Debian Security Advisory November 03, 2014 12:54AM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory April 28, 2015 12:45AM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
It was found that the netfilter connection tracking subsystem used
too small a type as an offset within each connection's data
structure, following a bug fix in Linux 3.2.33 and 3.6. In some
configurations, this would lead to memory corruption and crashes
(even without malicious traffic). This could potentially also
result in violation of the netfilter policy or remote code
execution.
This can be mitigated by disabling connection tracking accounting:
sysctl net.netfilter.nf_conntrack_acct=0
Re: Debian Security Advisory January 20, 2016 10:42AM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
The Qualys Security team discovered two vulnerabilities in the roaming
code of the OpenSSH client (an implementation of the SSH protocol
suite).
SSH roaming enables a client, in case an SSH connection breaks
unexpectedly, to resume it at a later time, provided the server also
supports it.
The OpenSSH server doesn't support roaming, but the OpenSSH client
supports it (even though it's not documented) and it's enabled by
default.
Re: Debian Security Advisory January 20, 2016 12:00PM |
Registered: 10 years ago Posts: 1,037 |
Re: Debian Security Advisory March 02, 2016 11:12PM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory April 18, 2016 01:23PM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3550-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 15, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssh
CVE ID : CVE-2015-8325
Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is
enabled and the sshd PAM configuration is configured to read user-
specified environment variables and the "UseLogin" option is enabled, a
local user may escalate her privileges to root.
In Debian "UseLogin" is not enabled by default.
For the oldstable distribution (wheezy), this problem has been fixed
in version 6.0p1-4+deb7u4.
For the stable distribution (jessie), this problem has been fixed in
version 6.7p1-5+deb8u2.
For the unstable distribution (sid), this problem has been fixed in
version 1:7.2p2-3.
We recommend that you upgrade your openssh packages.
Re: Debian Security Advisory April 26, 2016 03:39AM |
Registered: 9 years ago Posts: 118 |
Re: Debian Security Advisory April 26, 2016 07:05PM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory May 04, 2016 12:35AM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3566-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
May 03, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssl
CVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108
CVE-2016-2109 CVE-2016-2176
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer
toolkit.
CVE-2016-2105
Guido Vranken discovered that an overflow can occur in the function
EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can
supply a large amount of data. This could lead to a heap corruption.
CVE-2016-2106
Guido Vranken discovered that an overflow can occur in the function
EVP_EncryptUpdate() if an attacker can supply a large amount of data.
This could lead to a heap corruption.
CVE-2016-2107
Juraj Somorovsky discovered a padding oracle in the AES CBC cipher
implementation based on the AES-NI instruction set. This could allow
an attacker to decrypt TLS traffic encrypted with one of the cipher
suites based on AES CBC.
CVE-2016-2108
David Benjamin from Google discovered that two separate bugs in the
ASN.1 encoder, related to handling of negative zero integer values
and large universal tags, could lead to an out-of-bounds write.
CVE-2016-2109
Brian Carpenter discovered that when ASN.1 data is read from a BIO
using functions such as d2i_CMS_bio(), a short invalid encoding can
casuse allocation of large amounts of memory potentially consuming
excessive resources or exhausting memory.
CVE-2016-2176
Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes
can cause an overread in applications using the X509_NAME_oneline()
function on EBCDIC systems. This could result in arbitrary stack data
being returned in the buffer.
Additional information about these issues can be found in the OpenSSL
security advisory at https://www.openssl.org/news/secadv/20160503.txt
For the stable distribution (jessie), these problems have been fixed in
version 1.0.1k-3+deb8u5.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.2h-1.
We recommend that you upgrade your openssl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Re: Debian Security Advisory May 15, 2016 10:59PM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory August 07, 2016 06:36PM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3626-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssh
CVE ID : CVE-2016-6210
Debian Bug : 831902
Eddie Harari reported that the OpenSSH SSH daemon allows user
enumeration through timing differences when trying to authenticate
users. When sshd tries to authenticate a non-existing user, it will pick
up a fixed fake password structure with a hash based on the Blowfish
algorithm. If real users passwords are hashed using SHA256/SHA512, then
a remote attacker can take advantage of this flaw by sending large
passwords, receiving shorter response times from the server for
non-existing users.
For the stable distribution (jessie), this problem has been fixed in
version 1:6.7p1-5+deb8u3.
For the unstable distribution (sid), this problem has been fixed in
version 1:7.2p2-6.
We recommend that you upgrade your openssh packages.
Re: Debian Security Advisory August 17, 2016 05:55PM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory September 24, 2016 04:56AM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory October 25, 2016 10:13PM |
Registered: 8 years ago Posts: 310 |
Re: Debian Security Advisory November 02, 2016 02:18AM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory May 30, 2017 12:03AM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
Debian Security Advisory DSA-3860-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 24, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : samba
CVE ID : CVE-2017-7494
steelo discovered a remote code execution vulnerability in Samba, a
SMB/CIFS file, print, and login server for Unix. A malicious client with
access to a writable share, can take advantage of this flaw by uploading
a shared library and then cause the server to load and execute it.
For the stable distribution (jessie), this problem has been fixed in
version 2:4.2.14+dfsg-0+deb8u6.
We recommend that you upgrade your samba packages.
Re: Debian Security Advisory October 17, 2017 01:10AM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
-----------------------------------------------------------------
Debian Security Advisory DSA-3999-1 security@debian.org
https://www.debian.org/security/ Yves-Alexis Perez
October 16, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : wpa
CVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087
CVE-2017-13088
Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered
multiple vulnerabilities in the WPA protocol, used for authentication in
wireless networks. Those vulnerabilities applies to both the access point
(implemented in hostapd) and the station (implemented in wpa_supplicant).
An attacker exploiting the vulnerabilities could force the vulnerable system to
reuse cryptographic session keys, enabling a range of cryptographic attacks
against the ciphers used in WPA1 and WPA2.
More information can be found in the researchers's paper, Key Reinstallation
Attacks: Forcing Nonce Reuse in WPA2.
CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
CVE-2017-13078: reinstallation of the group key in the Four-way handshake
CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
CVE-2017-13080: reinstallation of the group key in the Group Key handshake
CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey
(TPK) key in the TDLS handshake
CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode
Response frame
For the oldstable distribution (jessie), these problems have been fixed
in version 2.3-1+deb8u5.
For the stable distribution (stretch), these problems have been fixed in
version 2:2.4-1+deb9u1.
For the testing distribution (buster), these problems have been fixed
in version 2:2.4-1.1.
For the unstable distribution (sid), these problems have been fixed in
version 2:2.4-1.1.
We recommend that you upgrade your wpa packages.
Re: Debian Security Advisory October 17, 2017 02:22AM |
Registered: 8 years ago Posts: 310 |
Quote
-----------------------------------------------------------------
> Debian Security Advisory DSA-3999-1
> security@debian.org
> https://www.debian.org/security/
> Yves-Alexis Perez
> October 16, 2017
> https://www.debian.org/security/faq
> -
> -------------------------------------------------------------------------
>
> Package : wpa
> CVE ID : CVE-2017-13077 CVE-2017-13078
> CVE-2017-13079 CVE-2017-13080
> CVE-2017-13081 CVE-2017-13082
> CVE-2017-13086 CVE-2017-13087
> CVE-2017-13088
>
> Mathy Vanhoef of the imec-DistriNet research group
> of KU Leuven discovered
> multiple vulnerabilities in the WPA protocol, used
> for authentication in
> wireless networks. Those vulnerabilities applies
> to both the access point
> (implemented in hostapd) and the station
> (implemented in wpa_supplicant).
>
> An attacker exploiting the vulnerabilities could
> force the vulnerable system to
> reuse cryptographic session keys, enabling a range
> of cryptographic attacks
> against the ciphers used in WPA1 and WPA2.
>
> More information can be found in the researchers's
> paper, Key Reinstallation
> Attacks: Forcing Nonce Reuse in WPA2.
>
> CVE-2017-13077: reinstallation of the pairwise key
> in the Four-way handshake
> CVE-2017-13078: reinstallation of the group key in
> the Four-way handshake
> CVE-2017-13079: reinstallation of the integrity
> group key in the Four-way
> handshake
> CVE-2017-13080: reinstallation of the group key in
> the Group Key handshake
> CVE-2017-13081: reinstallation of the integrity
> group key in the Group Key
> handshake
> CVE-2017-13082: accepting a retransmitted Fast BSS
> Transition Reassociation
> Request and reinstalling the
> pairwise key while processing it
> CVE-2017-13086: reinstallation of the Tunneled
> Direct-Link Setup (TDLS) PeerKey
> (TPK) key in the TDLS handshake
> CVE-2017-13087: reinstallation of the group key
> (GTK) when processing a
> Wireless Network Management (WNM)
> Sleep Mode Response frame
> CVE-2017-13088: reinstallation of the integrity
> group key (IGTK) when
> processing a Wireless Network
> Management (WNM) Sleep Mode
> Response frame
>
> For the oldstable distribution (jessie), these
> problems have been fixed
> in version 2.3-1+deb8u5.
>
> For the stable distribution (stretch), these
> problems have been fixed in
> version 2:2.4-1+deb9u1.
>
> For the testing distribution (buster), these
> problems have been fixed
> in version 2:2.4-1.1.
>
> For the unstable distribution (sid), these
> problems have been fixed in
> version 2:2.4-1.1.
>
> We recommend that you upgrade your wpa
> packages.
Re: Debian Security Advisory October 17, 2017 03:35AM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory October 17, 2017 04:43AM |
Registered: 10 years ago Posts: 1,037 |
Re: Debian Security Advisory October 17, 2017 01:51PM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory October 28, 2017 05:31PM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4008-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 28, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : wget
CVE ID : CVE-2017-13089 CVE-2017-13090
Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen
discovered two buffer overflows in the HTTP protocol handler of the Wget
download tool, which could result in the execution of arbitrary code
when connecting to a malicious HTTP server.
For the oldstable distribution (jessie), these problems have been fixed
in version 1.16-1+deb8u4.
For the stable distribution (stretch), these problems have been fixed in
version 1.18-5+deb9u1.
We recommend that you upgrade your wget packages.
Re: Debian Security Advisory November 03, 2017 09:14PM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4018-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 04, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssl
CVE ID : CVE-2017-3735 CVE-2017-3736
Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:
CVE-2017-3735
It was discovered that OpenSSL is prone to a one-byte buffer
overread while parsing a malformed IPAddressFamily extension in an
X.509 certificate.
Details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20170828.txt
CVE-2017-3736
It was discovered that OpenSSL contains a carry propagation bug in
the x86_64 Montgomery squaring procedure.
Details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20171102.txt
For the oldstable distribution (jessie), CVE-2017-3735 has been fixed in
version 1.0.1t-1+deb8u7. The oldstable distribution is not affected by
CVE-2017-3736.
For the stable distribution (stretch), these problems have been fixed in
version 1.1.0f-3+deb9u1.
For the unstable distribution (sid), these problems have been fixed in
version 1.1.0g-1.
We recommend that you upgrade your openssl packages
Re: Debian Security Advisory January 04, 2018 11:26PM |
Admin Registered: 13 years ago Posts: 18,900 |
Quote
[SECURITY] [DSA 4078-1] linux security update
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 4078-1] linux security update
From: Yves-Alexis Perez <corsac@debian.org>
Date: Thu, 04 Jan 2018 23:25:28 +0100
Message-id: <[????] 5a4ea9d8.a035b.2e03da61@scapa.corsac.net>
Reply-to: debian-security-announce-request@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4078-1 security@debian.org
https://www.debian.org/security/ Yves-Alexis Perez
January 04, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2017-5754
Multiple researchers have discovered a vulnerability in Intel processors,
enabling an attacker controlling an unprivileged process to read memory from
arbitrary addresses, including from the kernel and all other processes running
on the system.
This specific attack has been named Meltdown and is addressed in the Linux
kernel for the Intel x86-64 architecture by a patch set named Kernel Page Table
Isolation, enforcing a near complete separation of the kernel and userspace
address maps and preventing the attack. This solution might have a performance
impact, and can be disabled at boot time by passing `pti=off' to the kernel
command line.
We also identified a regression for ancient userspaces using the vsyscall
interface, for example chroot and containers using (e)glibc 2.13 and older,
including those based on Debian 7 or RHEL/CentOS 6. This regression will be
fixed in a later update.
The other vulnerabilities (named Spectre) published at the same time are not
addressed in this update and will be fixed in a later update.
Re: Debian Security Advisory January 05, 2018 01:50AM |
Registered: 8 years ago Posts: 310 |
>Quote
[SECURITY] [DSA 4078-1] linux security
> update
>
> To: debian-security-announce@lists.debian.org
> Subject: [SECURITY] [DSA 4078-1] linux security
> update
> From: Yves-Alexis Perez <corsac@debian.org>
> Date: Thu, 04 Jan 2018 23:25:28 +0100
> Message-id: <[????]
> 5a4ea9d8.a035b.2e03da61@scapa.corsac.net>
> Reply-to:
> debian-security-announce-request@lists.debian.org
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> -
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-4078-1
> security@debian.org
> https://www.debian.org/security/
> Yves-Alexis Perez
> January 04, 2018
> https://www.debian.org/security/faq
> -
> -------------------------------------------------------------------------
>
> Package : linux
> CVE ID : CVE-2017-5754
>
> Multiple researchers have discovered a
> vulnerability in Intel processors,
> enabling an attacker controlling an unprivileged
> process to read memory from
> arbitrary addresses, including from the kernel and
> all other processes running
> on the system.
>
> This specific attack has been named Meltdown and
> is addressed in the Linux
> kernel for the Intel x86-64 architecture by a
> patch set named Kernel Page Table
> Isolation, enforcing a near complete separation of
> the kernel and userspace
> address maps and preventing the attack. This
> solution might have a performance
> impact, and can be disabled at boot time by
> passing `pti=off' to the kernel
> command line.
>
> We also identified a regression for ancient
> userspaces using the vsyscall
> interface, for example chroot and containers using
> (e)glibc 2.13 and older,
> including those based on Debian 7 or RHEL/CentOS
> 6. This regression will be
> fixed in a later update.
>
> The other vulnerabilities (named Spectre)
> published at the same time are not
> addressed in this update and will be fixed in a
> later update.
Re: Debian Security Advisory January 05, 2018 02:46AM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory January 07, 2018 01:47AM |
Registered: 9 years ago Posts: 454 |
Re: Debian Security Advisory January 07, 2018 01:56AM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory January 07, 2018 02:10AM |
Admin Registered: 13 years ago Posts: 18,900 |
Re: Debian Security Advisory January 09, 2018 09:45PM |
Registered: 8 years ago Posts: 310 |