Bollettini della sicurezza Debian (Debian Security Advisories)

Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application.

It has been discovered that Slash, the Slashdot Like Automated Storytelling Homepage suffers from two vulnerabilities related to insufficient input sanitation, leading to execution of SQL commands (CVE-2008-2231) and cross-site scripting (CVE-2008-2553).

Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.

Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU and memory resources were exhausted.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems:

Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root.

Brian Dowling discovered that the PowerDNS authoritative name server does not respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing (CVE-2008-3337). This update changes PowerDNS to respond with SERVFAIL responses instead.

Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN.

Joan Calvet discovered that httrack, a utility to create local copies of websites, is vulnerable to a buffer overflow potentially allowing to execute arbitrary code when passed excessively long URLs.

Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). The Common Vulnerabilities and Exposures project identifies the following problems:

Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.

It was discovered that newsx, an NNTP news exchange utility, was affected by a buffer overflow allowing remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems:

Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems:

Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.

In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy.

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: