MAJs de securité

Bonjour,

Avec un peu de retard, 5 mises à jour du 15 et une du 17 mars :

[quote]Package : firebird2.1
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2492
Debian Bug : 702735

A buffer overflow was discovered in the Firebird database server, which
could result in the execution of arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in
version 2.1.3.18185-0.ds1-11+squeeze1.

For the testing distribution (wheezy), firebird2.1 will be removed in
favour of firebird2.5.

For the unstable distribution (sid), firebird2.1 will be removed in
favour of firebird2.5.

We recommend that you upgrade your firebird2.1 packages.[/quote]

[quote]Package : firebird2.5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-5529 CVE-2013-2492

A buffer overflow was discovered in the Firebird database server, which
could result in the execution of arbitrary code. In addition, a denial
of service vulnerability was discovered in the TraceManager.

For the stable distribution (squeeze), these problems have been fixed in
version 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your firebird2.5 packages.[/quote]

[quote]Package : typo3-src
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1842 CVE-2013-1843
Debian Bug : 702574

Typo3, a PHP-based content management system, was found vulnerable to several vulnerabilities.

CVE-2013-1842

Helmut Hummel and Markus Opahle discovered that the Extbase database layer
was not correctly sanitizing user input when using the Query object model.
This can lead to SQL injection by a malicious user inputing crafted
relation values.

CVE-2013-1843

Missing user input validation in the access tracking mechanism could lead
to arbitrary URL redirection.
.
Note: the fix will break already published links. Upstream advisory on
[typo3.org/teams/security/securit ... -2013-001/](http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/)
has more information on how to mitigate that.

For the stable distribution (squeeze), these problems have been fixed in
version 4.3.9+dfsg1-1+squeeze8.

For the testing distribution (wheezy), these problems have been fixed in
version 4.5.19+dfsg1-5.

For the unstable distribution (sid), these problems have been fixed in
version 4.5.19+dfsg1-5.

We recommend that you upgrade your typo3-src packages.[/quote]

[quote]Package : lighttpd
Vulnerability : fixed socket name in world-writable directory
Problem type : local
Debian-specific: yes
CVE ID : CVE-2013-1427
Debian Bug :

Stefan Bühler discovered that the Debian specific configuration file for
lighttpd webserver FastCGI PHP support used a fixed socket name in the
world-writable /tmp directory. A symlink attack or a race condition could be
exploited by a malicious user on the same machine to take over the PHP control
socket and for example force the webserver to use a different PHP version.

As the fix is in a configuration file lying in /etc, the update won’t be
enforced if the file has been modified by the administrator. In that case, care
should be taken to manually apply the fix.

For the stable distribution (squeeze), this problem has been fixed in
version 1.4.28-2+squeeze1.3.

For the testing distribution (wheezy), this problem has been fixed in
version 1.4.31-4.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.31-4.

We recommend that you upgrade your lighttpd packages.[/quote]

[quote]Package : libvirt-bin
Vulnerability : files and device nodes ownership change to kvm group
Problem type : local
Debian-specific: yes
CVE ID : CVE-2013-1766
Debian Bug : 701649

Bastian Blank discovered that libvirtd, a daemon for management of virtual
machines, network and storage, would change ownership of devices files so they
would be owned by user libvirt-qemu and group kvm, which is a general
purpose group not specific to libvirt, allowing unintended write access to
those devices and files for the kvm group members.

For the stable distribution (squeeze), this problem has been fixed in
version 0.8.3-5+squeeze4.

For the testing distribution (wheezy), this problem has been fixed in
version 0.9.12-11.

For the unstable distribution (sid), this problem has been fixed in
version 0.9.12-11.

We recommend that you upgrade your libvirt-bin packages.[/quote]

[quote]Package : libvirt
Vulnerability : files and device nodes ownership change to kvm group
Problem type : local
Debian-specific: yes
CVE ID : CVE-2013-1766
Debian Bug : 701649

The recent security update for libvirt was found to cause a regression.
The kvm/qemu processes weren’t run as the kvm user anymore in order to
fix the file/device ownership changes, but the processes where not
correctly configured to use the kvm group either. When the user would
try to run a virtual machine, the process was denied access to the
/dev/kvm device node, preventing the virtual machine to run.

For the stable distribution (squeeze), this problem has been fixed in
version 0.8.3-5+squeeze5.

We recommend that you upgrade your libvirt packages.[/quote]

Usti

Bonjour,

2 mises à jour de sécurité du 20 mars :

[quote]Package : libapache2-mod-perl2
Debian Bug : 702821

The security fix applied to the perl package due to CVE-2013-1667
introduced a test failure in libapache2-mod-perl2 source package
specific to the rehash mechanism in Perl. See Debian Bug #702821 for
details. This update fixes that problem. For reference, the original
advisory text for perl follows.

Yves Orton discovered a flaw in the rehashing code of Perl. This flaw
could be exploited to carry out a denial of service attack against code
that uses arbitrary user input as hash keys. Specifically an attacker
could create a set of keys of a hash causing a denial of service via
memory exhaustion.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.4-7+squeeze1.

For the testing distribution (wheezy) this problem has been fixed in
version 2.0.7-3.

For the unstable distribution (sid), this problem has been fixed in
version 2.0.7-3.[/quote]

[quote]Package : smokeping
Vulnerability : cross-site scripting vulnerability
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0790
Debian Bug : 659899

A cross-site scripting vulnerability was discovered in smokeping, a
latency logging and graphing system. Input passed to the "displaymode"
parameter was not properly sanitized. An attacker could use this flaw to
execute arbitrary HTML and script code in a user’s browser session in
the context of an affected site.

For the stable distribution (squeeze), this problem has been fixed in
version 2.3.6-5+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 2.6.7-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.7-1.

We recommend that you upgrade your smokeping packages.[/quote]

Usti

Bonjour,

Une mise à jour de sécurité :

[quote]Package : libxml2
Vulnerability : external entity expansion
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-0338 CVE-2013-0339
Debian Bug : 702260

Brad Hill of iSEC Partners discovered that many XML implementations are
vulnerable to external entity expansion issues, which can be used for
various purposes such as firewall circumvention, disguising an IP
address, and denial-of-service. libxml2 was susceptible to these
problems when performing string substitution during entity expansion.

For the stable distribution (squeeze), these problems have been fixed in
version 2.7.8.dfsg-2+squeeze7.

For the testing (wheezy) and unstable (sid) distributions, these problems
have been fixed in version 2.8.0+dfsg1-7+nmu1.

We recommend that you upgrade your libxml2 packages.[/quote]

Usti

Bonjour,

Une mise à jour de sécurité parue hier soir :

[quote]Package : icinga
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-6096
Debian Bug : 697931

It was discovered that Icinga, a host and network monitoring system,
contains several buffer overflows in the history.cgi CGI program.

For the stable distribution (squeeze), this problem has been fixed in
version 1.0.2-2+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 1.7.1-5.

For the unstable distribution (sid), this problem has been fixed in
version 1.7.1-5.

We recommend that you upgrade your icinga packages.[/quote]

Usti

Bonsoir,

Une mise à jour de sécurité :

[quote]Package : rails
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2932 CVE-2012-3464 CVE-2012-3465 CVE-2013-1854
CVE-2013-1855 CVE-2013-1857

Several cross-site-scripting and denial of service vulnerabilities were
discovered in Ruby on Rails, a Ruby framework for web application
development.

For the stable distribution (squeeze), these problems have been fixed in
version 2.3.5-1.2+squeeze8.

For the testing distribution (wheezy) and the unstable distribution (sid),
these problems have been fixed in the version 3.2.6-5 of
ruby-activerecord-3.2, version 2.3.14-6 of ruby-activerecord-2.3,
version 2.3.14-7 of ruby-activesupport-2.3, version 3.2.6-6 of
ruby-actionpack-3.2 and in version 2.3.14-5 of ruby-actionpack-2.3.

We recommend that you upgrade your rails packages.[/quote]

Usti

Bonjour,

J’ai pris un peu de retard, il y a 4 mises à jour de sécurité depuis le 30/03 dernier :

[quote]Package : bind9
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2266
Debian Bug : 704174

Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is
prone to a denial of service vulnerability. A remote attacker could use
this flaw to send a specially-crafted DNS query to named that, when
processed, would cause named to use an excessive amount of memory, or
possibly crash.

For the stable distribution (squeeze), this problem has been fixed in
version 1:9.7.3.dfsg-1~squeeze10.

For the testing distribution (wheezy), this problem has been fixed in
version 1:9.8.4.dfsg.P1-6+nmu1.

For the unstable distribution (sid), this problem has been fixed in
version 1:9.8.4.dfsg.P1-6+nmu1.

We recommend that you upgrade your bind9 packages.[/quote]

[quote]Package : libxslt
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-6139
Debian Bug : 703933

Nicolas Gregoire discovered that libxslt, an XSLT processing runtime
library, is prone to denial of service vulnerabilities via crafted xsl
stylesheets.

For the stable distribution (squeeze), this problem has been fixed in
version 1.1.26-6+squeeze3.

For the testing distribution (wheezy), this problem has been fixed in
version 1.1.26-14.1.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.26-14.1.

We recommend that you upgrade your libxslt packages.[/quote]

[quote]Package : postgresql-8.4
Vulnerability : guessable random numbers
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1900

A vulnerability was discovered in PostgreSQL database server. Random numbers
generated by contrib/pgcrypto functions may be easy for another database user
to guess.

For the stable distribution (squeeze), this problem has been fixed in
version 8.4.17-0squeeze1.

For the testing (wheezy) and unstable distribution (sid), postgresql-8.4
packages have been removed; in those, this problem has been fixed in
postgresql-9.1 9.1.9-0wheezy1 (wheezy), and 9.1.9-1 (sid) respectively.

NOTE: postgresql-8.4 in Squeeze is not affected by CVE-2013-1899 (database
files corruption) and CVE-2013-1901 (unprivileged user can interfere with
in-progress backups).

We recommend that you upgrade your postgresql-8.4 packages.[/quote]

[quote]Package : postgresql-9.1
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1899 CVE-2013-1900 CVE-2013-1901
Debian Bug : 704479

Several vulnerabilities were discovered in PostgreSQL database server.

CVE-2013-1899

Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center
discovered that it was possible for a connection request containing a
database name that begins with "-" to be crafted that can damage or destroy
files within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request.

CVE-2013-1900

Random numbers generated by contrib/pgcrypto functions may be easy for
another database user to guess.

CVE-2013-1901

An unprivileged user could run commands that could interfere with
in-progress backups

For the stable distribution (squeeze), postgresql-9.1 is not available.
DSA-2657-1 has been released for CVE-2013-1900 affecting posgresql-8.4.

For the testing distribution (wheezy), these problems have been fixed in
version 9.1.9-0wheezy1.

For the unstable distribution (sid), these problems have been fixed in
version 9.1.9-1.

We recommend that you upgrade your postgresql-9.1 packages.[/quote]

Usti

Bonjour,

Une mise à jour de sécurité d’hier :

[quote]Package : libapache-mod-security
Vulnerability : XML external entity processing vulnerability
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1915
Debian Bug : 704625

Timur Yunusov and Alexey Osipov from Positive Technologies discovered
that the XML files parser of ModSecurity, an Apache module whose purpose
is to tighten the Web application security, is vulnerable to XML
external entities attacks. A specially-crafted XML file provided by a
remote attacker, could lead to local file disclosure or excessive
resources (CPU, memory) consumption when processed.

This update introduces a SecXmlExternalEntity option which is ‘Off’ by
default. This will disable the ability of libxml2 to load external
entities.

For the stable distribution (squeeze), this problem has been fixed in
version 2.5.12-1+squeeze2.

For the testing distribution (wheezy), this problem has been fixed in
version 2.6.6-6 of the modsecurity-apache package.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.6-6 of the modsecurity-package package.

We recommend that you upgrade your libapache-mod-security packages.[/quote]

Usti

Bonjour,

Une mise à jour de sécurité :

[quote]Package : xorg-server
Vulnerability : information disclosure
Problem type : local
Debian-specific: no
CVE ID : CVE-2013-1940

David Airlie and Peter Hutterer of Red Hat discovered that xorg-server,
the Xorg X server was vulnerable to an information disclosure flaw
related to input handling and devices hotplug.

When an X server is running but not on front (for example because of a VT
switch), a newly plugged input device would still be recognized and
handled by the X server, which would actually transmit input events to
its clients on the background.

This could allow an attacker to recover some input events not intended
for the X clients, including sensitive information.

For the stable distribution (squeeze), this problem has been fixed in
version 2:1.7.7-16.

For the testing distribution (wheezy), this problem has been fixed in
version 2:1.12.4-6.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.12.4-6.

We recommend that you upgrade your xorg-server packages.[/quote]

Usti

Bonjour,

Une mise à jour de sécurité :

[quote]Package : curl
Vulnerability : exposure of sensitive information
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1944
Debian Bug : 705274

Yamada Yasuharu discovered that cURL, an URL transfer library, is
vulnerable to expose potentially sensitive information when doing
requests across domains with matching tails. Due to a bug in the
tailmatch function when matching domain names, it was possible that
cookies set for a domain ‘ample.com’ could accidentally also be sent
by libcurl when communicating with ‘example.com’.

Both curl the command line tool and applications using the libcurl
library are vulnerable.

For the stable distribution (squeeze), this problem has been fixed in
version 7.21.0-2.1+squeeze3.

For the testing distribution (wheezy), this problem has been fixed in
version 7.26.0-1+wheezy2.

For the unstable distribution (sid), this problem has been fixed in
version 7.29.0-2.1.

We recommend that you upgrade your curl packages.[/quote]

Usti

Bonjour,

Une nouvelle mise à jour de sécurité :

[quote]Package : tinc
Vulnerability : stack based buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1428

Martin Schobert discovered a stack-based vulnerability in tinc, a virtual
private network daemon.

When packets are forwarded via TCP, packet length is not checked against
the stack buffer length. Authenticated peers could use this to crash the
tinc daemon and maybe execute arbitrary code.

Note that on Wheezy and Sid, tinc is built using hardening flags and
especially stack smashing protection, which should help protect against
arbitrary code execution.

For the stable distribution (squeeze), this problem has been fixed in
version 1.0.13-1+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 1.0.19-3.

For the unstable distribution (sid), this problem has been fixed in
version 1.0.19-3.

We recommend that you upgrade your tinc packages.[/quote]

Usti

Bonjour,

Une mise à jour de sécurité :

[quote]Package : strongswan
Vulnerability : authentication bypass
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2944

Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN
solution.

When using the openssl plugin for ECDSA based authentication, an empty, zeroed
or otherwise invalid signature is handled as a legitimate one. An attacker
could use a forged signature to authenticate like a legitimate user and gain
access to the VPN (and everything protected by this).

While the issue looks like CVE-2012-2388 (RSA signature based authentication
bypass), it is unrelated.

For the stable distribution (squeeze), this problem has been fixed in
version 4.4.1-5.3.

For the testing distribution (wheezy), this problem has been fixed in
version 4.5.2-1.5+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 4.6.4-7.

We recommend that you upgrade your strongswan packages.[/quote]

Bonsoir,

Une mise à jour de sécurité :

[quote]Package : stunnel4
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1762
Debian Bug : 702267

Stunnel, a program designed to work as an universal SSL tunnel for
network daemons, is prone to a buffer overflow vulnerability when using
the Microsoft NT LAN Manager (NTLM) authentication
(“protocolAuthentication = NTLM”) together with the ‘connect’ protocol
method (“protocol = connect”). With these prerequisites and using
stunnel4 in SSL client mode (“client = yes”) on a 64bit host, an attacker
could possibly execute arbitrary code with the privileges of the stunnel
process, if the attacker can either control the specified proxy server or
perform man-in-the-middle attacks on the tcp session between stunnel and
the proxy sever.

Note that for the testing distribution (wheezy) and the unstable
distribution (sid), stunnel4 is compiled with stack smashing protection
enabled, which should help protect against arbitrary code execution.

For the stable distribution (squeeze), this problem has been fixed in
version 3:4.29-1+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 3:4.53-1.1.

For the unstable distribution (sid), this problem has been fixed in
version 3:4.53-1.1.

We recommend that you upgrade your stunnel4 packages.[/quote]

Usti

Bonsoir,

Une mise à jour de sécurité :

[quote]Package : xen
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1918 CVE-2013-1952 CVE-2013-1964

Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2013-1918 (XSA 45) Several long latency operations are not preemptible

Some page table manipulation operations for PV guests were not made
preemptible, allowing a malicious or buggy PV guest kernel to mount a
denial of service attack affecting the whole system.

CVE-2013-1952 (XSA 49) VT-d interrupt remapping source validation flaw for bridges

Due to missing source validation on interrupt remapping table
entries for MSI interrupts set up by bridge devices, a malicious
domain with access to such a device, can mount a denial of service
attack affecting the whole system.

CVE-2013-1964 (XSA 50) grant table hypercall acquire/release imbalance

When releasing a particular, non-transitive grant after doing a grant
copy operation Xen incorrectly releases an unrelated grant
reference, leading possibly to a crash of the host system.
Furthermore information leakage or privilege escalation cannot be
ruled out.

For the oldstable distribution (squeeze), these problems have been fixed in
version 4.0.1-5.11.

For the stable distribution (wheezy), these problems have been fixed in
version 4.1.4-3+deb7u1.

For the testing distribution (jessie), these problems have been fixed in
version 4.1.4-4.

For the unstable distribution (sid), these problems have been fixed in
version 4.1.4-4.

Note that for the stable (wheezy), testing and unstable distribution,
CVE-2013-1964 (XSA 50) was already fixed in version 4.1.4-3.

We recommend that you upgrade your xen packages.[/quote]

Usti

Bonjour,

J’étais pas bien réveillé hier soir, il y avait une seconde mise à jour :

[quote]Package : mysql-5.5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1502 CVE-2013-1511 CVE-2013-1532 CVE-2013-1544
CVE-2013-2375 CVE-2013-2376 CVE-2013-2389 CVE-2013-2391
CVE-2013-2392

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to a new upstream
version, 5.5.31, which includes additional changes, such as performance
improvements and corrections for data loss defects.

