Bug#825419: fixes in security/2014/
Package: www.debian.org
Severity: wishlist
Tags: patch
--
summary:
dla:
dla-81,97,107,118:typo
dla-114: duped: interprets interprets
dla-115.data: added bug#
dla-116: this is for ntp
dla-91: link to 2015/
refers rejected CVE-2012-3439:
use following instead: CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887
dsa:
dsa-3112: s/dicover/discover/
dsa-3060: p:s|i/o|I/O|, s/sctp/SCTP/g, s/rip/RIP/
dsa-3066,3067: s/qemu/QEMU/
dsa-3074,3107: apply -2(regression)
dsa-3050: apply -2, -3
--
victory
no need to CC me :-)
Index: english/security/2014/dla-81.wml
===================================================================
--- english/security/2014/dla-81.wml (revision 206)
+++ english/security/2014/dla-81.wml (working copy)
@@ -32,7 +32,7 @@
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.</p>
- <p>Note that the package is Debian is not build with this option.</p></li>
+ <p>Note that the package in Debian is not built with this option.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3569";>CVE-2014-3569</a>
@@ -40,7 +40,7 @@
Hello is received the ssl method would be set to NULL which could
later result in a NULL pointer dereference.</p>
- <p>Note that the package is Debian is not build with this option.</p></li>
+ <p>Note that the package in Debian is not built with this option.</p></li>
</ul>
Index: english/security/2014/dla-91.data
===================================================================
--- english/security/2014/dla-91.data (revision 206)
+++ english/security/2014/dla-91.data (working copy)
@@ -1,6 +1,6 @@
<define-tag pagetitle>DLA-91-1 tomcat6</define-tag>
<define-tag report_date>2014-11-23</define-tag>
-<define-tag secrefs>CVE-2012-3439 CVE-2013-1571 CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 Bug#299635 Bug#608286 Bug#654136 Bug#659748 Bug#664072 Bug#665393 Bug#666256 Bug#668761</define-tag>
+<define-tag secrefs>CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 CVE-2013-1571 CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 Bug#299635 Bug#608286 Bug#654136 Bug#659748 Bug#664072 Bug#665393 Bug#666256 Bug#668761</define-tag>
<define-tag packages>tomcat6</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
Index: english/security/2014/dla-91.wml
===================================================================
--- english/security/2014/dla-91.wml (revision 206)
+++ english/security/2014/dla-91.wml (working copy)
@@ -1,5 +1,8 @@
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
+<p>This advisory has been superseded by <a href="../2015/dla-91">DLA-91-2</a>.
+For reference, the original advisory text follows.</p>
+
<p>This is an upgrade from tomcat 6.0.35 (the version previously available
in squeeze) to 6.0.41, the full list of changes between these versions
can be see in the upstream changelog, which is available online at
@@ -32,7 +35,9 @@
<p>Avoid <a href="https://security-tracker.debian.org/tracker/CVE-2013-1571";>CVE-2013-1571</a> when generating Javadoc.</p></li>
-<li><a href="https://security-tracker.debian.org/tracker/CVE-2012-3439";>CVE-2012-3439</a>
+<li><a href="https://security-tracker.debian.org/tracker/CVE-2012-5885";>CVE-2012-5885</a>,
+<a href="https://security-tracker.debian.org/tracker/CVE-2012-5886";>CVE-2012-5886</a>,
+<a href="https://security-tracker.debian.org/tracker/CVE-2012-5887";>CVE-2012-5887</a>
<p>Various improvements to the DIGEST authenticator.</p></li>
Index: english/security/2014/dla-97.wml
===================================================================
--- english/security/2014/dla-97.wml (revision 206)
+++ english/security/2014/dla-97.wml (working copy)
@@ -21,7 +21,7 @@
<p>The function wordexp() fails to properly handle the WRDE_NOCMD
flag when processing arithmetic inputs in the form of "$((... ``))"
where "..." can be anything valid. The backticks in the arithmetic
- epxression are evaluated by in a shell even if WRDE_NOCMD forbade
+ expression are evaluated by in a shell even if WRDE_NOCMD forbade
command substitution. This allows an attacker to attempt to pass
dangerous commands via constructs of the above form, and bypass
the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
Index: english/security/2014/dla-107.wml
===================================================================
