Debian Security Advisory

Package : asterisk
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0495
Debian Bug : 610487

Matthew Nicholson discovered a buffer overflow in the SIP channel driver
of Asterisk, an open source PBX and telephony toolkit, which could lead
to the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.4.21.2~dfsg-3+lenny2.

For the stable distribution (squeeze), this problem has been fixed in
version 1.6.2.9-2+squeeze1.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your asterisk packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : moodle
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-2795 CVE-2010-2796 CVE-2010-3690 CVE-2010-3691 CVE-2010-3692

Several vulnerabilties have been discovered in phpCAS, a CAS client
library for PHP. The Moodle course management system includes a copy
of phpCAS.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.8.13-3.

The stable distribution (squeeze) already contains a fixed version of
phpCAS.

The unstable distribution (sid) already contains a fixed version of
phpCAS.

We recommend that you upgrade your moodle packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : pam-pgsql
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
Debian Bug : 603436

It was discovered that pam-pgsql, a PAM module to authenticate using
a PostgreSQL database, was vulnerable to a buffer overflow in supplied
IP-addresses.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.6.3-2+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 0.7.1-4+squeeze1.

For the testing (wheezy) and unstable (sid) distributions, this problem
has been fixed in version 0.7.1-5.

We recommend that you upgrade your pam-pgsql packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : avahi
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1002
Debian Bug : 614785

It was discovered that avahi, an implementation of the zeroconf protocol,
can be crashed remotely by a single UDP packet, which may result in a
denial of service.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.6.23-3lenny3.

For the stable distribution (squeeze), this problem has been fixed in
version 0.6.27-2+squeeze1.

For the testing (wheezy) and unstable distribution (sid), this problem
has been fixed in version 0.6.28-4.

We recommend that you upgrade your avahi packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : pywebdav
Vulnerability : SQL injection
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0432

It was discovered that python-webdav, a WebDAV server implementation,
contains several SQL injection vulnerabilities in the processing of
user credentials.

The oldstable distribution (lenny) does not contain a python-webdav
package.

For the stable distribution (squeeze), this problem has been fixed in
version 0.9.4-1+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 0.9.4-3.

We recommend that you upgrade your python-webdav packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : pango1.0
Vulnerability : NULL pointer dereference
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0064

It was discovered that pango did not check for memory allocation
failures, causing a NULL pointer dereference with an adjustable
offset. This can lead to application crashes and potentially
arbitrary code execution.

The oldstable distribution (lenny) is not affected by this problem.

For the stable distribution (squeeze), this problem has been fixed in
version 1.28.3-1+squeeze2.

For the testing distribution (wheezy) and the unstable distribution (sid),
this problem will be fixed soon.

We recommend that you upgrade your pango1.0 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : iceape
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059

Several vulnerabilities have been found in the Iceape internet suite, an
unbranded version of Seamonkey:

CVE-2010-1585

Roberto Suggi Liverani discovered that the sanitising performed by
ParanoidFragmentSink was incomplete.

CVE-2011-0051

Zach Hoffmann discovered that incorrect parsing of recursive eval()
calls could lead to attackers forcing acceptance of a confirmation
dialogue.

CVE-2011-0053

Crashes in the layout engine may lead to the execution of arbitrary
code.

CVE-2011-0054

Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.

CVE-2010-0056

Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.

CVE-2011-0055

"regenrecht" and Igor Bukanov discovered a use-after-free error in the
JSON-Implementation, which could lead to the execution of arbitrary code.

CVE-2011-0057

Daniel Kozlowski discovered that incorrect memory handling the web workers
implementation could lead to the execution of arbitrary code.

CVE-2011-0059

Peleus Uhley discovered a cross-site request forgery risk in the plugin
code.

The oldstable distribution (lenny) is not affected. The iceape package only
provides the XPCOM code.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-3.

For the unstable distribution (sid), this problem has been fixed in
version 2.0.12-1.

We recommend that you upgrade your iceape packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : subversion
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0715

Philip Martin discovered that HTTP-based Subversion servers crash when
processing lock requests on repositories which support unauthenticated
read access.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.5.1dfsg1-6.

For the stable distribution (squeeze), this problem has been fixed in
version 1.6.12dfsg-5.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem will be fixed in version 1.6.16dfsg-1.

We recommend that you upgrade your subversion packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : logwatch
Vulnerability : shell command injection
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0715
Debian Bug : 615995

Dominik George discovered that logwatch does not guard against shell
meta-characters in crafted log file names (such as those produced by
Samba). As a result, an attacker might be able to execute shell
commands on the system running logwatch.

For the oldstable distribution (lenny), this problem has been fixed in
version 7.3.6.cvs20080702-2lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 7.3.6.cvs20090906-1squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 7.3.6.cvs20090906-2.

We recommend that you upgrade your logwatch packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : isc-dhcp
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0413
Debian Bug : 611217

It was discovered that the ISC DHCPv6 server does not correctly
process requests which come from unexpected source addresses, leading
to an assertion failure and a daemon crash.

The oldstable distribution (lenny) is not affected by this problem.

For the stable distribution (squeeze), this problem has been fixed in
version 4.1.1-P1-15+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 4.1.1-P1-16.

We recommend that you upgrade your isc-dhcp packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : proftpd-dfsg
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1137

It was discovered that an integer overflow in the SFTP file transfer
module of the ProFTPD daemon could lead to denial of service.

The oldstable distribution (lenny) is not affected.

For the stable distribution (squeeze), this problem has been fixed in
version 1.3.3a-6squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 1.3.3d-4.

We recommend that you upgrade your proftpd-dfsg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : iceweasel
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059

Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.

CVE-2010-1585

Roberto Suggi Liverani discovered that the sanitising performed by
ParanoidFragmentSink was incomplete.

CVE-2011-0053

Crashes in the layout engine may lead to the execution of arbitrary
code.

CVE-2011-0051

Zach Hoffmann discovered that incorrect parsing of recursive eval()
calls could lead to attackers forcing acceptance of a confirmation
dialogue.

CVE-2011-0054, CVE-2010-0056

Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.

CVE-2011-0055

"regenrecht" and Igor Bukanov discovered a use-after-free error in the
JSON-Implementation, which could lead to the execution of arbitrary code.

CVE-2011-0057

Daniel Kozlowski discovered that incorrect memory handling the web workers
implementation could lead to the execution of arbitrary code.

CVE-2011-0059

Peleus Uhley discovered a cross-site request forgery risk in the plugin
code.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.9.0.19-8 of the xulrunner source package.

For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-5.

For the unstable distribution (sid), this problem has been fixed in
version 3.5.17-1.

We recommend that you upgrade your iceweasel packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : icedove
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059

Several vulnerabilities have been discovered in Icedove, an unbranded
version of the Thunderbird mail/news client.

CVE-2010-1585

Roberto Suggi Liverani discovered that the sanitising performed by
ParanoidFragmentSink was incomplete.

CVE-2011-0053

Crashes in the layout engine may lead to the execution of arbitrary
code.

CVE-2011-0051

Zach Hoffmann discovered that incorrect parsing of recursive eval()
calls could lead to attackers forcing acceptance of a confirmation
dialogue.

CVE-2011-0054, CVE-2010-0056

Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.

CVE-2011-0055

"regenrecht" and Igor Bukanov discovered a use-after-free error in the
JSON-Implementation, which could lead to the execution of arbitrary code.

CVE-2011-0057

Daniel Kozlowski discovered that incorrect memory handling the web workers
implementation could lead to the execution of arbitrary code.

CVE-2011-0059

Peleus Uhley discovered a cross-site request forgery risk in the plugin
code.

As indicated in the Lenny (oldstable) release notes, security support for
the Icedove packages in the oldstable needed to be stopped before the end
of the regular Lenny security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a different
mail client.

For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 3.0.11-2.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : webkit
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-1783 CVE-2010-2901 CVE-2010-4199 CVE-2010-4040 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2010-0474 CVE-2011-0482 CVE-2011-0778

Several vulnerabilities have been discovered in webkit, a Web content engine
library for Gtk+. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2010-1783

WebKit does not properly handle dynamic modification of a
text node, which allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption and application crash) via a
crafted HTML document.

CVE-2010-2901

The rendering implementation in WebKit allows
remote attackers to cause a denial of service (memory corruption) or possibly
have unspecified other impact via unknown vectors.

CVE-2010-4199

WebKit does not properly perform a cast of an
unspecified variable during processing of an SVG use element, which allows
remote attackers to cause a denial of service or possibly have unspecified
other impact via a crafted SVG document.

CVE-2010-4040

WebKit does not properly handle animated GIF images,
which allows remote attackers to cause a denial of service (memory corruption)
or possibly have unspecified other impact via a crafted image.

CVE-2010-4492

Use-after-free vulnerability in WebKit allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors involving SVG animations.

CVE-2010-4493

Use-after-free vulnerability in Webkit allows remote attackers to cause a
denial of service via vectors related to the handling of mouse dragging events

CVE-2010-4577

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in
WebKit does not properly parse Cascading Style Sheets (CSS) token sequences,
which allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted local font, related to "Type Confusion."

CVE-2010-4578

WebKit does not properly perform cursor handling, which allows remote
attackers to cause a denial of service or possibly have unspecified other
impact via unknown vectors that lead to "stale pointers."

CVE-2011-0482

WebKit does not properly perform a cast of an unspecified variable during
handling of anchors, which allows remote attackers to cause a denial of
service or possibly have unspecified other impact via a crafted HTML document

CVE-2011-0778

WebKit does not properly restrict drag and drop operations, which might allow
remote attackers to bypass the Same Origin Policy via unspecified vectors.

For the stable distribution (squeeze), these problems have been fixed
in version 1.2.7-0+squeeze1

For the testing distribution (wheezy), and the unstable distribution (sid),
these problems have been fixed in version 1.2.7-1

Security support for WebKit has been discontinued for the oldstable
distribution (lenny).
The current version in oldstable is not supported by upstream anymore
and is affected by several security issues. Backporting fixes for these
and any future issues has become unfeasible and therefore we need to
drop our security support for the version in oldstable.

We recommend that you upgrade your webkit packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : chromium-browser
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1108 CVE-2011-1109 CVE-2011-1113 CVE-2011-1114 CVE-2011-1115 CVE-2011-1121 CVE-2011-1122

Several vulnerabilities were discovered in the Chromium browser.
The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2011-1108

Google Chrome before 9.0.597.107 does not properly implement JavaScript
dialogs, which allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted
HTML document.

CVE-2011-1109

Google Chrome before 9.0.597.107 does not properly process nodes in Cascading
Style Sheets (CSS) stylesheets, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via unknown
vectors that lead to a "stale pointer."

CVE-2011-1113

Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly
perform pickle deserialization, which allows remote attackers to cause a
denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-1114

Google Chrome before 9.0.597.107 does not properly handle tables, which allows
remote attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors that lead to a "stale node."

CVE-2011-1115

Google Chrome before 9.0.597.107 does not properly render tables, which allows
remote attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-1121

Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers
to cause a denial of service or possibly have unspecified other impact via
vectors involving a TEXTAREA element.

CVE-2011-1122

The WebGL implementation in Google Chrome before 9.0.597.107 allows remote
attackers to cause a denial of service (out-of-bounds read) via unspecified
vectors, aka Issue 71960.

In addition, this upload fixes the following issues (they don't have a CVE id yet):

Out-of-bounds read in text searching [69640]
Memory corruption in SVG fonts. [72134]
Memory corruption with counter nodes. [69628]
Stale node in box layout. [70027]
Cross-origin error message leak with workers. [70336]
Stale pointer in table painting. [72028]
Stale pointer with SVG cursors. [73746]

For the stable distribution (squeeze), these problems have been fixed
in version 6.0.472.63~r59945-5+squeeze3

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed
version 10.0.648.127~r76697-1

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : wordpress
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0700 CVE-2011-0701

Two XSS bugs and one potential information disclosure issue were discovered
in wordpress, a weblog manager.
The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2011-0700

Input passed via the post title when performing a "Quick Edit" or "Bulk Edit"
action and via the "post_status", "comment_status", and "ping_status"
parameters is not properly sanitised before being used.
Certain input passed via tags in the tags meta-box is not properly sanitised
before being returned to the user.

CVE-2011-0701

Wordpress incorrectly enforces user access restrictions when accessing posts
via the media uploader and can be exploited to disclose the contents
of e.g. private or draft posts.

The oldstable distribution (lenny) is not affected by these problems.

For the stable distribution (squeeze), these problems have been fixed in
version 3.0.5+dfsg-0+squeeze1

For the testing distribution (wheezy), and the unstable distribution (sid),
these problems have been fixed in version 3.0.5+dfsg-1

We recommend that you upgrade your wordpress packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : proftpd-dfsg
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-7265 CVE-2010-3867 CVE-2010-4652

Several vulnerabilities have been discovered in ProFTPD, a versatile,
virtual-hosting FTP daemon:

CVE-2008-7265

Incorrect handling of the ABOR command could lead to
denial of service through elevated CPU consumption.

CVE-2010-3867

Several directory traversal vulnerabilities have been
discovered in the mod_site_misc module.

CVE-2010-4562

A SQL injection vulnerability was discovered in the
mod_sql module.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny6.

The stable distribution (squeeze) and the unstable distribution (sid)
are not affected, these vulnerabilities have been fixed prior to the
release of Debian 6.0 (squeeze).

We recommend that you upgrade your proftpd-dfsg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : chromium-browser
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0779 CVE-2011-1290

Several vulnerabilities were discovered in the Chromium browser.
The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2011-0779

Google Chrome before 9.0.597.84 does not properly handle a missing key in an
extension, which allows remote attackers to cause a denial of service
(application crash) via a crafted extension.

CVE-2011-1290

Integer overflow in WebKit allows remote attackers to execute arbitrary code
via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and
Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

For the stable distribution (squeeze), these problems have been fixed
in version 6.0.472.63~r59945-5+squeeze4

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed
version 10.0.648.133~r77742-1

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

ackage : libcgroup
Vulnerability : several
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-1006 CVE-2011-1022
Debian Bug : 615987

Several issues have been discovered in libcgroup, a library to control
and monitor control groups:

CVE-2011-1006

Heap-based buffer overflow by converting list of controllers for
given task into an array of strings could lead to privilege
escalation by a local attacker.

CVE-2011-1022

libcgroup did not properly check the origin of Netlink messages,
allowing a local attacker to send crafted Netlink messages which
could lead to privilege escalation.

The oldstable distribution (lenny) does not contain libgroup packages.

For the stable distribution (squeeze), this problem has been fixed in
version 0.36.2-3+squeeze1.

For the testing distribution (wheezy) and unstable distribution (sid),
this problem will be fixed soon.

We recommend that you upgrade your libcgroup packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Package : libvirt
Vulnerability : insufficient checks
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-1146
Debian Bug : 617773

It was discovered that libvirt, a library for interfacing with different
virtualization systems, did not properly check for read-only connections.
This allowed a local attacker to perform a denial of service (crash) or
possibly escalate privileges.

The oldstable distribution (lenny) is not affected by this problem.

For the stable distribution (squeeze), this problem has been fixed in
version 0.8.3-5+squeeze1.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.8-3.

We recommend that you upgrade your libvirt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/