http://security.debian.org/ Debian-Sicherheitsankündigung 2017-06-20T19:56:12+00:00 https://www.debian.org/security/2017/dsa-3889 <p>libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, like for example the <q>stack clash</q> class of vulnerabilities discovered by Qualys Research Labs. For the full details, please refer to their advisory published at: <a href="https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt">https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt</a></p> 2017-06-19 https://www.debian.org/security/2017/dsa-3888 <p>The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. For the full details, please refer to their advisory published at: <a href="https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt">https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt</a></p> 2017-06-19 https://www.debian.org/security/2017/dsa-3887 <p>The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: <a href="https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt">https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt</a></p> 2017-06-19 https://www.debian.org/security/2017/dsa-3886 <p>Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.</p> 2017-06-19 https://www.debian.org/security/2017/dsa-3885 <p>Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems:</p> 2017-06-18 https://www.debian.org/security/2017/dsa-3884 <p>Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash (denial of service).</p> 2017-06-16 https://www.debian.org/security/2017/dsa-3883 <p>It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI (database) mode is vulnerable.</p> 2017-06-15 https://www.debian.org/security/2017/dsa-3882 <p>Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:</p> 2017-06-15 https://www.debian.org/security/2017/dsa-3881 <p>Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing.</p> 2017-06-14 https://www.debian.org/security/2017/dsa-3880 <p>It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure.</p> 2017-06-14 https://www.debian.org/security/2017/dsa-3879 <p>Multiple security vulnerabilities have been found in oSIP, a library implementing the Session Initiation Protocol, which might result in denial of service through malformed SIP messages.</p> 2017-06-13 https://www.debian.org/security/2017/dsa-3878 <p>Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed.</p> 2017-06-12 https://www.debian.org/security/2017/dsa-3877 <p>It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. A remote attacker can take advantage of this flaw to cause a hidden service to crash with an assertion failure (TROVE-2017-005).</p> 2017-06-10 https://www.debian.org/security/2017/dsa-3876 <p>Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges.</p> 2017-06-09 https://www.debian.org/security/2017/dsa-3875 <p>It was discovered that a buffer overflow in libmwaw, a library to open old Mac text documents might result in the execution of arbitrary code if a malformed document is opened.</p> 2017-06-09 https://www.debian.org/security/2017/dsa-3874 <p>Agostino Sarubbo and AromalUllas discovered that ettercap, a network security tool for traffic interception, contains vulnerabilities that allowed an attacker able to provide maliciously crafted filters to cause a denial-of-service via application crash.</p> 2017-06-09 https://www.debian.org/security/2017/dsa-3873 <p>The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value.</p> 2017-06-05 https://www.debian.org/security/2017/dsa-3872 <p>Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure.</p> 2017-06-01 https://www.debian.org/security/2017/dsa-3871 <p>It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption.</p> 2017-06-01 https://www.debian.org/security/2017/dsa-3870 <p>Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.</p> 2017-06-01 https://www.debian.org/security/2017/dsa-3869 <p>It was discovered that tnef, a tool used to unpack MIME attachments of type "application/ms-tnef", did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash.</p> 2017-06-01 https://www.debian.org/security/2017/dsa-3868 <p>Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend.</p> 2017-05-30 https://www.debian.org/security/2017/dsa-3867 <p>The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.</p> 2017-05-30 https://www.debian.org/security/2017/dsa-3866 <p>Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.</p> 2017-05-30 https://www.debian.org/security/2017/dsa-3865 <p>It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.</p> 2017-05-29 https://www.debian.org/security/2017/dsa-3864 <p>It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure.</p> 2017-05-27 https://www.debian.org/security/2017/dsa-3863 <p>This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.</p> 2017-05-25 https://www.debian.org/security/2017/dsa-3862 <p>It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code.</p> 2017-05-25 https://www.debian.org/security/2017/dsa-3861 <p>Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file.</p> 2017-05-24 https://www.debian.org/security/2017/dsa-3860 <p>steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it.</p> 2017-05-24