--- english/security/2014/dla-107.wml (revision 206)
+++ english/security/2014/dla-107.wml (working copy)
@@ -4,7 +4,7 @@
recursive, and caching DNS resolver, was prone to a denial of service
vulnerability. An attacker crafting a malicious zone and able to emit
(or make emit) queries to the server can trick the resolver into
-following an endless series of delegations, leading to ressource
+following an endless series of delegations, leading to resource
exhaustion and huge network usage.</p>
<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in unbound version 1.4.6-1+squeeze4</p>
Index: english/security/2014/dla-114.wml
===================================================================
--- english/security/2014/dla-114.wml (revision 206)
+++ english/security/2014/dla-114.wml (working copy)
@@ -7,8 +7,7 @@
<li><a href="https://security-tracker.debian.org/tracker/CVE-2004-2771";>CVE-2004-2771</a>
- <p>mailx interprets interprets shell meta-characters in certain email
- addresses.</p></li>
+ <p>mailx interprets shell meta-characters in certain email addresses.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-7844";>CVE-2014-7844</a>
Index: english/security/2014/dla-115.data
===================================================================
--- english/security/2014/dla-115.data (revision 206)
+++ english/security/2014/dla-115.data (working copy)
@@ -1,5 +1,6 @@
<define-tag pagetitle>DLA-115-1 gosa</define-tag>
<define-tag report_date>2014-12-18</define-tag>
+<define-tag secrefs>Bug#768509</define-tag>
<define-tag packages>gosa</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
Index: english/security/2014/dla-116.wml
===================================================================
--- english/security/2014/dla-116.wml (revision 206)
+++ english/security/2014/dla-116.wml (working copy)
@@ -37,7 +37,7 @@
<p>For the oldstable distribution (squeeze), these problems have been fixed in
version 4.2.6.p2+dfsg-1+deb6u1.</p>
-<p>We recommend that you upgrade your heirloom-mailx packages.</p>
+<p>We recommend that you upgrade your ntp packages.</p>
<p>Thanks to the Florian Weimer for the Red Hat security update.</p>
</define-tag>
Index: english/security/2014/dla-118.wml
===================================================================
--- english/security/2014/dla-118.wml (revision 206)
+++ english/security/2014/dla-118.wml (working copy)
@@ -27,7 +27,7 @@
<p>We apologize for a minor cosmetic glitch:</p>
<p>The following commits were already included in 2.6.32-48squeeze9 despite
-claims in debian/changelog they were only fixed in 2.6.32-48squeez10:</p>
+claims in debian/changelog they were only fixed in 2.6.32-48squeeze10:</p>
<ul>
<li>vlan: Don't propagate flag changes on down interfaces.</li>
Index: english/security/2014/dsa-3060.wml
===================================================================
--- english/security/2014/dsa-3060.wml (revision 206)
+++ english/security/2014/dsa-3060.wml (working copy)
@@ -15,7 +15,7 @@
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3611";>CVE-2014-3611</a>
<p>Lars Bull of Google reported a race condition in the PIT
- emulation code in KVM. A local guest user with access to PIT i/o
+ emulation code in KVM. A local guest user with access to PIT I/O
ports could exploit this flaw to cause a denial of service (crash)
on the host.</p></li>
@@ -34,7 +34,7 @@
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3647";>CVE-2014-3647</a>
<p>Nadav Amit reported that KVM mishandles noncanonical addresses when
- emulating instructions that change rip, potentially causing a failed
+ emulating instructions that change RIP, potentially causing a failed
VM-entry. A guest user with access to I/O or the MMIO can use this
flaw to cause a denial of service (system crash) of the guest.</p></li>
@@ -46,13 +46,13 @@
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3687";>CVE-2014-3687</a>
- <p>A flaw in the sctp stack was discovered leading to a kernel panic
+ <p>A flaw in the SCTP stack was discovered leading to a kernel panic
when receiving duplicate ASCONF chunks. A remote attacker could use
this flaw to crash the system.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3688";>CVE-2014-3688</a>
- <p>It was found that the sctp stack is prone to a remotely triggerable
+ <p>It was found that the SCTP stack is prone to a remotely triggerable
memory pressure issue caused by excessive queueing. A remote
attacker could use this flaw to cause denial-of-service conditions
on the system.</p></li>
Index: english/security/2014/dsa-3066.wml
===================================================================
--- english/security/2014/dsa-3066.wml (revision 206)
+++ english/security/2014/dsa-3066.wml (working copy)
@@ -10,9 +10,9 @@
<p>The Advanced Threat Research team at Intel Security reported that
guest provided parameter were insufficiently validated in
rectangle functions in the vmware-vga driver. A privileged guest
- user could use this flaw to write into qemu address space on the
+ user could use this flaw to write into QEMU address space on the
host, potentially escalating their privileges to those of the
- qemu host process.</p></li>
+ QEMU host process.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-7815";>CVE-2014-7815</a>
Index: english/security/2014/dsa-3067.wml
===================================================================
--- english/security/2014/dsa-3067.wml (revision 206)
+++ english/security/2014/dsa-3067.wml (working copy)
@@ -10,9 +10,9 @@
<p>The Advanced Threat Research team at Intel Security reported that
guest provided parameter were insufficiently validated in
rectangle functions in the vmware-vga driver. A privileged guest
- user could use this flaw to write into qemu address space on the
+ user could use this flaw to write into QEMU address space on the
host, potentially escalating their privileges to those of the
- qemu host process.</p></li>
+ QEMU host process.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-7815";>CVE-2014-7815</a>
Index: english/security/2014/dsa-3074.wml
===================================================================
--- english/security/2014/dsa-3074.wml (revision 206)
+++ english/security/2014/dsa-3074.wml (working copy)
@@ -1,5 +1,16 @@
<define-tag description>security update</define-tag>
<define-tag moreinfo>
+<p>The previous update for php5, DSA-3074-1, introduced regression in the
+sessionclean cron script. The change was intended to fix a potential
+symlink attack using filenames including the NULL character (Debian bug
+ #766147), but depended on sed package version too recent, not in Wheezy.</p>
+
+<p>This update reverts the fix, so people are advised to keep kernel
+symlink protection (sysctl fs.protected_symlinks=1) enabled as it is by
+default on Wheezy, which is enough to prevent successful exploitation.</p>
+
+<p>For reference, the original advisory text follows.</p>
+
<p>Francisco Alonso of Red Hat Product Security found an issue in the file
utility, whose code is embedded in PHP, a general-purpose scripting
language. When checking ELF files, note headers are incorrectly
@@ -7,9 +18,9 @@
service (out-of-bounds read and application crash) by supplying a
specially crafted ELF file.</p>
-<p>As announced in DSA-3064-1 it has been decided to follow the stable
-5.4.x releases for the Wheezy php5 packages. Consequently the
-vulnerability is addressed by upgrading PHP to a new upstream version
+<p>As announced in <a href="dsa-3064">DSA-3064-1</a> it has been decided to
+follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently
+the vulnerability is addressed by upgrading PHP to a new upstream version
5.4.35, which includes additional bug fixes, new features and possibly
incompatible changes. Please refer to the upstream changelog for more
information:</p>
@@ -17,7 +28,7 @@
<url "http://php.net/ChangeLog-5.php#5.4.35"; />
-<p>For the stable distribution (wheezy), this problem has been fixed in
-version 5.4.35-0+deb7u1.</p>
+<p>For the stable distribution (wheezy), this regression issue has been
+fixed in version 5.4.35-0+deb7u2.</p>
<p>We recommend that you upgrade your php5 packages.</p>
</define-tag>
Index: english/security/2014/dsa-3057.wml
===================================================================
--- english/security/2014/dsa-3057.wml (revision 206)
+++ english/security/2014/dsa-3057.wml (working copy)
@@ -1,5 +1,8 @@
<define-tag description>security update</define-tag>
<define-tag moreinfo>
+<p>This advisory has been superseded by <a href="../2015/dsa-3057">DSA-3057-2</a>.
+For reference, the original advisory text follows.</p>
+
<p>Sogeti found a denial of service flaw in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML file that, when processed by an
Index: english/security/2015/dsa-3057.data
===================================================================
--- english/security/2015/dsa-3057.data (nonexistent)
+++ english/security/2015/dsa-3057.data (working copy)
@@ -0,0 +1,13 @@
+<define-tag pagetitle>DSA-3057-2 libxml2</define-tag>
+<define-tag report_date>2015-4-07</define-tag>
+<define-tag secrefs>Bug#774358</define-tag>
+<define-tag packages>libxml2</define-tag>
+<define-tag isvulnerable>yes</define-tag>
+<define-tag fixed>yes</define-tag>
+<define-tag fixed-section>no</define-tag>
+
+#use wml::debian::security
+
+
+
+</dl>
Index: english/security/2015/dsa-3057.wml
===================================================================
--- english/security/2015/dsa-3057.wml (nonexistent)
+++ english/security/2015/dsa-3057.wml (working copy)
@@ -0,0 +1,26 @@
+<define-tag description>security update</define-tag>
+<define-tag moreinfo>
+<p>The update for libxml2 issued as <a
+href="../2014/dsa-3057">DSA-3057-1</a> caused regressions due to an
+incomplete patch to address <a
+href="https://security-tracker.debian.org/tracker/CVE-2014-3660";>CVE-2014-3660</a>.
+Updated packages are available to address this problem.
+For reference the original advisory text follows.</p>
+
+<p>Sogeti found a denial of service flaw in libxml2, a library providing
+support to read, modify and write XML and HTML files. A remote attacker
+could provide a specially crafted XML file that, when processed by an
+application using libxml2, would lead to excessive CPU consumption
+(denial of service) based on excessive entity substitutions, even if
+entity substitution was disabled, which is the parser default behavior.
+(<a href="https://security-tracker.debian.org/tracker/CVE-2014-3660";>CVE-2014-3660</a>)</p>
+
+<p>For the stable distribution (wheezy), this problem has been fixed in
+version 2.8.0+dfsg1-7+wheezy4.</p>
+
+<p>We recommend that you upgrade your libxml2 packages.</p>
+</define-tag>
+
+# do not modify the following line
+#include "$(ENGLISHDIR)/security/2015/dsa-3057.data"
+# $Id: $
Index: english/security/2014/dsa-3107.data
===================================================================
--- english/security/2014/dsa-3107.data (revision 206)
+++ english/security/2014/dsa-3107.data (working copy)
@@ -1,6 +1,6 @@
-<define-tag pagetitle>DSA-3107-1 subversion</define-tag>
-<define-tag report_date>2014-12-20</define-tag>
-<define-tag secrefs>CVE-2014-3580 Bug#773263</define-tag>
+<define-tag pagetitle>DSA-3107-2 subversion</define-tag>
+<define-tag report_date>2014-12-21</define-tag>
+<define-tag secrefs>CVE-2014-3580 Bug#773263 Bug#773610</define-tag>
<define-tag packages>subversion</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
Index: english/security/2014/dsa-3107.wml
===================================================================
--- english/security/2014/dsa-3107.wml (revision 206)
+++ english/security/2014/dsa-3107.wml (working copy)
@@ -1,5 +1,12 @@
<define-tag description>security update</define-tag>
<define-tag moreinfo>
+<p>For Wheezy, the previous subversion security update, DSA-3107-1,
+introduced a regression which causes Apache httpd to fail to start
+due to an undefined symbol dav_svn__new_error in configurations which
+used mod_dav_svn.</p>
+
+<p>For reference, the original advisory text follows.</p>
+
<p>Evgeny Kotkov discovered a NULL pointer dereference while processing
REPORT requests in mod_dav_svn, the Subversion component which is used
to serve repositories with the Apache web server. A remote attacker
@@ -6,7 +13,7 @@
could abuse this vulnerability for a denial of service.</p>
<p>For the stable distribution (wheezy), this problem has been fixed in
-version 1.6.17dfsg-4+deb7u7.</p>
+version 1.6.17dfsg-4+deb7u8.</p>
<p>For the unstable distribution (sid), this problem has been fixed in
version 1.8.10-5.</p>
Index: english/security/2014/dsa-3112.wml
===================================================================
--- english/security/2014/dsa-3112.wml (revision 206)
+++ english/security/2014/dsa-3112.wml (working copy)
@@ -1,6 +1,6 @@
<define-tag description>security update</define-tag>
<define-tag moreinfo>
-<p>Michele Spagnuolo of the Google Security Team dicovered two heap-based
+<p>Michele Spagnuolo of the Google Security Team discovered two heap-based
buffer overflows in SoX, the Swiss Army knife of sound processing
programs. A specially crafted wav file could cause an application using
SoX to crash or, possibly, execute arbitrary code.</p>
Index: english/security/2014/dsa-3050.data
===================================================================
--- english/security/2014/dsa-3050.data (revision 206)
+++ english/security/2014/dsa-3050.data (working copy)
@@ -1,5 +1,5 @@
-<define-tag pagetitle>DSA-3050-1 iceweasel</define-tag>
-<define-tag report_date>2014-10-15</define-tag>
+<define-tag pagetitle>DSA-3050-3 iceweasel</define-tag>
+<define-tag report_date>2014-11-12</define-tag>
<define-tag secrefs>CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586</define-tag>
<define-tag packages>iceweasel</define-tag>
<define-tag isvulnerable>yes</define-tag>
Index: english/security/2014/dsa-3050.wml
===================================================================
--- english/security/2014/dsa-3050.wml (revision 206)
+++ english/security/2014/dsa-3050.wml (working copy)
@@ -1,5 +1,10 @@
<define-tag description>security update</define-tag>
<define-tag moreinfo>
+<p>The previous update for iceweasel in DSA-3050-1 did not contain builds
+for the armhf architecture due to an error in the Debian packaging
+specific to the armhf build. This update corrects that problem. For
+reference, the original advisory text follows.</p>
+
<p>Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors, buffer
overflows, use-after-frees and other implementation errors may lead to
@@ -6,6 +11,12 @@
the execution of arbitrary code, denial of service, the bypass of the
same-origin policy or a loss of privacy.</p>
+<p>DSA-3050-1 updated the Iceweasel browser to the new ESR31 series of
+Firefox. In that version the xulrunner library is no longer included.
+This followup update provides xulrunner 24.8.1esr-2~deb7u1 in a separate
+source package to ensure that packages build-depending on xulrunner
+remain buildable.</p>
+
<p>This update updates Iceweasel to the ESR31 series of Firefox. The new
release introduces a new user interface.</p>
@@ -12,7 +23,7 @@
<p>In addition, this update also disables SSLv3.</p>
<p>For the stable distribution (wheezy), these problems have been fixed in
-version 31.2.0esr-2~deb7u1.</p>
+version 31.2.0esr-3~deb7u1.</p>
<p>For the unstable distribution (sid), these problems have been fixed in
version 31.2.0esr-1.</p>
Reply to: