Debian Beveiliging

Debian Security Advisories

It was discovered that jackson-databind, a Java library used to parse
JSON and other data formats, did not properly validate user input
before attempting deserialization. This allowed an attacker providing
maliciously crafted input to perform code execution, or read arbitrary
files on the server.

Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a
generic Apache request library, allowing a remote attacker to cause a
denial of service against an application using the library (application
crash) if an invalid nested multipart body is processed.

Three security issues were discovered in OpenSSL: A timing attack against
ECDSA, a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey()
and it was discovered that a feature of the random number generator (RNG)
intended to protect against shared RNG state between parent and child
processes in the event of a fork() syscall was not used by default.

Two security issues were discovered in OpenSSL: A timing attack against
ECDSA and a padding oracle in PKCS7_dataDecode() and
CMS_decrypt_set1_pkey().

DSA-4538 wpa – security update

29 September 2019, 12:00 am

Two vulnerabilities were found in the WPA protocol implementation found in
wpa_supplication (station) and hostapd (access point).

DSA-4536 exim4 – security update

28 September 2019, 12:00 am

A buffer overflow flaw was discovered in Exim, a mail transport agent. A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code.

It was discovered that file-roller, an archive manager for GNOME, does
not properly handle the extraction of archives with a single ./../ in a
file path. An attacker able to provide a specially crafted archive for
processing can take advantage of this flaw to overwrite files if a user
is dragging a specific file or map to a location to extract to.

It was discovered that the Go programming language did accept and
normalize invalid HTTP/1.1 headers with a space before the colon, which
could lead to filter bypasses or request smuggling in some setups.

DSA-4535 e2fsprogs – security update

27 September 2019, 12:00 am

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota
code used by e2fsck from the ext2/ext3/ext4 file system utilities.
Running e2fsck on a malformed file system can result in the execution of
arbitrary code.

It was discovered that the Lemonldap::NG web SSO system did not restrict
OIDC authorization codes to the relying party.

DSA-4531 linux – security update

25 September 2019, 12:00 am

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

DSA-4532 spip – security update

25 September 2019, 12:00 am

It was discovered that SPIP, a website engine for publishing, would
allow unauthenticated users to modify published content and write to
the database, perform cross-site request forgeries, and enumerate
registered users.

DSA-4530 expat – security update

22 September 2019, 12:00 am

It was discovered that Expat, an XML parsing C library, did not properly
handled internal entities closing the doctype, potentially resulting in
denial of service or information disclosure if a malformed XML file is
processed.

DSA-4529 php7.0 – security update

20 September 2019, 12:00 am

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language: Missing sanitising in the EXIF
extension and the iconv_mime_decode_headers() function could result in
information disclosure or denial of service.

DSA-4526 opendmarc – security update

19 September 2019, 12:00 am

It was discovered that OpenDMARC, a milter implementation of DMARC, is
prone to a signature-bypass vulnerability with multiple From: addresses.

DSA-4527 php7.3 – security update

19 September 2019, 12:00 am

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language: Missing sanitising in the EXIF
extension and the iconv_mime_decode_headers() function could result in
information disclosure or denial of service.

DSA-4528 bird – security update

19 September 2019, 12:00 am

Daniel McCarney discovered that the BIRD internet routing daemon
incorrectly validated RFC 8203 messages in it’s BGP daemon, resulting
in a stack buffer overflow.

DSA-4525 ibus – security update

18 September 2019, 12:00 am

Simon McVittie reported a flaw in ibus, the Intelligent Input Bus. Due
to a misconfiguration during the setup of the DBus, any unprivileged
user could monitor and send method calls to the ibus bus of another
user, if able to discover the UNIX socket used by another user connected
on a graphical environment. The attacker can take advantage of this flaw
to intercept keystrokes of the victim user or modify input related
configurations through DBus method calls.

DSA-4524 dino-im – security update

16 September 2019, 12:00 am

Multiple vulnerabilities have been discovered in the Dino XMPP client,
which could allow spoofing message, manipulation of a user’s roster
(contact list) and unauthorised sending of message carbons.

DSA-4522 faad2 – security update

15 September 2019, 12:00 am

Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced
Audio Coder. These vulnerabilities might allow remote attackers to cause
denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC
files are processed.

Multiple security issues have been found in Thunderbird which could
potentially result in the execution of arbitrary code, cross-site
scripting, information disclosure and a covert content attack on S/MIME
encryption using a crafted multipart/alternative message.