ProxyPassMatch ^/mail/(.*) http://internal-host/$1

CVE-2012-0031:

An apache2 child process could cause the parent process to crash
during shutdown. This is a violation of the privilege separation
between the apache2 processes and could potentially be used to worsen
the impact of other vulnerabilities.

CVE-2012-0053:

The response message for error code 400 (bad request) could be used to
expose "httpOnly" cookies. This could allow a remote attacker using
cross site scripting to steal authentication cookies.


For the oldstable distribution (lenny), these problems have been fixed in version apache2 2.2.9-10+lenny12.

For the stable distribution (squeeze), these problems have been fixed in version apache2 2.2.16-6+squeeze6

For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-1.

For the unstable distribution (sid), these problems have been fixed in version 2.2.22-1.

We recommend that you upgrade your apache2 packages.

This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny7. In the stable distribution, apache2-mpm-itk has the same version number as apache2.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : php5
Vulnerability : code injection
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0830

Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.

This update adds packages for the oldstable distribution, which were missing from the original advisory. The problem has been fixed in version 5.2.6.dfsg.1-1+lenny16, installed into the security archive on 3 Feb 2012.

For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7.

For the unstable distribution (sid), this problem has been fixed in version 5.3.10-1.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : icedove
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449

Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base.

CVE-2011-3670
Icedove does not not properly enforce the IPv6 literal address
syntax, which allows remote attackers to obtain sensitive
information by making XMLHttpRequest calls through a proxy and
reading the error messages.

CVE-2012-0442
Memory corruption bugs could cause Icedove to crash or
possibly execute arbitrary code.

CVE-2012-0444
Icedove does not properly initialize nsChildView data
structures, which allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly
execute arbitrary code via a crafted Ogg Vorbis file.

CVE-2012-0449
Icedove allows remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via a malformed XSLT stylesheet that is
embedded in a document

For the stable distribution (squeeze), this problem has been fixed in version 3.0.11-1+squeeze7.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : cvs
Vulnerability : heap overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0804

It was discovered that a malicious CVS server could cause a heap overflow in the CVS client, potentially allowing the server to execute arbitrary code on the client.

For the stable distribution (squeeze), this problem has been fixed in version 1:1.12.13-12+squeeze1.

For the unstable distribution (sid), this problem has been fixed in version 2:1.12.13+real-7.

We recommend that you upgrade your cvs packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : devscripts
Vulnerability : several
Problem type : local (remote)
Debian-specific: yes
CVE ID : CVE-2012-0210 CVE-2012-0211 CVE-2012-0212

Several vulnerabilities have been discovered in debdiff, a script used to compare two Debian packages, which is part of the devscripts package.
The following Common Vulnerabilities and Exposures project ids have been assigned to identify them:

CVE-2012-0210:

Paul Wise discovered that due to insufficient input sanitising when
processing .dsc and .changes files, it is possible to execute
arbitrary code and disclose system information.

CVE-2012-0211:

Raphael Geissert discovered that it is possible to inject or modify
arguments of external commands when processing source packages with
specially-named tarballs in the top-level directory of the .orig
tarball, allowing arbitrary code execution.

CVE-2012-0212:

Raphael Geissert discovered that it is possible to inject or modify
arguments of external commands when passing as argument to debdiff
a specially-named file, allowing arbitrary code execution.


For the stable distribution (squeeze), these problems have been fixed in version 2.10.69+squeeze2.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems will be fixed in version 2.11.4.

We recommend that you upgrade your devscripts packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : libpng
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3026

Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.

For the stable distribution (squeeze), this problem has been fixed in version 1.2.44-1+squeeze2.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your libpng packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : mumble
Vulnerability : information disclosure
Problem type : local
Debian-specific: no
CVE ID : CVE-2012-0863
Debian Bug : 659039

It was discovered that mumble, a VoIP client, does not probably manage permission on its user-specific configuration files, allowing other local users on the system to access them.

For the stable distribution (squeeze), this problem has been fixed in version 1.2.2-6+squeeze1.

For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1.2.3-3.

We recommend that you upgrade your mumble packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : libvorbis
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE ID : CVE-2012-0444

It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.

For the stable distribution (squeeze), this problem has been fixed in version 1.3.1-1+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your libvorbis packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : libarchive
Vulnerability : buffer overflows
Problem type : remote/local
Debian-specific: no
CVE ID : CVE-2011-1777 CVE-2011-1778

Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality.

For the stable distribution (squeeze), this problem has been fixed in version 2.8.4-1+squeeze1.

For the testing (wheezy) and unstable (sid) distributions, this problem has been fixed in version 2.8.5-5.

We recommend that you upgrade your libarchive packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : fex
Vulnerability : insufficient input sanitization
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0869

Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup"
script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters.

For the stable distribution (squeeze), this problem has been fixed in version 20100208+debian1-1+squeeze2.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 20120215-1.

We recommend that you upgrade your fex packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : libmodplug
Vulnerability : several
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-1761 CVE-2011-2911 CVE-2011-2912 CVE-2011-2913
CVE-2011-2914 CVE-2011-2915

Several vulnerabilities that can lead to the execution of arbitrary code have been discovered in libmodplug, a library for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2011-1761

epiphant discovered that the abc file parser is vulnerable to several
stack-based buffer overflows that potentially lead to the execution
of arbitrary code.

CVE-2011-2911

Hossein Lotfi of Secunia discovered that the CSoundFile::ReadWav
function is vulnerable to an integer overflow which leads to a
heap-based buffer overflow. An attacker can exploit this flaw to
potentially execute arbitrary code by tricking a victim into opening
crafted WAV files.

CVE-2011-2912

Hossein Lotfi of Secunia discovered that the CSoundFile::ReadS3M
function is vulnerable to a stack-based buffer overflow. An attacker
can exploit this flaw to potentially execute arbitrary code by
tricking a victim into opening crafted S3M files.

CVE-2011-2913

Hossein Lotfi of Secunia discovered that the CSoundFile::ReadAMS
function suffers from an off-by-one vulnerability that leads to
memory corruption. An attacker can exploit this flaw to potentially
execute arbitrary code by tricking a victim into opening crafted AMS
files.

CVE-2011-2914

It was discovered that the CSoundFile::ReadDSM function suffers
from an off-by-one vulnerability that leads to memory corruption.
An attacker can exploit this flaw to potentially execute arbitrary
code by tricking a victim into opening crafted DSM files.

CVE-2011-2915

It was discovered that the CSoundFile::ReadAMS2 function suffers
from an off-by-one vulnerability that leads to memory corruption.
An attacker can exploit this flaw to potentially execute arbitrary
code by tricking a victim into opening crafted AMS files.


For the stable distribution (squeeze), this problem has been fixed in version 1:0.8.8.1-1+squeeze2.

For the testing (wheezy) and unstable (sid) distributions, this problem has been fixed in version 1:0.8.8.4-1.

We recommend that you upgrade your libmodplug packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : notmuch
Vulnerability : information disclosure
Problem type : remote
Debian-specific: no

It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing message.

For the stable distribution (squeeze), this problem has been fixed in version 0.3.1+squeeze1.

For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 0.11.1-1.

We recommend that you upgrade your notmuch packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : libxml2
Vulnerability : computational denial of service
Problem type : local/remote
Debian-specific: no
Debug bug : 660846
CVE ID : CVE-2012-0841

It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. As a result it is possible to perform denial of service attacks against applications using libxml2 functionality because of the computational overhead.


For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze3.

For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon.

We recommend that you upgrade your libxml2 packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : fex
Vulnerability : insufficient input sanitization
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0869

It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem.

For the stable distribution (squeeze), this problem has been fixed in version 20100208+debian1-1+squeeze3.

The testing (wheezy) and unstable (sid) distributions are not affected by this problem.

We recommend that you upgrade your fex packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Package : postgresql-8.4
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0866 CVE-2012-0867 CVE-2012-0868

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2012-0866

It was discovered that the permissions of a function called by a
trigger are not checked. This could result in privilege escalation.

CVE-2012-0867

It was discovered that only the first 32 characters of a host name
are checked when validating host names through SSL certificates.
This could result in spoofing the connection in limited
circumstances.

CVE-2012-0868

It was discovered that pg_dump did not sanitise object names.
This could result in arbitrary SQL command execution if a
malformed dump file is opened.

For the stable distribution (squeeze), this problem has been fixed in version 8.4.11-0squeeze1.

For the unstable distribution (sid), this problem has been fixed in version 8.4.11-1.

We recommend that you upgrade your postgresql-8.4 packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/