PatchQuest Security Alerts : All

MSWU-114 : December 2007 cumulative time zone update for Microsoft Windows operating systems(KB942763)

BulletinID : MSWU-114
Title : December 2007 cumulative time zone update for Microsoft Windows operating systems(KB942763)

Summary :
This update supersedes and replaces update 933360, which was released in August 2007. This update also includes additional time zone changes that were signed in to law after update 933360 was created.

MSWU-117 : Outlook 2003 Junk E-mail Filter update(KB947944)

BulletinID : MSWU-117
Title : Outlook 2003 Junk E-mail Filter update(KB947944)

Summary :
This update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition of which e-mail messages should be considered junk e-mail.

MS08-017 : Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

BulletinID : MS08-017
Title : Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

Summary :
These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-016 : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

BulletinID : MS08-016
Title : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

Summary :
The Critical vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-015 : Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

BulletinID : MS08-015
Title : Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

Summary :
The vulnerability could allow remote code execution if Outlook is passed a specially crafted mail to URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-014 : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

BulletinID : MS08-014
Title : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

Summary :
This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MSRT-001 : The Microsoft Windows Malicious Software Removal Tool (890830).

BulletinID : MSRT-001
Title : The Microsoft Windows Malicious Software Removal Tool (890830).

Summary :
Microsoft has released the Microsoft Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000. The Malicious Software Removal Tool supersedes all virus-cleaner tools that were previously released by Microsoft. You can download the Malicious Software Removal Tool from the Microsoft Download Center. You can also run an online version of the tool from the Malicious Software Removal Tool Web site on Microsoft.com. To run the Malicious Software Removal Tool from either location, you must log on to the computer by using an account that is a member of the Administrators group. If you are running Windows XP, Windows Server 2003, or Windows 2000, you can also run the Malicious Software Removal Tool from the Microsoft Update Web site or by using the Microsoft Update Automatic Updates functionality. If you have chosen not to use Microsoft Update, and you are running Windows XP or Windows Server 2003 Service Pack 1 (SP1), you may run the Malicious Software Removal Tool from the Windows Update Web site or by using the Windows Update Automatic Updates functionality.

MS08-010 : Cumulative Security Update for Internet Explorer (944533)

BulletinID : MS08-010
Title : Cumulative Security Update for Internet Explorer (944533)

Summary :
This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-008 : Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

BulletinID : MS08-008
Title : Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

Summary :
This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-006 : Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)

BulletinID : MS08-006
Title : Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)

Summary :
This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A remote code execution vulnerability exists in the way that IIS handles input to ASP Web pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings.

MS08-005 : Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)

BulletinID : MS08-005
Title : Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)

Summary :
This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-003 : Vulnerability in Active Directory Could Allow Denial of Service (946538)

BulletinID : MS08-003
Title : Vulnerability in Active Directory Could Allow Denial of Service (946538)

Summary :
The vulnerability could allow a denial of service condition. On Windows Server 2003 and Windows XP an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.

MS08-001 : Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

BulletinID : MS08-001
Title : Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

Summary :
This critical security update resolves two privately reported vulnerabilities. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MSWU-113 : Update for Windows XP (KB942840)

BulletinID : MSWU-113
Title : Update for Windows XP (KB942840)

Summary :
The new garbage collector can significantly improve the performance of applications that create many objects, such as Ajax-style Web applications.

MSWU-112 : Update for Windows Mail Junk E-mail Filter [December 2007] (KB905866)

BulletinID : MSWU-112
Title : Update for Windows Mail Junk E-mail Filter [December 2007] (KB905866)

Summary :
This update keep Microsoft Windows Mail up-to-date about which e-mail messages should be considered junk e-mail, and about which messages may contain phishing content.

MSWU-111 : December 2007 cumulative time zone update for Microsoft Windows operating systems(942763)

BulletinID : MSWU-111
Title : December 2007 cumulative time zone update for Microsoft Windows operating systems(942763)

Summary :
The update also includes other DST-related changes, time zone-related changes, and settings-related changes. Some of these changes have occurred since the products that are listed in the "Applies to" section were originally released.

MSWU-115 : Update for Windows Installer (927891)

BulletinID : MSWU-115
Title : Update for Windows Installer (927891)

Summary :
The update addresses the following issue: Your system may appear to become unresponsive when Windows Update or Microsoft Update is scanning for updates that use Windows installer, and you may notice that the CPU usage for the svchost process is showing 100%. When you try to install an update from Windows Update or from Microsoft Update, you experience the following symptoms: Your system may appear to become unresponsive when Windows Update or Microsoft Update is scanning for updates that use Windows Installer. You receive an access violation error in svchost.exe. This access violation stops the Server service and the Workstation service. A memory leak occurs when Windows Update or Microsoft Update is scanning for updates that use Windows Installer. Windows Update or Microsoft Update scans take a very long time, sometimes hours, to complete.

MSWU-116 : Files are corrupted on a Windows Server 2003-based computer when you try to use the local UNC path to copy the files(KB911897)

BulletinID : MSWU-116
Title : Files are corrupted on a Windows Server 2003-based computer when you try to use the local UNC path to copy the files(KB911897)

Summary :
This patch resolves the following vulnerability... You use a computer that is running Microsoft Windows Server 2003 with Service Pack 1 (SP1). The file that you copy to the share is then corrupted. The data corruption appears in the Server Message Block (SMB) header that is embedded in the data of the destination file. Furthermore, only the destination file appears corrupted, not the source file. The content of the destination file shows the following characters: FF 53 4D 42 2F These characters translate to an "SMB WRITE AndX" request. For example, this problem may occur when Microsoft CRM publishes changes to the local Web server by copying the files to the following folder: \Server_NameC$InetpubWwwroot

MSWD-003 : Definition update 1.16.2425.4 for Windows Defender (Engine update 1.1.2306.0)

BulletinID : MSWD-003
Title : Definition update 1.16.2425.4 for Windows Defender (Engine update 1.1.2306.0)

Summary :
Definitions are files that behave like an encyclopedia of known spyware and other potentially unwanted software. Because spyware is continually being developed, Windows Defender relies on up-to-date definitions to determine whether software that is trying to install, run, or change settings on the computer is potentially harmful.

PQAG-001 : PatchQuest Agent

BulletinID : PQAG-001
Title : PatchQuest Agent

Summary :

RHSA-2006:0742-01 : Critical: elinks security update

AdvisoryID : RHSA-2006:0742-01
Title : Critical: elinks security update

Summary :
Elinks is a text mode Web browser used from the command line that supports rendering modern web pages.

An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925)

All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks.

Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1.

RHSA-2006:0738-01 : Low: openssh security update

AdvisoryID : RHSA-2006:0738-01
Title : Low: openssh security update

Summary :
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server.

An authentication flaw was found in OpenSSH's privilege separation monitor. If it ever becomes possible to alter the behavior of the unprivileged process when OpenSSH is using privilege separation, an attacker may then be able to login without possessing proper credentials. (CVE-2006-5794)

Please note that this flaw by itself poses no direct threat to OpenSSH users. Without another security flaw that could allow an attacker to alter the behavior of OpenSSH's unprivileged process, this flaw cannot be exploited. There are currently no known flaws to exploit this behavior. However, we have decided to issue this erratum to fix this flaw to reduce the security impact if an unprivileged process flaw is ever found.

Users of openssh should upgrade to these updated packages, which contain a backported patch to resolve this issue.

RHSA-2006:0735-01 : Critical: thunderbird security update

AdvisoryID : RHSA-2006:0735-01
Title : Critical: thunderbird security update

Summary :
Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious HTML mail message could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748)

Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464)

A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462)

Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues.

RHSA-2006:0734-01 : Critical: seamonkey security update

AdvisoryID : RHSA-2006:0734-01
Title : Critical: seamonkey security update

Summary :
SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748)

Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464)

A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462)

Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues.

RHSA-2006:0733-02 : Critical: firefox security update

AdvisoryID : RHSA-2006:0733-02
Title : Critical: firefox security update

Summary :
Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748)

Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464)

A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462)

Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues.

RHSA-2006:0730-01 : Important: php security update

AdvisoryID : RHSA-2006:0730-01
Title : Important: php security update

Summary :
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user. (CVE-2006-5465)

Users of PHP should upgrade to these updated packages which contain a backported patch to correct this issue.

RHSA-2006:0729-01 : Moderate: ruby security update

AdvisoryID : RHSA-2006:0729-01
Title : Moderate: ruby security update

Summary :
Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)

Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.

RHSA-2006:0727-01 : Moderate: texinfo security update

AdvisoryID : RHSA-2006:0727-01
Title : Moderate: texinfo security update

Summary :
Texinfo is a documentation system that can produce both online information and printed output from a single source file.

A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810)

A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011)

Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.

RHSA-2006:0726-01 : Moderate: wireshark security update

AdvisoryID : RHSA-2006:0726-01
Title : Moderate: wireshark security update

Summary :
Wireshark is a program for monitoring network traffic.

Several flaws were found in Wireshark's HTTP, WBXML, LDAP, and XOT protocol dissectors. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4805, CVE-2006-5468, CVE-2006-5469, CVE-2006-5740)

A single NULL byte heap based buffer overflow was found in Wireshark's MIME Multipart dissector. Wireshark could crash or possibly execute arbitrary arbitrary code as the user running Wireshark. (CVE-2006-4574)

Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.4, which is not vulnerable to these issues.

RHSA-2006:0725-01 : Moderate: qt security update

AdvisoryID : RHSA-2006:0725-01
Title : Moderate: qt security update

Summary :
Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.

An integer overflow flaw was found in the way Qt handled certain pixmap images. If an application linked against Qt created a pixmap image in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2006-4811)

Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue.

RHSA-2006:0719-01 : Moderate: nss_ldap security update

AdvisoryID : RHSA-2006:0719-01
Title : Moderate: nss_ldap security update

Summary :
nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as primary sources for aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords.

A flaw was found in the way nss_ldap handled a PasswordPolicyResponse control sent by an LDAP server. If an LDAP server responded to an authentication request with a PasswordPolicyResponse control, it was possible for an application using nss_ldap to improperly authenticate certain users. (CVE-2006-5170)

This flaw was only exploitable within applications which did not properly process nss_ldap error messages. Only xscreensaver is currently known to exhibit this behavior.

All users of nss_ldap should upgrade to these updated packages, which contain a backported patch that resolves this issue.

DSA-1205-1 : New thttpd packages fix insecure temporary file creation

AdvisoryID : DSA-1205-1
Title : New thttpd packages fix insecure temporary file creation

Summary :
Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack.

For the stable distribution (sarge) this problem has been fixed in version 2.23beta1-3sarge2

For the unstable distribution (sid) this problem has been fixed in version 2.23beta1-5

We recommend that you upgrade your thttpd package.

DSA 1204-1 : New ingo1 packages fix arbitrary shell command execution

AdvisoryID : DSA 1204-1
Title : New ingo1 packages fix arbitrary shell command execution

Summary :
It was discovered that the Ingo email filter rules manager performs insufficient escaping of user-provided data in created procmail rules files, which allows the execution of arbitrary shell commands.

For the stable distribution (sarge), this problem has been fixed in version 1.0.1-1sarge1.

For the unstable distribution (sid), this problem has been fixed in version 1.1.2-1.

We recommend that you upgrade your ingo1 package.

DSA 1203-1 : New libpam-ldap packages fix access control bypass

AdvisoryID : DSA 1203-1
Title : New libpam-ldap packages fix access control bypass

Summary :
Steve Rigler discovered that the PAM module for authentication against LDAP servers processes PasswordPolicyReponse control messages incorrectly, which might lead to an attacker being able to login into a suspended system account.

For the stable distribution (sarge) this problem has been fixed in version 178-1sarge3. Due to technical problems with the security buildd infrastructure this update lacks a build for the Sun Sparc architecture. It will be released as soon as the problems are resolved.

For the unstable distribution (sid) this problem has been fixed in version 180-1.2.

We recommend that you upgrade your libpam-ldap package.

DSA 1202-1 : New screen packages fix arbitrary code execution

AdvisoryID : DSA 1202-1
Title : New screen packages fix arbitrary code execution

Summary :
'cstone' and Rich Felker discovered that specially crafted UTF-8 sequences may lead an out of bands memory write when displayed inside the screen terminal multiplexer, allowing denial of service and potentially the execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in version 4.0.2-4.1sarge1. Due to technical problems with the security buildd infrastructure this update lacks a build for the Sun Sparc architecture. It will be released as soon as the problems are resolved.

For the unstable distribution (sid) this problem has been fixed in version 4.0.3-0.1.

We recommend that you upgrade your screen package.

DSA 1201-1 : New ethereal packages fix denial of service

AdvisoryID : DSA 1201-1
Title : New ethereal packages fix denial of service

Summary :
Several remote vulnerabilities have been discovered in the Ethereal network scanner. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2005-4574

It was discovered that the MIME multipart dissector is vulnerable to denial of service caused by an off-by-one overflow.

CVE-2006-4805

It was discovered that the XOT dissector is vulnerable to denial of service caused by memory corruption.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge9. Due to technical problems with the security buildd infrastructure this update lacks builds for the hppa and sparc architecture. They will be released as soon as the problems are resolved.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your ethereal packages.

DSA 1200-1 : New Qt packages fix integer overflow

AdvisoryID : DSA 1200-1
Title : New Qt packages fix integer overflow

Summary :
An integer overflow has been found in the pixmap handling routines in the Qt GUI libraries. This could allow an attacker to cause a denial of service and possibly execute arbitrary code by providing a specially crafted image file and inducing the victim to view it in an application based on Qt.

For the stable distribution (sarge), this problem has been fixed in version 3:3.3.4-3sarge1

For the unstable distribution (sid), this problem has been fixed in versions 3:3.3.7-1 and 4.2.1-1.

We recommend that you upgrade your qt-x11-free packages.

DSA 1199-1 : New webmin packages fix input validation problems

AdvisoryID : DSA 1199-1
Title : New webmin packages fix input validation problems

Summary :
Several vulnerabilities have been identified in webmin, a web-based administration toolkit.

CVE-2005-3912 A format string vulnerability in miniserv.pl could allow an attacker to cause a denial of service by crashing the application or exhausting system resources, and could potentially allow arbitrary code execution.

CVE-2006-3392 Improper input sanitization in miniserv.pl could allow an attacker to read arbitrary files on the webmin host by providing a specially crafted URL path to the miniserv http server.

CVE-2006-4542 Improper handling of null characters in URLs in miniserv.pl could allow an attacker to conduct cross-site scripting attacks, read CGI program source code, list local directories, and potentially execute arbirary code.

For the stable distribution (sarge), these problems have been fixed in version 1.180-3sarge1

Webmin is not included in unstable (sid) or testing (etch), so these problems are not present.

We recommend that you upgrade your webmin (1.180-3sarge1) package.

DSA 1198-1 : New python2.3 packages fix arbitrary code execution

AdvisoryID : DSA 1198-1
Title : New python2.3 packages fix arbitrary code execution

Summary :
Benjamin C. Wiley Sittler discovered that the repr() of the Python interpreter allocates insufficient memory when parsing UCS-4 Unicode strings, which might lead to execution of arbitrary code through a buffer overflow.

For the stable distribution (sarge) this problem has been fixed in version 2.3.5-3sarge2. Due to build problems this update lacks fixed packages for the Alpha and Sparc architectures. Once they are sorted out, fixed binaries will be released.

For the unstable distribution (sid) this problem has been fixed in version 2.3.5-16.

We recommend that you upgrade your Python 2.3 packages.

DSA 1197-1 : New python2.4 packages fix arbitrary code execution

AdvisoryID : DSA 1197-1
Title : New python2.4 packages fix arbitrary code execution

Summary :
Benjamin C. Wiley Sittler discovered that the repr() of the Python interpreter allocates insufficient memory when parsing UCS-4 Unicode strings, which might lead to execution of arbitrary code through a buffer overflow.

For the stable distribution (sarge) this problem has been fixed in version 2.4.1-2sarge1. Due to build problems this update lacks fixed packages for the m68k architecture. Once they are sorted out, binaries for m68k will be released.

For the unstable distribution (sid) this problem has been fixed in version 2.4.4-1.

We recommend that you upgrade your Python 2.4 packages.

DSA 1196-1 : New clamav packages fix arbitrary code execution

AdvisoryID : DSA 1196-1
Title : New clamav packages fix arbitrary code execution

Summary :
Several remote vulnerabilities have been discovered in the ClamAV malware scan engine, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4182

Damian Put discovered a heap overflow error in the script to rebuild PE files, which could lead to the execution of arbitrary code.

CVE-2006-5295

Damian Put discovered that missing input sanitising in the CHM handling code might lead to denial of service.

For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.11. Due to technical problems with the build host this update lacks a build for the Sparc architecture. It will be provided soon.

For the unstable distribution (sid) these problems have been fixed in version 0.88.5-1.

We recommend that you upgrade your clamav packages.

DSA 1195-1 : new openssl096 packages fix denial of service

AdvisoryID : DSA 1195-1
Title : new openssl096 packages fix denial of service

Summary :
Multiple vulnerabilities have been discovered in the OpenSSL cryptographic software package that could allow an attacker to launch a denial of service attack by exhausting system resources or crashing processes on a victim's computer.

CVE-2006-3738 Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer.

CVE-2006-4343 Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash.

CVE-2006-2940 Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL a DoS was discovered.

Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack.

For the stable distribution (sarge) these problems have been fixed in version 0.9.6m-1sarge4

This package exists only for compatibility with older software, and is not present in the unstable or testing branches of Debian.

We recommend that you upgrade your openssl096 package. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers.

DSA 1194-1 : New libwmf packages fix arbitrary code execution

AdvisoryID : DSA 1194-1
Title : New libwmf packages fix arbitrary code execution

Summary :
It was discovered that an integer overflow in libwmf, the library to read Windows Metafile Format files, can be exploited to execute arbitrary code if a crafted WMF file is parsed.

For the stable distribution (sarge) this problem has been fixed in version 0.2.8.3-2sarge1.

For the unstable distribution (sid) this problem has been fixed in version 0.2.8.4-2.

We recommend that you upgrade your libwmf package.

DSA 1193-1 : New XFree86 packages fix several vulnerabilities

AdvisoryID : DSA 1193-1
Title : New XFree86 packages fix several vulnerabilities

Summary :
Several vulnerabilities have been discovered in the X Window System, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-3467

Chris Evan discovered an integer overflow in the code to handle PCF fonts, which might lead to denial of service if a malformed font is opened.

CVE-2006-3739

It was discovered that an integer overflow in the code to handle Adobe Font Metrics might lead to the execution of arbitrary code.

CVE-2006-3740

It was discovered that an integer overflow in the code to handle CMap and CIDFont font data might lead to the execution of arbitrary code.

CVE-2006-4447

The XFree86 initialization code performs insufficient checking of the return value of setuid() when dropping privileges, which might lead to local privilege escalation.

For the stable distribution (sarge) these problems have been fixed in version 4.3.0.dfsg.1-14sarge2. This release lacks builds for the Motorola 680x0 architecture, which failed due to diskspace constraints on the build host. They will be released once this problem has been resolved.

For the unstable distribution (sid) these problems have been fixed in version 1:1.2.2-1 of libxfont and version 1:1.0.2-9 of xorg-server.

We recommend that you upgrade your XFree86 packages.

DSA 1192-1 : New Mozilla packages fix several vulnerabilities

AdvisoryID : DSA 1192-1
Title : New Mozilla packages fix several vulnerabilities

Summary :
CVE-2006-4568 CVE-2006-4570 CVE-2006-4571 BugTraq ID : 20042

Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-2788

Fernando Ribeiro discovered that a vulnerability in the getRawDER functionallows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code.

CVE-2006-4340

Daniel Bleichenbacher recently described an implementation error in RSA signature verification that cause the application to incorrectly trust SSL certificates.

CVE-2006-4565, CVE-2006-4566

Priit Laes reported that that a JavaScript regular expression can trigger a heap-based buffer overflow which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2006-4568

A vulnerability has been discovered that allows remote attackers to bypass the security model and inject content into the sub-frame of another site.

CVE-2006-4570

Georgi Guninski demonstrated that even with JavaScript disabled in mail (the default) an attacker can still execute JavaScript when a mail message is viewed, replied to, or forwarded.

CVE-2006-4571

Multiple unspecified vulnerabilities in Firefox, Thunderbird and SeaMonkey allow remote attackers to cause a denial of service, corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge7.3.1.

We recommend that you upgrade your Mozilla package.

DSA 1191-1 : New Mozilla Thunderbird packages fix several vulnerabilities

AdvisoryID : DSA 1191-1
Title : New Mozilla Thunderbird packages fix several vulnerabilities

Summary :
CVE-2006-4568 CVE-2006-4570 CVE-2006-4571 BugTraq ID : 20042

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-2788

Fernando Ribeiro discovered that a vulnerability in the getRawDER functionallows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code.

CVE-2006-4340

Daniel Bleichenbacher recently described an implementation error in RSA signature verification that cause the application to incorrectly trust SSL certificates.

CVE-2006-4565, CVE-2006-4566

Priit Laes reported that that a JavaScript regular expression can trigger a heap-based buffer overflow which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2006-4568

A vulnerability has been discovered that allows remote attackers to bypass the security model and inject content into the sub-frame of another site.

CVE-2006-4570

Georgi Guninski demonstrated that even with JavaScript disabled in mail (the default) an attacker can still execute JavaScript when a mail message is viewed, replied to, or forwarded.

CVE-2006-4571

Multiple unspecified vulnerabilities in Firefox, Thunderbird and SeaMonkey allow remote attackers to cause a denial of service, corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8c.1.

For the unstable distribution (sid) these problems have been fixed in version 1.5.0.7-1.

We recommend that you upgrade your Mozilla Thunderbird packages.

DSA 1190-1 : New maxdb-7.5.00 packages fix execution of arbitrary code

AdvisoryID : DSA 1190-1
Title : New maxdb-7.5.00 packages fix execution of arbitrary code

Summary :
Oliver Karow discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in version 7.5.00.24-4.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your maxdb-7.5.00 package.

DSA 1189-1 : New openssh-krb5 packages fix denial of service and potential execution of arbitrary code

AdvisoryID : DSA 1189-1
Title : New openssh-krb5 packages fix denial of service and potential execution of arbitrary code

Summary :
Several remote vulnerabilities have been discovered in OpenSSH, a free implementation of the Secure Shell protocol, which may lead to denial of service and potentially the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4924

Tavis Ormandy of the Google Security Team discovered a denial of service vulnerability in the mitigation code against complexity attacks, which might lead to increased CPU consumption until a timeout is triggered. This is only exploitable if support for SSH protocol version 1 is enabled.

CVE-2006-5051

Mark Dowd discovered that insecure signal handler usage could potentially lead to execution of arbitrary code through a double free. The Debian Security Team doesn't believe the general openssh package without Kerberos support to be exploitable by this issue. However, due to the complexity of the underlying code we will issue an update to rule out all eventualities.

For the stable distribution (sarge) these problems have been fixed in version 3.8.1p1-7sarge1.

For the unstable distribution (sid) these problems have been fixed in version 4.3p2-4 of openssh. openssh-krb5 will soon be converted towards a transitional package against openssh.

We recommend that you upgrade your openssh-krb5 packages.

DSA 1188-1 : New mailman packages fix several problems

AdvisoryID : DSA 1188-1
Title : New mailman packages fix several problems

Summary :
BugTraq ID : 19831

Several security related problems have been discovered in mailman, the web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-3636

Moritz Naumann discovered several cross-site scripting problems that could allow remote attackers to inject arbitrary web script or HTML.

CVE-2006-4624

Moritz Naumann discovered that a remote attacker can inject arbitrary strings into the logfile.

For the stable distribution (sarge) this problem has been fixed in version 2.1.5-8sarge5.

For the unstable distribution (sid) this problem has been fixed in version 2.1.8-3.

We recommend that you upgrade your mailman package.

DSA 1185-2 : New openssl packages fix arbitrary code execution

AdvisoryID : DSA 1185-2
Title : New openssl packages fix arbitrary code execution

Summary :
The fix used to correct CVE-2006-2940 introduced code that could lead to the use of uninitialized memory. Such use is likely to cause the application using the openssl library to crash, and has the potential to allow an attacker to cause the execution of arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 0.9.7e-3sarge4.

For the unstable and testing distributions (sid and etch, respectively), these problems will be fixed in version 0.9.7k-3 of the openssl097 compatibility libraries, and version 0.9.8c-3 of the openssl package.

We recommend that you upgrade your openssl package. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers.