Debian Security Advisory 1588-1 - Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service.
7d370613a9637a5c92997661524dbca3c8c5f98f4be417a3dc5f5aa9a147b85c
Debian Security Advisory 1897-1 - Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver.
74849428a088e248caf5775fc100bbbb2aa65fc2d2b0257a92f72ae1150aacd1
Debian Security Advisory 1896-1 - Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x.
aa895d29e6e58c4f1d35c30cda5514401b810940ffab3fcebc057625f9b8d1f6
Debian Security Advisory 1895-1 - Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth. Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution). Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignores key usage constraints. This minor issue also needs a correction in the opensaml2 packages, which will be provided in an upcoming stable point release (and, before that, via stable-proposed-updates).
71456b05f7735fa8e830cae02f6d44efd6a7c08540df6c49cfbc6abb1b9847f7
Debian Security Advisory 1894-1 - Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to a buffer overflow in the content processing code, which can lead to the execution of arbitrary code.
96323d6582be083e70c7ddf004194f5155a8cf56bd6df2b1cad95f09f821ffb1
Debian Security Advisory 1893-1 - It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.
7cc84f9d81089816b231888b54423e78094c839d60a333567463949319d07201
Debian Security Advisory 1892-1 - It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
1e397e9152a659f46c090079c2cfa537c94c26a24228f0d5373aa8bb6b50bc9a
Debian Security Advisory 1891-1 - Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters.
26d0d2fd254bcd4648530949d77017afd8fb3135561a2783bc07f69c8c25a1f4
Debian Security Advisory 1890-1 - Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file.
ed775f49cb58cbce91017bb067a323a636d2226e812c374bf0745a565ce2f3d7
Debian Security Advisory 1889-1 - It was discovered that the ICU unicode library performed incorrect processing of invalid multibyte sequences, resulting in potential bypass of security mechanisms.
277aed8c3f2483c166a48f232c68ddb6bd9d03ddca2b3593d77879a6ee12254e
Debian Security Advisory 1888-1 - Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they're no longer considered cryptographically secure.
88d5f8e0192f0be8665ed90a45aa84ccb48c9ed00b752dea60a8068421209f01
Debian Security Advisory 1887-1 - Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper.
e9db881d48510c6e213b5d71a715500f7af077e97ce065212eede46bfda25193
Debian Security Advisory 1886-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
3eaefad0cc0c351f2dbd5cc7dce487b59196ec57f291512162c7b8ce6a016078
Debian Security Advisory 1885-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
80de2c0b557f6e5717d38ffd78c9467933d23a93d076c485051905d0e4998edf
Debian Security Advisory 1884-1 - Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.
1419e6a12847d769f87454f95d9dcca030059bae87b601f27e6e4beb3aa3d9ca
Debian Security Advisory 1883-2 - The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the 'host' variable. This update fixes the problem.
aea50dbf0f0cc940482bdf833e1a6968c13cf817e8c311dd451e904dd17e6204
Gentoo Linux Security Advisory GLSA 200909-12 - Multiple insecure calls to the sscanf() function in HTMLDOC might result in the execution of arbitrary code. ANTHRAX666 reported an insecure call to the sscanf() function in the set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian Security Team found two more insecure calls in the write_type1() function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in htmldoc/htmllib.cxx. Versions less than 1.8.27-r1 are affected.
880ab8ed72c53b68d1cb6961bd59140a3c52d0b87c9ae0304b7b6397ae2f4721
Debian Security Advisory 1878-2 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update corrects regressions introduced by the devscripts security update, DSA-1878-1.
3b1b40fb5fbd7b62d4ca8cadc1b1d71d6cbbcffcc47448316d4bc800398bd578
Debian Security Advisory 1883-1 - Several vulnerabilities have been found in nagios2, ahost/service/network monitoring and management system.
6e440b48d4c410923ccd6b7ef36e82228cf34cf35e1d2b938e5ae5944fed419e
Debian Security Advisory 1882-1 - It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website.
22225bc789297b6ae05b63cb9307569e0036a8f82d2fad3417050d3a1278810d
Debian Security Advisory 1881-1 - It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
4dbb891cf168c0f7a2bc7cccc3d456dab123abd15c3057dad702ee6c76058555
Debian Security Advisory DSA 1880-1 - Several vulnerabilities have been discovered in the OpenOffice.org office suite.
29d09b914cb9584b866faa18a74e4edaa0df13b895e27f21ce6be1454b4c8f67
Debian Security Advisory 1879-1 - Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services.
a579706ca3462dbced3ea936bf4e6108a3458c47e92f30831ef87990788d6e50
Debian Security Advisory 1878-1 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible.
0e5b49376f380b031a0382734cc1ecfa180e9025483df749a9270e25194e7209
Debian Security Advisory 1877-1 - In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.
c6595e9f744ae0389206fcafbac3f076fad7a798140df27ea637268e1d32af18
Debian Security Advisory 1876-1 - Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq.
36010b3ebf6aaa4e8d14eb64498f1cbf648f2ece54116457175bf93b46dcf33c