For the stable distribution (wheezy), these problems have been fixed in
version 5.5.31+dfsg-0+wheezy1.

For the unstable distribution (sid), these problems have been fixed in
version 5.5.31+dfsg-1.

We recommend that you upgrade your mysql-5.5 packages.[/quote]

Usti

Salut,
Bon aller, histoire de te couper un peu l’herbe sous le pied…

[quote]Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
…
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation.[/quote]

Debian Security Advisory DSA-2668-1

Pas de lien, c’est pas encore sur debian.org/security/2013/

PS; QUI tourne encore sous 2.6 ?

Edit: Le lien… debian.org/security/2013/dsa-2668

Et la faille est valable aussi pour le kernel 3.2 de wheezy, je viens de tester, on passe root

$gcc -O2 exploit.c -o exploit
$ ./exploit 
2.6.37-3.x x86_64
sd@fucksheep.org 2010
# id
uid=0(root) gid=0(root) groupes=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),105(scanner),110(bluetooth),112(netdev),1000(duke)
# uname -a
Linux Hades 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux

Bonjour,

Une nouvelle alerte de sécurité :

[quote]Package : linux
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979
CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222
CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234
CVE-2013-3235 CVE-2013-3301

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2013-0160

vladz reported a timing leak with the /dev/ptmx character device. A local
user could use this to determine sensitive information such as password
length.

CVE-2013-1796

Andrew Honig of Google reported an issue in the KVM subsystem. A user in
a guest operating system could corrupt kernel memory, resulting in a
denial of service.

CVE-2013-1929

Oded Horovitz and Brad Spengler reported an issue in the device driver for
Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach
untrusted devices can create an overflow condition, resulting in a denial
of service or elevated privileges.

CVE-2013-1979

Andy Lutomirski reported an issue in the socket level control message
processing subsystem. Local users maybe able to gain eleveated privileges.

CVE-2013-2015

Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local
users with the ability to mount a specially crafted filesystem can cause
a denial of service (infinite loop).

CVE-2013-2094

Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds
access vulnerability allows local users to gain elevated privileges.

CVE-2013-3076

Mathias Krauss discovered an issue in the userspace interface for hash
algorithms. Local users can gain access to sensitive kernel memory.

CVE-2013-3222

Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM)
protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3223

Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol
support. Local users can gain access to sensitive kernel memory.

CVE-2013-3224

Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users
can gain access to sensitive kernel memory.

CVE-2013-3225

Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol
support. Local users can gain access to sensitive kernel memory.

CVE-2013-3227

Mathias Krauss discovered an issue in the Communication CPU to Application
CPU Interface (CAIF). Local users can gain access to sensitive kernel
memory.

CVE-2013-3228

Mathias Krauss discovered an issue in the IrDA (infrared) subsystem
support. Local users can gain access to sensitive kernel memory.

CVE-2013-3229

Mathias Krauss discovered an issue in the IUCV support on s390 systems.
Local users can gain access to sensitive kernel memory.

CVE-2013-3231

Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2
protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3234

Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose)
protocol support. Local users can gain access to sensitive kernel memory.

CVE-2013-3235

Mathias Krauss discovered an issue in the Transparent Inter Process
Communication (TIPC) protocol support. Local users can gain access to
sensitive kernel memory.

CVE-2013-3301

Namhyung Kim reported an issue in the tracing subsystem. A privileged
local user could cause a denial of service (system crash). This
vulnerabililty is not applicable to Debian systems by default.

For the stable distribution (wheezy), this problem has been fixed in version
3.2.41-2+deb7u1.

Note: Updates are currently available for the amd64, i386, ia64, s390, s390x
and sparc architectures. Updates for the remaining architectures will be
released as they become available.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

                                         Debian 7.0 (wheezy)
 user-mode-linux                         3.2-2um-1+deb7u1

We recommend that you upgrade your linux and user-mode-linux packages.[/quote]

Usti

Bonjour,

3 mises à jour de sécurité hier :
[ul][li]DSA-2670 request-tracker3.8 - several vulnerabilities[/li]
[li]DSA-2671 request-tracker4[/li]
[li]DSA-2672 kfreebsd-9[/li][/ul]

Usti

Bonjour,

Des vulnérabilités ont été découvertes sur les clients X.org, il y a 20 alertes sur la liste debian-security, qui ne sont pas relayées sur le site.

Apparemment seule Wheezy est touchée, donc à vos apt-get/aptitude !

Usti

Non, Squeeze est aussi affectée.