Debian Security Advisory

Package : netpbm-free
Vulnerability : insufficient input sanitizing
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0554

A vulnerability was discovered in the GIF reader implementation in
netpbm-free, a suite of image manipulation utilities. Insufficient
input data validation could allow a maliciously-crafted GIF file
to overrun a stack buffer, potentially permitting the execution of
arbitrary code.

For the stable distribution (etch), these problems have been fixed in
version 2:10.0-11.1+etch1.

For the unstable distribution (sid), these problems were fixed in
version 2:10.0-11.1.

We recommend that you upgrade your netpbm packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : phpgedview
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2064

It was discovered that phpGedView, an application to provide online access
to genealogical data, allowed remote attackers to gain administrator
privileges due to a programming error.

Note: this problem was a fundamental design flaw in the interface (API) to
connect phpGedView with external programs like content management systems.
Resolving this problem was only possible by completely reworking the API,
which is not considered appropriate for a security update. Since these are
peripheral functions probably not used by the large majority of package
users, it was decided to remove these interfaces. If you require that
interface nonetheless, you are advised to use a version of phpGedView
backported from Debian Lenny, which has a completely redesigned API.

For the stable distribution (etch), this problem has been fixed in
version 4.0.2.dfsg-4.

For the unstable distribution (sid), this problem has been fixed in
version 4.1.e+4.1.5-1.

We recommend that you upgrade your phpgedview package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : gnutls13
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

Several remote vulnerabilities have been discovered in GNUTLS, an
implementation of the SSL/TLS protocol suite.

NOTE: The libgnutls13 package, which provides the GNUTLS library, does
not contain logic to automatically restart potentially affected
services. You must restart affected services manually (mainly Exim,
using "/etc/init.d/exim4 restart") after applying the update, to make
the changes fully effective. Alternatively, you can reboot the system.

The following vulnerabilities have been identified:

A pre-authentication heap overflow involving oversized session
resumption data may lead to arbitrary code execution (CVE-2008-1948 )

Repeated client hellos may result in a pre-authentication denial of
service condition due to a null pointer dereference (CVE-2008-1949)

Decoding cipher padding with an invalid record length may cause GNUTLS
to read memory beyond the end of the received record, leading to a
pre-authentication denial of service condition (CVE-2008-1950)

For the stable distribution (etch), these problems have been fixed in
version 1.4.4-3+etch1. (Builds for the arm architecture are currently
not available and will be released later.)

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your GNUTLS packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : peercast
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2040
Debian Bug : 478573

Nico Golde discovered that PeerCast, a P2P audio and video streaming
server, is vulnerable to a buffer overflow in the HTTP Basic
Authentication code, allowing a remote attacker to crash PeerCast or
execure arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 0.1217.toots.20060314-1etch1.

For the unstable distribution (sid), this problem has been fixed in
version 0.1218+svn20080104-1.1.

We recommend that you upgrade your peercast package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : gnome-peercast
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-6454 CVE-2008-2040
Debian Bug : 466539

Several remote vulnerabilities have been discovered in Gnome PeerCast,
the Gnome interface to PeerCast, a P2P audio and video streaming
server. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-6454

Luigi Auriemma discovered that PeerCast is vulnerable to a heap
overflow in the HTTP server code, which allows remote attackers to
cause a denial of service and possibly execute arbitrary code via a
long SOURCE request.

CVE-2008-2040

Nico Golde discovered that PeerCast, a P2P audio and video streaming
server, is vulnerable to a buffer overflow in the HTTP Basic
Authentication code, allowing a remote attacker to crash PeerCast or
execure arbitrary code.

For the stable distribution (etch), these problems have been fixed in
version 0.5.4-1.1etch0.

For the unstable distribution (sid), the first issue has been fixed in
0.5.4-1.2. The second issue will be fixed soon.

We recommend that you upgrade your gnome-peercast package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : libfishsound
Vulnerability : integer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-1686
Debian Bug : 475152

It was discovered that libfishsound, a simple programming interface that
wraps Xiph.Org audio codecs, didn't correctly handle negative values in
a particular header field. This could allow malicious files to execute
arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
0.7.0-2etch1.

For the unstable distribution (sid), this problem has been fixed in
version 0.7.0-2.2.

We recommend that you upgrade your libfishsound package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : speex
Vulnerability : integer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-1686

It was discovered that speex, The Speex codec command line tools, did
not correctly did not correctly deal with negative offsets in a particular
header field. This could allow a malicious file to execute arbitrary
code.

For the stable distribution (etch), this problem has been fixed in version
1.1.12-3etch1.

We recommend that you upgrade your speex package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : xine-lib
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-1482 CVE-2008-1686 CVE-2008-1878

Multiple vulnerabilities have been discovered in xine-lib, a library
which supplies most of the application functionality of the xine
multimedia player. The Common Vulnerabilities and Exposures project
identifies the following three problems:

CVE-2008-1482

Integer overflow vulnerabilities exist in xine's FLV, QuickTime,
RealMedia, MVE and CAK demuxers, as well as the EBML parser used
by the Matroska demuxer. These weaknesses allow an attacker to
overflow heap buffers and potentially execute arbitrary code by
supplying a maliciously crafted file of those types.

CVE-2008-1686

Insufficient input validation in the Speex implementation used
by this version of xine enables an invalid array access and the
execution of arbitrary code by supplying a maliciously crafted
Speex file.

CVE-2008-1878

Inadequate bounds checking in the NES Sound Format (NSF) demuxer
enables a stack buffer overflow and the execution of arbitrary
code through a maliciously crafted NSF file.

For the stable distribution (etch), these problems have been fixed in
version 1.1.2+dfsg-7.

For the unstable distribution (sid), these problems have been fixed in
version 1.1.12-2.

We recommend that you upgrade your xine-lib packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : linux-2.6
Vulnerability : denial of service
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2137

Several vulnerabilities have been discovered in the Linux kernel that may
lead to a denial of service. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2007-6712

Johannes Bauer discovered an integer overflow condition in the hrtimer
subsystem on 64-bit systems. This can be exploited by local users to
trigger a denial of service (DoS) by causing the kernel to execute an
infinite loop.

CVE-2008-1615

Jan Kratochvil reported a local denial of service condition that
permits local users on systems running the amd64 flavor kernel
to cause a system crash.

CVE-2008-2136

Paul Harks discovered a memory leak in the Simple Internet Transition
(SIT) code used for IPv6 over IPv4 tunnels. This can be exploited
by remote users to cause a denial of service condition.

CVE-2008-2137

David Miller and Jan Lieskovsky discovered issues with the virtual
address range checking of mmaped regions on the sparc architecture
that may be exploited by local users to cause a denial of service.

For the stable distribution (etch), this problem has been fixed in version
2.6.18.dfsg.1-18etch5.

Builds for linux-2.6/s390 and fai-kernels/powerpc were not yet available at
the time of this advisory. This advisory will be updated as these builds
become available.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

The following matrix lists additional source packages that were rebuilt for
compatability with or to take advantage of this update:

Debian 4.0 (etch)
fai-kernels 1.17+etch.18etch5
user-mode-linux 2.6.18-1um-2etch.18etch5

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : libxslt
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-1767
Debian Bug : 482664

It was discovered that libxslt, an XSLT processing runtime library,
could be coerced into executing arbitrary code via a buffer overflow
when an XSL style sheet file with a long XSLT "transformation match"
condition triggered a large number of steps.

For the stable distribution (etch), this problem has been fixed in version
1.1.19-2.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.24-1.

We recommend that you upgrade your libxslt package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : linux-2.6
Vulnerability : denial of service
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2137

Several vulnerabilities have been discovered in the Linux kernel that may
lead to a denial of service. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2007-6712

Johannes Bauer discovered an integer overflow condition in the hrtimer
subsystem on 64-bit systems. This can be exploited by local users to
trigger a denial of service (DoS) by causing the kernel to execute an
infinite loop.

CVE-2008-1615

Jan Kratochvil reported a local denial of service condition that
permits local users on systems running the amd64 flavor kernel
to cause a system crash.

CVE-2008-2136

Paul Harks discovered a memory leak in the Simple Internet Transition
(SIT) code used for IPv6 over IPv4 tunnels. This can be exploited
by remote users to cause a denial of service condition.

CVE-2008-2137

David Miller and Jan Lieskovsky discovered issues with the virtual
address range checking of mmaped regions on the sparc architecture
that may be exploited by local users to cause a denial of service.

For the stable distribution (etch), this problem has been fixed in version
2.6.18.dfsg.1-18etch5.

This updated advisory adds the linux-2.6 build for s390 and the fai-kernels
build for powerpc which were not yet available at the time of DSA-1588-1.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

The following matrix lists additional source packages that were rebuilt for
compatability with or to take advantage of this update:

Debian 4.0 (etch)
fai-kernels 1.17+etch.18etch5
user-mode-linux 2.6.18-1um-2etch.18etch5

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : samba
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-1105
Debian Bug : 483410

Alin Rad Pop discovered that Samba contained a buffer overflow condition
when processing certain responses received while acting as a client,
leading to arbitrary code execution (CVE-2008-1105).

For the stable distribution (etch), this problem has been fixed in version
3.0.24-6etch10.

For the unstable distribution (sid), this problem has been fixed in
version 3.0.30-1.

We recommend that you upgrade your samba packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : ikiwiki
Vulnerability : cross-site request forgery
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0165
Debian Bug : 475445

The update of ikiwiki in DSA-1553-1 caused two regressions. An updated
version of ikiwiki is available that fixes these problems. For reference,
the full advisory text is below.

It has been discovered that ikiwiki, a Wiki implementation, does not
guard password and content changes against cross-site request forgery
(CSRF) attacks.

For the stable distribution (etch), this problem has been fixed in
version 1.33.6.

For the unstable distribution (sid), this problem has been fixed in
version 2.42.

We recommend that you upgrade your ikiwiki package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : libvorbis
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-1419 CVE-2008-1420 CVE-2008-1423
Debian Bug : 482518

Several local (remote) vulnerabilities have been discovered in libvorbis,
a library for the Vorbis general-purpose compressed audio codec. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-1419

libvorbis does not properly handle a zero value which allows remote
attackers to cause a denial of service (crash or infinite loop) or
trigger an integer overflow.

CVE-2008-1420

Integer overflow in libvorbis allows remote attackers to execute
arbitrary code via a crafted OGG file, which triggers a heap overflow.

CVE-2008-1423

Integer overflow in libvorbis allows remote attackers to cause a denial
of service (crash) or execute arbitrary code via a crafted OGG file
which triggers a heap overflow.

For the stable distribution (etch), these problems have been fixed in version
1.1.2.dfsg-1.4.

For the unstable distribution (sid), these problems have been fixed in
version 1.2.0.dfsg-3.1.

We recommend that you upgrade your libvorbis package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : linux-2.6
Vulnerability : heap overflow
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-1673 CVE-2008-2358

Two vulnerabilities have been discovered in the Linux kernel that may
lead to a denial of service or arbitrary code execution. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2008-1673

Wei Wang from McAfee reported a potential heap overflow in the
ASN.1 decode code that is used by the SNMP NAT and CIFS
subsystem. Exploitation of this issue may lead to arbitrary code
execution. This issue is not believed to be exploitable with the
pre-built kernel images provided by Debian, but it might be an
issue for custom images built from the Debian-provided source
package.

CVE-2008-2358

Brandon Edwards of McAfee Avert labs discovered an issue in the
DCCP subsystem. Due to missing feature length checks it is possible
to cause an overflow they may result in remote arbitrary code
execution.

For the stable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-18etch6.

The linux-2.6/mipsel build was not yet available at the time of this
advisory. This advisory will be updated when this this build becomes
available.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

The following matrix lists additional source packages that were rebuilt for
compatability with or to take advantage of this update:

Debian 4.0 (etch)
fai-kernels 1.17+etch.18etch6
user-mode-linux 2.6.18-1um-2etch.18etch6

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : tomcat5.5
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1947

Tt was discovered that the Host Manager web application performed
insufficient input sanitising, which could lead to cross-site scripting.

For the stable distribution (etch), this problem has been fixed in
version 5.5.20-2etch3.

For the unstable distribution (sid), this problem has been fixed in
version 5.5.26-3.

We recommend that you upgrade your tomcat5.5 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : imlib2
Vulnerability : buffer overflows
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2426

Stefan Cornelius discovered two buffer overflows in Imlib's - a powerful
image loading and rendering library - image loaders for PNM and XPM
images, which may result in the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 1.3.0.0debian1-4+etch1.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.0-1.1.

We recommend that you upgrade your imlib2 package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : xorg-server
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361
CVE-2008-2362

Several local vulnerabilities have been discovered in the X Window system.
The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2008-1377

Lack of validation of the parameters of the
SProcSecurityGenerateAuthorization SProcRecordCreateContext
functions makes it possible for a specially crafted request to trigger
the swapping of bytes outside the parameter of these requests, causing
memory corruption.

CVE-2008-1379

An integer overflow in the validation of the parameters of the
ShmPutImage() request makes it possible to trigger the copy of
arbitrary server memory to a pixmap that can subsequently be read by
the client, to read arbitrary parts of the X server memory space.

CVE-2008-2360

An integer overflow may occur in the computation of the size of the
glyph to be allocated by the AllocateGlyph() function which will cause
less memory to be allocated than expected, leading to later heap
overflow.

CVE-2008-2361

An integer overflow may occur in the computation of the size of the
glyph to be allocated by the ProcRenderCreateCursor() function which
will cause less memory to be allocated than expected, leading later
to dereferencing un-mapped memory, causing a crash of the X server.

CVE-2008-2362

Integer overflows can also occur in the code validating the parameters
for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient
and SProcRenderCreateConicalGradient functions, leading to memory
corruption by swapping bytes outside of the intended request
parameters.

For the stable distribution (etch), these problems have been fixed in version
2:1.1.1-21etch5.

For the unstable distribution (sid), these problems have been fixed in
version 2:1.4.1~git20080517-2.

We recommend that you upgrade your xorg-server package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : typo3
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian Bug : 485814

Several remote vulnerabilities have been discovered in the
TYPO3 content management framework.

Because of a not sufficiently secure default value of the TYPO3
configuration variable fileDenyPattern, authenticated backend users
could upload files that allowed to execute arbitrary code as the
webserver user.

User input processed by fe_adminlib.inc is not being properly filtered
to prevent Cross Site Scripting (XSS) attacks, which is exposed when
specific plugins are in use.

For the stable distribution (etch), these problems have been fixed in
version 4.0.2+debian-5.

For the unstable distribution (sid), these problems have been fixed in
version 4.1.7-1.

We recommend that you upgrade your typo3 package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : mt-daapd
Vulnerability : multiple vulnerabilities
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-5824 CVE-2007-5825 CVE-2008-1771
Debian Bug : 459961 476241

Three vulnerabilities have been discovered in the mt-daapd DAAP audio
server (also known as the Firefly Media Server). The Common
Vulnerabilities and Exposures project identifies the following three
problems:

CVE-2007-5824

Insufficient validation and bounds checking of the Authorization:
HTTP header enables a heap buffer overflow, potentially enabling
the execution of arbitrary code.

CVE-2007-5825

Format string vulnerabilities in debug logging within the
authentication of XML-RPC requests could enable the execution of
arbitrary code.

CVE-2008-1771

An integer overflow weakness in the handling of HTTP POST
variables could allow a heap buffer overflow and potentially
arbitrary code execution.

For the stable distribution (etch), these problems have been fixed in
version 0.2.4+r1376-1.1+etch1.

For the unstable distribution (sid), these problems have been fixed in
version 0.9~r1696-1.3.

We recommend that you upgrade your mt-daapd package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch