VARIoT IoT vulnerabilities database

Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. Apple Safari is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious website. Successfully exploiting these issues will allow the attacker to execute arbitrary JavaScript code in the local security zone. This may allow the attacker to obtain sensitive information that can aid in further attacks; other consequences may also occur. These issues affect versions prior to Safari 3.2.3. Safari is the web browser bundled by default in the Apple operating system. I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. References * Apple Security Update 2009-002 - <http://support.apple.com/kb/HT3549> * Safari 3.2.3 - <http://support.apple.com/kb/HT3550> * Apple Downloads - <http://support.apple.com/downloads/> * Software Update - <https://support.apple.com/kb/HT1338?viewlocale=en_US> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-133A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA09-133A Feedback VU#175188" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History May 13, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSgsdiHIHljM+H4irAQIsGAf+IykbS/FD1X/R2ooezndAmZjrcT29XnpV HO4DiMlKmqW+dUffk4mdJLVR7y8pwUuP4TbjwncoT39SDR9UoEankv7+Dao/qkM/ Jp0flkEpb5qtcIm9VnuWvpCE31OZZgwBwJ7f2WWzbBLqoZ5FIWAhCcW6E5v6mjVy J+Z4BmHYUIapPLzGzV8+HT6/7LRNpg+mZoldEBUoXXjik8o78v5A7iGyMSXoaBlV vL8N/3GG9a9xecLqbbv5N6ABsncHA9f/GzBnfJUqVHkUM1xnjqmgd7TZikObw+fJ xcgWvmYmoRdCMzM3b1jPqWPDGJDbo0oHZM3J3hKE+opsLe9xChM1qA== =dQ2L -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35074 VERIFY ADVISORY: http://secunia.com/advisories/35074/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A vulnerability in Apache when handling FTP proxy requests can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA31384 2) A boundary error in the handling of Compact Font Format (CFF) fonts in Apple Type Services can be exploited to cause a heap-based buffer overflow when specially crafted document is downloaded or viewed. Successful exploitation allows execution of arbitrary code. 3) A vulnerability in BIND can potentially be exploited by malicious people to conduct spoofing attacks. For more information: SA33404 4) An error in the parsing of Set-Cookie headers in CFNetwork can result in applications using CFNetwork sending sensitive information in unencrypted HTTP requests. 5) An unspecified error in the processing of HTTP headers in CFNetwork can be exploited to cause a heap-based buffer overflow when visiting a malicious web site. Successful exploitation allows execution of arbitrary code. 6) Multiple errors exist in the processing of PDF files in CoreGraphics, which can be exploited to corrupt memory and execute arbitrary code via a specially crafted PDF file. 7) An integer underflow error in the processing of PDF files in CoreGraphics can be exploited to cause a heap-based buffer overflow when specially crafted PDF files is opened. Successful exploitation allows execution of arbitrary code. 8) Multiple vulnerabilities in the processing of JBIG2 streams within PDF files in CoreGraphics can be exploited by malicious people to compromise a user's system. For more information: SA34291 9) Multiple vulnerabilities in cscope can be exploited by malicious people to compromise a user's system. For more information: SA34978: 10) A boundary error in the handling of disk images can be exploited to cause a stack-based buffer overflow when a specially crafted disk image is mounted. 11) Multiple unspecified errors in the handling of disk images can be exploited to cause memory corruptions when a specially crafted disk image is mounted. Successful exploitation of vulnerabilities #10 and #11 allows execution of arbitrary code. 12) Multiple vulnerabilities in enscript can be exploited by malicious people to compromise a vulnerable system. For more information: SA13968 SA32137 13) Multiple vulnerabilities in the Flash Player plugin can be exploited by malicious people to compromise a user's system. For more information: SA34012 14) An error in Help Viewer when loading Cascading Style Sheets referenced in URL parameters can be exploited to invoke arbitrary AppleScript files. 15) A vulnerability exists due to Help Viewer not validating that full paths to HTML documents are within registered help books, which can be exploited to invoke arbitrary AppleScript files. Successful exploitation of vulnerabilities #14 and #15 allows execution of arbitrary code. 16) An error in iChat can result in AIM communication configured for SSL to be sent in plaintext. 17) An error in the handling of certain character encodings in ICU can be exploited to bypass filters on websites that attempt to mitigate cross-site scripting. 18) Some vulnerabilities in IPSec can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA31450 SA31478 19) Multiple vulnerabilities in Kerberos can be exploited by malicious people to potentially disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA34347 20) An error in the handling of workqueues within the kernel can be exploited by malicious, local users to cause a DoS or execute arbitrary code with Kernel privileges. 21) An error in Launch Services can cause Finder to repeatedly terminate and relaunch when a specially crafted Mach-O is downloaded. 22) A vulnerability in libxml can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA31558 23) A vulnerability in Net-SNMP can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA32560 24) A vulnerability in Network Time can be exploited by malicious people to conduct spoofing attacks. For more information: SA33406 25) A vulnerability in Network Time can be exploited by malicious people to potentially compromise a user's system. For more information: SA34608 26) A vulnerability in Networking can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA31745 27) A vulnerability in OpenSSL can be exploited by malicious people to conduct spoofing attacks. For more information: SA33338 28) Some vulnerabilities in PHP can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system, and by malicious, local users to bypass certain security restrictions. For more information: SA32964 29) An unspecified error in QuickDraw Manager can be exploited to cause a memory corruption and potentially execute arbitrary code via a specially crafted PICT image. 30) An integer underflow error in the handling of PICT images in QuickDraw Manager can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file. Successful exploitation allows execution of arbitrary code. 31) Multiple vulnerabilities in ruby can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. For more information: SA31430 SA31602 32) An error in the use of the OpenSSL library in ruby can cause revoked certificates to be accepted. 33) A vulnerability in Safari when handling "feed:" URLs can be exploited to compromise a user's system. For more information: SA35056 34) Multiple unspecified errors in Spotlight can be exploited to cause memory corruptions and execute arbitrary code when a specially crafted Office document is downloaded. 35) An error when invoking the "login" command can result in unexpected high privileges. 36) A boundary error in telnet can be exploited to cause a stack-based buffer overflow when connecting to a server with an overly long canonical name in its DNS address record. For more information: SA35056 38) Multiple vulnerabilities in FreeType can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library. For more information: SA20100 SA25350 SA34723 39) A vulnerability in xterm can be exploited by malicious people to compromise a user's system. For more information: SA33318 40) Multiple vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. For more information: SA29792 SA33970 SOLUTION: Update to Mac OS X v10.5.7 or apply Security Update 2009-002. Security Update 2009-002 (Server Tiger PPC): http://support.apple.com/downloads/DL819/SecUpdSrvr2009-002PPC.dmg Security Update 2009-002 (Tiger Intel): http://support.apple.com/downloads/DL817/SecUpd2009-002Intel.dmg Security Update 2009-002 (Server Universal): http://support.apple.com/downloads/DL816/SecUpdSrvr2009-002Univ.dmg Mac OS X Server 10.5.7 Update: http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg Mac OS X Server Combo 10.5.7: http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dmg Security Update 2009-002 (Tiger PPC): http://support.apple.com/downloads/DL818/SecUpd2009-002PPC.dmg Mac OS X 10.5.7 Update: http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg Mac OS X 10.5.7 Combo Update: http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Charlie Miller of Independent Security Evaluators 4) Andrew Mortensen of the University of Michigan 5) Moritz Jodeit, n.runs AG 7) Barry K. Nathan 8) Alin Rad Pop, Secunia Research and Will Dormann, CERT/CC 10) Tiller Beauchamp, IOActive 14, 15) Brian Mastenbrook 17) Chris Weber of Casaba Security 20) An anonymous researcher working with Verisign iDefense VCP 30) Damian Put and Sebastian Apelt, working with ZDI, and Chris Ries of Carnegie Mellon University Computing Services 38) Tavis Ormandy of the Google Security Team OTHER REFERENCES: SA13968: http://secunia.com/advisories/13968/ SA20100: http://secunia.com/advisories/20100/ SA25350: http://secunia.com/advisories/25350/ SA29792: http://secunia.com/advisories/29792/ SA31384: http://secunia.com/advisories/31384/ SA31430: http://secunia.com/advisories/31430/ SA31450: http://secunia.com/advisories/31450/ SA31478: http://secunia.com/advisories/31478/ SA31558: http://secunia.com/advisories/31558/ SA31602: http://secunia.com/advisories/31602/ SA31745: http://secunia.com/advisories/31745/ SA32137: http://secunia.com/advisories/32137/ SA32560: http://secunia.com/advisories/32560/ SA32964: http://secunia.com/advisories/32964/ SA33318: http://secunia.com/advisories/33318/ SA33338: http://secunia.com/advisories/33338/ SA33404: http://secunia.com/advisories/33404/ SA33406: http://secunia.com/advisories/33406/ SA33970: http://secunia.com/advisories/33970/ SA34012: http://secunia.com/advisories/34012/ SA34291: http://secunia.com/advisories/34291/ SA34347: http://secunia.com/advisories/34347/ SA34608: http://secunia.com/advisories/34608/ SA34723: http://secunia.com/advisories/34723/ SA34978: http://secunia.com/advisories/34978/ SA35056: http://secunia.com/advisories/35056/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. Apple Mac OS X is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain kernel-level privileges, which may lead to a complete compromise of the affected computer. NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 05.12.09 http://labs.idefense.com/intelligence/vulnerabilities/ May 12, 2009 I. OS X is the tenth major version of Apple's operating system for Macintosh computers and is Unix-based. For more information, see the vendor's site found at the following link. http://www.apple.com/support/leopard/internet/ II. This allows the kernel to schedule events to take place in a task. III. Upon successful exploitation, the attacker could elevate privileges by changing the effective user id to root of an attacker controlled process. Alternatively an attacker could also add or alter kernel code in memory that is commonly referred to as a rootkit. IV. V. WORKAROUND iDefense is currently unaware of any workaround for this issue. VI. VENDOR RESPONSE Apple Inc. has released a patch which addresses this issue. For more information, consult their advisory at the following URL: http://support.apple.com/kb/HT3549 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-1517 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 03/19/2008 - Initial Contact 03/31/2009 - Attribution Request 04/01/2009 - Attribution Sent 04/01/2009 - CVE Requested 05/12/2009 - Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by Neil Kettle (mu-b) of www.digit-labs.org. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKDDt8bjs6HoxIfBkRAvXGAJ95Kgxxt6ovkw8gM387yynMaltRGQCgmW9w zBM997tpgIxs1x/LoVZQMIQ= =C4Kw -----END PGP SIGNATURE----- . I. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. These and other updates are available via Software Update or via Apple Downloads. References * Apple Security Update 2009-002 - <http://support.apple.com/kb/HT3549> * Safari 3.2.3 - <http://support.apple.com/kb/HT3550> * Apple Downloads - <http://support.apple.com/downloads/> * Software Update - <https://support.apple.com/kb/HT1338?viewlocale=en_US> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-133A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA09-133A Feedback VU#175188" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. ---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. 1) A vulnerability in Apache when handling FTP proxy requests can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA31384 2) A boundary error in the handling of Compact Font Format (CFF) fonts in Apple Type Services can be exploited to cause a heap-based buffer overflow when specially crafted document is downloaded or viewed. Successful exploitation allows execution of arbitrary code. 3) A vulnerability in BIND can potentially be exploited by malicious people to conduct spoofing attacks. For more information: SA33404 4) An error in the parsing of Set-Cookie headers in CFNetwork can result in applications using CFNetwork sending sensitive information in unencrypted HTTP requests. 5) An unspecified error in the processing of HTTP headers in CFNetwork can be exploited to cause a heap-based buffer overflow when visiting a malicious web site. Successful exploitation allows execution of arbitrary code. 6) Multiple errors exist in the processing of PDF files in CoreGraphics, which can be exploited to corrupt memory and execute arbitrary code via a specially crafted PDF file. 7) An integer underflow error in the processing of PDF files in CoreGraphics can be exploited to cause a heap-based buffer overflow when specially crafted PDF files is opened. Successful exploitation allows execution of arbitrary code. 8) Multiple vulnerabilities in the processing of JBIG2 streams within PDF files in CoreGraphics can be exploited by malicious people to compromise a user's system. For more information: SA34291 9) Multiple vulnerabilities in cscope can be exploited by malicious people to compromise a user's system. For more information: SA34978: 10) A boundary error in the handling of disk images can be exploited to cause a stack-based buffer overflow when a specially crafted disk image is mounted. 11) Multiple unspecified errors in the handling of disk images can be exploited to cause memory corruptions when a specially crafted disk image is mounted. Successful exploitation of vulnerabilities #10 and #11 allows execution of arbitrary code. 12) Multiple vulnerabilities in enscript can be exploited by malicious people to compromise a vulnerable system. For more information: SA13968 SA32137 13) Multiple vulnerabilities in the Flash Player plugin can be exploited by malicious people to compromise a user's system. For more information: SA34012 14) An error in Help Viewer when loading Cascading Style Sheets referenced in URL parameters can be exploited to invoke arbitrary AppleScript files. 15) A vulnerability exists due to Help Viewer not validating that full paths to HTML documents are within registered help books, which can be exploited to invoke arbitrary AppleScript files. Successful exploitation of vulnerabilities #14 and #15 allows execution of arbitrary code. 16) An error in iChat can result in AIM communication configured for SSL to be sent in plaintext. 17) An error in the handling of certain character encodings in ICU can be exploited to bypass filters on websites that attempt to mitigate cross-site scripting. 18) Some vulnerabilities in IPSec can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA31450 SA31478 19) Multiple vulnerabilities in Kerberos can be exploited by malicious people to potentially disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA34347 20) An error in the handling of workqueues within the kernel can be exploited by malicious, local users to cause a DoS or execute arbitrary code with Kernel privileges. 21) An error in Launch Services can cause Finder to repeatedly terminate and relaunch when a specially crafted Mach-O is downloaded. 22) A vulnerability in libxml can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA31558 23) A vulnerability in Net-SNMP can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA32560 24) A vulnerability in Network Time can be exploited by malicious people to conduct spoofing attacks. For more information: SA33406 25) A vulnerability in Network Time can be exploited by malicious people to potentially compromise a user's system. For more information: SA34608 26) A vulnerability in Networking can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA31745 27) A vulnerability in OpenSSL can be exploited by malicious people to conduct spoofing attacks. For more information: SA33338 28) Some vulnerabilities in PHP can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system, and by malicious, local users to bypass certain security restrictions. For more information: SA32964 29) An unspecified error in QuickDraw Manager can be exploited to cause a memory corruption and potentially execute arbitrary code via a specially crafted PICT image. 30) An integer underflow error in the handling of PICT images in QuickDraw Manager can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file. Successful exploitation allows execution of arbitrary code. 31) Multiple vulnerabilities in ruby can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. For more information: SA31430 SA31602 32) An error in the use of the OpenSSL library in ruby can cause revoked certificates to be accepted. 33) A vulnerability in Safari when handling "feed:" URLs can be exploited to compromise a user's system. For more information: SA35056 34) Multiple unspecified errors in Spotlight can be exploited to cause memory corruptions and execute arbitrary code when a specially crafted Office document is downloaded. 35) An error when invoking the "login" command can result in unexpected high privileges. 36) A boundary error in telnet can be exploited to cause a stack-based buffer overflow when connecting to a server with an overly long canonical name in its DNS address record. Successful exploitation may allow execution of arbitrary code. 37) A vulnerability in WebKit when handling SVGList objects can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA35056 38) Multiple vulnerabilities in FreeType can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library. For more information: SA20100 SA25350 SA34723 39) A vulnerability in xterm can be exploited by malicious people to compromise a user's system. For more information: SA33318 40) Multiple vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. For more information: SA29792 SA33970 SOLUTION: Update to Mac OS X v10.5.7 or apply Security Update 2009-002. Security Update 2009-002 (Server Tiger PPC): http://support.apple.com/downloads/DL819/SecUpdSrvr2009-002PPC.dmg Security Update 2009-002 (Tiger Intel): http://support.apple.com/downloads/DL817/SecUpd2009-002Intel.dmg Security Update 2009-002 (Server Universal): http://support.apple.com/downloads/DL816/SecUpdSrvr2009-002Univ.dmg Mac OS X Server 10.5.7 Update: http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg Mac OS X Server Combo 10.5.7: http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dmg Security Update 2009-002 (Tiger PPC): http://support.apple.com/downloads/DL818/SecUpd2009-002PPC.dmg Mac OS X 10.5.7 Update: http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg Mac OS X 10.5.7 Combo Update: http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Charlie Miller of Independent Security Evaluators 4) Andrew Mortensen of the University of Michigan 5) Moritz Jodeit, n.runs AG 7) Barry K. Nathan 8) Alin Rad Pop, Secunia Research and Will Dormann, CERT/CC 10) Tiller Beauchamp, IOActive 14, 15) Brian Mastenbrook 17) Chris Weber of Casaba Security 20) An anonymous researcher working with Verisign iDefense VCP 30) Damian Put and Sebastian Apelt, working with ZDI, and Chris Ries of Carnegie Mellon University Computing Services 38) Tavis Ormandy of the Google Security Team OTHER REFERENCES: SA13968: http://secunia.com/advisories/13968/ SA20100: http://secunia.com/advisories/20100/ SA25350: http://secunia.com/advisories/25350/ SA29792: http://secunia.com/advisories/29792/ SA31384: http://secunia.com/advisories/31384/ SA31430: http://secunia.com/advisories/31430/ SA31450: http://secunia.com/advisories/31450/ SA31478: http://secunia.com/advisories/31478/ SA31558: http://secunia.com/advisories/31558/ SA31602: http://secunia.com/advisories/31602/ SA31745: http://secunia.com/advisories/31745/ SA32137: http://secunia.com/advisories/32137/ SA32560: http://secunia.com/advisories/32560/ SA32964: http://secunia.com/advisories/32964/ SA33318: http://secunia.com/advisories/33318/ SA33338: http://secunia.com/advisories/33338/ SA33404: http://secunia.com/advisories/33404/ SA33406: http://secunia.com/advisories/33406/ SA33970: http://secunia.com/advisories/33970/ SA34012: http://secunia.com/advisories/34012/ SA34291: http://secunia.com/advisories/34291/ SA34347: http://secunia.com/advisories/34347/ SA34608: http://secunia.com/advisories/34608/ SA34723: http://secunia.com/advisories/34723/ SA34978: http://secunia.com/advisories/34978/ SA35056: http://secunia.com/advisories/35056/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists during the parsing of malformed SVGLists via the SVGPathList data structure, the following lists are affected: SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, SVGLengthList. When a negative index argument is suppled to the insertItemBefore() method, a memory corruption occurs resulting in the ability to execute arbitrary code. WebKit is prone to a remote memory-corruption vulnerability. Failed exploit attempts will result in a denial-of-service condition. The issue also affects the following: Apple Safari prior to 3.2.3 Apple Mac OS X v10.5 through v10.5.6, Apple Mac OS X Server v10.5 through v10.5.6 Google Chrome prior to 1.0.154.65. Safari is the web browser bundled by default in the Apple operating system. There is a memory corruption vulnerability in the processing of SVGList objects in WebKit in Safari. Visiting malicious websites will lead to arbitrary code execution. Safari has multiple input validation errors in its handling of the feed: URL, and accessing a malicious feed: URL can lead to arbitrary JavaScript execution. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791). (CVE-2009-1709). This update provides a solution to this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709 _______________________________________________________________________ Updated Packages: Corporate 4.0: 0ec7bf7b568cd017c976b581046a4665 corporate/4.0/i586/kdegraphics-3.5.4-0.9.20060mlcs4.i586.rpm 32bf2180033208d0d7fb98a1670f76ef corporate/4.0/i586/kdegraphics-common-3.5.4-0.9.20060mlcs4.i586.rpm fc4d07f38b7c38a41924a87d1da87a7b corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.i586.rpm 60ac7ec91991f24378608445602156b4 corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.i586.rpm e23a46f8928ff9bf43dfb85d030d66f4 corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.i586.rpm 0da4d8567fd0102fa3b71e14d7e77cce corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.i586.rpm 71e5fc67191644df05dc3eeaf3eea182 corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm 5f712336e95e534ee5438bd6b601a6d5 corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.i586.rpm b37b6097ac674ebc3296125ed1c33615 corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.i586.rpm d873b5de956fa6f936135a0046387bf1 corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.i586.rpm 2474e300ccd833db71a756b34d9fec94 corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.i586.rpm 0454ff14fce7eda256890967555693bb corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm bd79021aab7f406657774da069cc677d corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.i586.rpm 5ab29c519209bc802613729896d84c63 corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.i586.rpm 771cf8aa682b615babcc8748cc09f4a9 corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm 1445a204c7aa0dae1eefab7b0d5f5839 corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.i586.rpm fbd113f1442541e0cb05b624a2e08c74 corporate/4.0/i586/kdegraphics-kview-3.5.4-0.9.20060mlcs4.i586.rpm 94dec05663eb9499d974ba3d6b14e885 corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.i586.rpm 86ca6e187a798897c25d5c9a66112b96 corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.9.20060mlcs4.i586.rpm ed07099f0f6983c87188cd7cbe6fa4f5 corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.i586.rpm 978a543e6af07842a0facab486419848 corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm 9a7f4cf394eda5f91fe2d288bf6f6248 corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.i586.rpm c47855bb4af164237de071eca478b852 corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.9.20060mlcs4.i586.rpm 61361d801c9e0bfc677147a0ebed83cc corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.i586.rpm 78333238aa1949fbd32f4bbe17587819 corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm cd42ba63d5df96750d5e0b65662a16c7 corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.i586.rpm 45077a5366e72fd55f7ddf819ce087f9 corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm efbe90c91e2762073332c0994bdf0349 corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.i586.rpm 4acdcf255082a2bb7328a4ac805dbcaa corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.9.20060mlcs4.i586.rpm fddafb351cdd4da03e33f08d4af73622 corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.i586.rpm 64deef0a4a406a04f476f5263478d2e3 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0fd67ad8a003f2cc7b4b5b0f295af59e corporate/4.0/x86_64/kdegraphics-3.5.4-0.9.20060mlcs4.x86_64.rpm 1e62299bf29230174331f43de7215366 corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.9.20060mlcs4.x86_64.rpm a9c5b4e3f0db3db937261c8f504c44ca corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.x86_64.rpm 0c0cfaf7fb1fe22bac1740425df135b2 corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.x86_64.rpm 9e961f83cdc9734007f9d5a90f4c888c corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.x86_64.rpm a7a5204dadd20443f879cc696906ed70 corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.x86_64.rpm 1bfb78ecd8e44dc61c48dad786238bad corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm ddf5c19dbfcc64bb227173cb331dd661 corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.x86_64.rpm 3b77da395b388a38a39805244ffb45dc corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.x86_64.rpm 52a4a93e2655edafc36d2e75c4adacb0 corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm 6f4cdfee02441d22543b93252023490c corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.x86_64.rpm e7351156f775cda56b9a026d6d230b66 corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm 54062812371d272f1f7115143d750d18 corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.x86_64.rpm 7967101313636798c9e67d7d6d9f7e8e corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.x86_64.rpm db3dc6a00c46848ae9a31f8db2adb76b corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm 7bf017292f4ea7eb0007e30ee5f7ea06 corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.x86_64.rpm ea3a9b102557f7b71e5988b11812fb9d corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm 49ce4f2918d3ca3a726f157db4e326ff corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.x86_64.rpm 37962c005b21c9f034168193ac143686 corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.9.20060mlcs4.x86_64.rpm 78bc99fdf48570c57b8d8e04578d0b0f corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm f2627650fccc5194666844f18ff6a2e9 corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm d6031ac8e48c554df0456a5c6ca25a6c corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm e485c792b85edd25c29025900c71d9a5 corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm c9d19e68cc7d9b1c17fce9f572c063d7 corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm c984a53011f393d7cbb6f2cc0774efa3 corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm 8d1c6a2c8eaf161632f5a333bd1639d8 corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm 0f066ee3e189779638a4c5d7c6d08b78 corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm 7efa7c6905de7b624e95ea8ba16088d8 corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm e407dc0360d9108ce56b58b0bbce8d7e corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm a1227e9c72b228994582c91678763e1e corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm 64deef0a4a406a04f476f5263478d2e3 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLIQ2nmqjQ0CJFipgRAtveAKDD76Mn1SvVN71DMEESnFqN7Qk5+wCdGGMa H2tf9QJ8H8rPmPybWHl8Yxs= =DMWI -----END PGP SIGNATURE----- . ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-022 May 13, 2009 -- CVE ID: CVE-2009-0945 -- Affected Vendors: Apple -- Affected Products: Apple Safari -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6960. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3549 -- Disclosure Timeline: 2009-03-19 - Vulnerability reported to vendor 2009-05-13 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Nils -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ . (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1950 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano December 12, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : webkit Vulnerability : several Problem type : remote (local) Debian-specific: no CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714 CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693 CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692 Debian Bug : 532724 532725 534946 535793 538346 Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. CVE-2009-1711 WebKit does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. CVE-2009-1725 WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. CVE-2009-1714 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. CVE-2009-1710 WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. CVE-2009-1697 CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. CVE-2009-1695 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. CVE-2009-1693 WebKit allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." CVE-2009-1694 WebKit does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." CVE-2009-1681 WebKit does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. CVE-2009-1684 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. CVE-2009-1692 WebKit allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. For the stable distribution (lenny), these problems has been fixed in version 1.0.1-4+lenny2. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.1.16-1. We recommend that you upgrade your webkit package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466 http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz Size/MD5 checksum: 35369 506c8f2fef73a9fc856264f11a3ad27e http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc Size/MD5 checksum: 1447 b5f01d6428f01d79bfe18338064452ab Architecture independent packages: http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb Size/MD5 checksum: 35164 df682bbcd13389c2f50002c2aaf7347b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 4254938 252b95b962bda11c000f9c0543673c1b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 3502994 4a96cad1e302e7303d41d6f866215da4 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950 arm architecture (ARM) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb Size/MD5 checksum: 2721324 1fac2f59ffa9e3d7b8697aae262f09e4 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb Size/MD5 checksum: 2770654 5b88754e9804d9290537afdf6127643a http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 3869020 c61be734b6511788e8cc235a5d672eab http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb Size/MD5 checksum: 3016584 b854f5294527adac80e9776efed37cd7 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 5547624 2bd2100a345089282117317a9ab2e7d1 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb Size/MD5 checksum: 3109134 a680a8f105a19bf1b21a5034c14c4822 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 2992848 952d643be475c35e253a8757075cd41b http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb Size/MD5 checksum: 3456914 6fc856a50b3f899c36381ed8d51af44e http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 3499170 3f2084d6416459ce1416bd6f6f2845e3 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksjbAYACgkQNxpp46476aqm7wCaAk6WARfBzzrdYYoxAUKA5weL V5YAmwRkz4XNwdcqnPzdeDzoakljqf1s =DBEQ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-822-1 August 24, 2009 kde4libs, kdelibs vulnerabilities CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: kdelibs4c2a 4:3.5.10-0ubuntu1~hardy1.2 Ubuntu 8.10: kdelibs4c2a 4:3.5.10-0ubuntu6.1 kdelibs5 4:4.1.4-0ubuntu1~intrepid1.2 Ubuntu 9.04: kdelibs4c2a 4:3.5.10.dfsg.1-1ubuntu8.1 kdelibs5 4:4.2.2-0ubuntu5.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that KDE-Libs did not properly handle certain malformed SVG images. This issue only affected Ubuntu 9.04. (CVE-2009-0945) It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. (CVE-2009-1687) It was discovered that KDE-Libs did not properly handle HTML content in the head element. (CVE-2009-1690) It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. (CVE-2009-1698) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2.diff.gz Size/MD5: 1809719 988ba0b3fcdebaacd489ef624af90d52 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2.dsc Size/MD5: 1729 c2ba26fd1969292837be77339835463e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu1~hardy1.2_all.deb Size/MD5: 7326386 15016f77751a853d96fbc549bdd0a487 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu1~hardy1.2_all.deb Size/MD5: 25454764 b8e521c8bfc228667701baad29f9ea0b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2_all.deb Size/MD5: 9322 8a87b3a4fed9f227bb9e2eb0c0cd4829 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_amd64.deb Size/MD5: 26758194 806e9679c84113d44a6fdcb3827e22b6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_amd64.deb Size/MD5: 1381550 739025e9a5f87b174b1b099b8c1f3e4f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_amd64.deb Size/MD5: 10654972 04e9b1429bb914d202bfedfc652dab2f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_i386.deb Size/MD5: 25990732 a09812c65c6e8d93ed21591cee340396 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_i386.deb Size/MD5: 1410600 4f6d363ac598ecf83ab910e920cb08b0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_i386.deb Size/MD5: 9614618 de2bdf46fa444443af067acdb288d758 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_lpia.deb Size/MD5: 25971080 5073531043650dac33a01175fd9ba304 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_lpia.deb Size/MD5: 1375956 fbcbdc659fc44128a4bf37afdc3d466b http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_lpia.deb Size/MD5: 9642602 904999dc74b11f078c50b9798be80b41 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_powerpc.deb Size/MD5: 27656762 88ea3f12cee10e81fe212f604697ee87 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_powerpc.deb Size/MD5: 1393490 7b6d787cba530e950ac4e783693cbce9 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_powerpc.deb Size/MD5: 10453190 a09dadf79f488712a21d49a829e26c79 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_sparc.deb Size/MD5: 25026168 a2066fad04e4b92cb4374a10f3ca4912 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_sparc.deb Size/MD5: 1376552 ca7b84a5ea9c36ca36d51b113335ab70 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_sparc.deb Size/MD5: 9596082 29426bec2f7943549b046d8aced4172d Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.2.diff.gz Size/MD5: 94086 bca07843a8dbb43504199cf28f5e5e66 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.2.dsc Size/MD5: 2308 42bc5a6639b095c402aa1336159b958a http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4.orig.tar.gz Size/MD5: 11190299 18264580c1d6d978a3049a13fda36f29 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1.diff.gz Size/MD5: 720448 8dc9da15189485cac9374322825bccbc http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1.dsc Size/MD5: 2284 e99a996b350144fdf4bef83e6f339ce5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.1.4-0ubuntu1~intrepid1.2_all.deb Size/MD5: 3110640 8abefbf8d9f4c168a645761589c2935e http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-doc_4.1.4-0ubuntu1~intrepid1.2_all.deb Size/MD5: 68582 86eda9548527b86c791c29789ed7fe28 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu6.1_all.deb Size/MD5: 7321518 162272e6155b3cd9f3ea08c566b80e5b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu6.1_all.deb Size/MD5: 25522224 a0ce548bf6862e68285df52ac391c429 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1_all.deb Size/MD5: 2270 650ab9bbf7f9748a9344495da23a2c82 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 395434 02fdee1fed9ff829a045d3785730d2fd http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 66055728 a8c41d8a9dc4e540a2c7d0c8199799a4 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 1440484 79881c87f9bd56d377790807842c3dcb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 10104606 421e72c07c231a7a68bcbca2c8069062 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_amd64.deb Size/MD5: 27376386 59c3b6c1110365d63e1da80c363b96da http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_amd64.deb Size/MD5: 1371456 f25f7f7b7fbc0c99df8ca1f2e734a64c http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_amd64.deb Size/MD5: 10929852 e55ab2261280a73df4d75b9a0112ec87 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 371576 68138ccb311714315e34a88645c29b33 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 65218012 5fd7fa06fa0d28c98f75c58b3c8130ee http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 1437924 c1df5e2b5b8aa17774b23e651b9a88ee http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 9524338 f0a135714a94aefab44f7380a40e967f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_i386.deb Size/MD5: 26665042 cf31490fcc88f793c5ea6175b29b4df3 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_i386.deb Size/MD5: 1404872 d383c99760eb1c92ab22a52bd6f33d4e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_i386.deb Size/MD5: 10144008 7e596d9e1464e5d016f674fb5d73b869 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 376410 ffc3b92e989c2a301559ebeea2f03d6e http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 65334318 d54fd6082a0ab4c1d324759379674b3d http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 1440518 01b987ef5588a94e82dbffa4f5afd1a1 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 9536660 c3369e8abf325a91ab192e1349c3ecb2 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_lpia.deb Size/MD5: 26674802 9de5792962f3c0bb21358f44aa000267 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_lpia.deb Size/MD5: 1368306 b21739dc8c80f55ce0205efcdd2f2e08 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_lpia.deb Size/MD5: 10141386 ee45606aa19cc8ceaeb73c5d4e6048c5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 422856 6467cb43fcd16c4d6db7ff5053aaec1b http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 69277942 6820294b0c9505435fbff224c1a4f4f2 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 1445424 99b6afac70dead785c3211a9e92516f6 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 10239400 be1872cf9859bf46176a2d485584134f http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_powerpc.deb Size/MD5: 28217616 c2360441a42e8b9d8b91120b38d8ba51 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_powerpc.deb Size/MD5: 1380892 2841eff5fc2a0a50227ca9a8d34c0a3b http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_powerpc.deb Size/MD5: 10748632 f6e7de17cd38ee62c1f082a4fb218949 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 381184 1718118e08731a9690a5ce00f0c9f88b http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 64515916 f380c0a0865f4dbaad6b7e2d22d93294 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 1437568 14c1a84e7a518b443b0e851ef41f9ada http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 9653946 803926ff9f9cc59a2f728d1aef8affbd http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_sparc.deb Size/MD5: 25440578 311423fbaa788d51978e7857010c9242 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_sparc.deb Size/MD5: 1368492 d4364357c5450b07aca1aa8981d96290 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_sparc.deb Size/MD5: 9800480 4dc89a5d63ce16463a822f16fb82f3d7 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.1.diff.gz Size/MD5: 102579 71b53faad8570c6ad92c0fc5e6aa4dfb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.1.dsc Size/MD5: 2305 558c2bdbbdb899c71197683df45fc75d http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2.orig.tar.gz Size/MD5: 12335659 83d6a0d59e79873bbe0a5a90ef23f27e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1.diff.gz Size/MD5: 724421 c73109ccdfb1d6c01eda7b6c0b4934a2 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1.dsc Size/MD5: 2342 8ee55c88b43902a23d127d14917511be http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.2.2-0ubuntu5.1_all.deb Size/MD5: 1991468 99747c4c57d32b9d7477ff0c418cbd1b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-1ubuntu8.1_all.deb Size/MD5: 6751880 d7dfaf8fc4b8e658722a2beaaa3403d6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1_all.deb Size/MD5: 2272 fcf90c11a73566f41fd0eb5b54c4ee8f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 280594 b0ccdd311755d4d73e4ae5c14b749c41 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 44148058 a7db92bd1bcf982314b0b89c1651a39b http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 1091210 b5430381f4c37424295eed580303a58c http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 7069750 e38c9e852339ef6c2134421765ed4eeb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 102446 4370939a24e6e0783da79e4781a63b33 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 611834 f61383e1830f92ed8ce2331ce4b8a366 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb Size/MD5: 27110136 a617a5b148e5e78f3b8523198869c8b0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb Size/MD5: 1360082 d22364103ba04d238e9c6ce6632132c4 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb Size/MD5: 10782444 6fea32d8dd41bfae44c2c6392e74928d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 268936 55d68e9bbd600e288721479d2b90e16e http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 43456236 4fe778549740544eb1304cfba184d899 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 1090396 db9306ddd8d1029b523ef398cb0acfcb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 6775516 374ea41072ec5221589c5f022f648434 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 126910 e4dbfd8386ea15fb613d7d56c971fd5e http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 569616 b83e42d5f01e5e64ebb376820855771d http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_i386.deb Size/MD5: 26382844 e88d283fb997e17aa96e8d7b0d6ca41e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_i386.deb Size/MD5: 1394762 97bb37a8d0c8d60e278b671e14ee678b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_i386.deb Size/MD5: 10006808 1e023a799c01aa6826ec770afbd68c90 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 275124 9779e3644ebfe8d78b7a4e3ffbf911f1 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 43588032 45eed1b291e0bd64bbbbbb3310d0f627 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 1092816 f7f13887c87e7ff27ae68785010e6720 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 6849342 b864a2c9fa03c050581a3102194adc1b http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 102444 7fee9a94b561c3fc03eac8de41b9ced5 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 599800 9a75c9c7a63848de9c911e45370556e4 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb Size/MD5: 26385234 73d6c254de10b86ee1c4e042ad6af402 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb Size/MD5: 1356828 d361a888c74d0c508876404cbcad4af5 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb Size/MD5: 10020040 4f9bc1c45c3dd04185de146cb1d1f4fd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 269632 341b2a4e4e1dc63aa429a525ac5a2cd4 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 43129040 2288d1735b6c017024e04702626a139d http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 1089846 b7ce576938df67875e4cd0e61c86f9cd http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 6201830 fa9f8330ab5390563e78f2dbdce2e3e5 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 102426 1cc244e9262435b1779586108b2388af http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 554306 bc91379d58e2cc610671b092fcacbeb5 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb Size/MD5: 27928600 45b14e2a27fba6bd686880d8db9df586 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb Size/MD5: 1369304 3d402371b107efa1a35551ebf4d5b502 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb Size/MD5: 10611572 a85ed7be116a175427d9da3ab4d1325f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 249574 e2e1b89231e89f4756c5abf11fc3f336 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 40331324 5505211faa8ff8b08be22e533dd49dff http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 1086200 4f8049b2f341873fd26ecb2b03b1ba21 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 5941632 a62ca018afa73d9d42feabd7cd12e534 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 102468 6e6a2473358e87b7866b4844659d5a85 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 529504 cc978af233ef52e1211e52ad00199cb0 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb Size/MD5: 25158764 020573ace30e4a179891aec0abe60149 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb Size/MD5: 1356898 a5c04c3bfce3e79bac6ad5be6b97e212 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb Size/MD5: 9662850 c7a7204aede16a1951ec1af8a26b4d1c

Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content.". Safari is prone to a security bypass vulnerability. Safari is Apple Computer's bundled web browser

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code. Wvc54gc is prone to a information disclosure vulnerability. The Linksys WVC54GCA is a wireless network camera

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. Citrix NetScaler Access Gateway is prone to a vulnerability that can allow an attacker to gain unauthorized access to network resources, which may help in other attacks. This issue affects NetScaler Access Gateway Enterprise Edition with firmware 8.1 and earlier. NOTE: Appliances running version 9.0 that were upgraded from a previous version are also affected

The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. eBay PayPal is prone to a security-bypass vulnerability because it fails to properly verify x.509 certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers which will aid in further attacks. NOTE: This issue affects connections on unsecured Wi-Fi networks. Versions prior to PayPal 3.0.1 for iOS-based mobile devices are vulnerable. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: McAfee Products Archive Handling Security Bypass SECUNIA ADVISORY ID: SA34949 VERIFY ADVISORY: http://secunia.com/advisories/34949/ DESCRIPTION: Some weaknesses have been reported in various McAfee products, which can be exploited by malware to bypass the scanning functionality. The weaknesses are caused due to errors in the handling of archive file formats (e.g. SOLUTION: Update .DAT files to DAT 5600 or later. http://www.mcafee.com/apps/downloads/security_updates/dat.asp PROVIDED AND/OR DISCOVERED BY: * Thierry Zoller * The vendor also credits Mickael Roger. ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Thierry Zoller: http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ________________________________________________________________________ From the low-hanging-fruit-department - Mcafee multiple generic evasions ________________________________________________________________________ Release mode: Coordinated but limited disclosure. Ref : TZO-182009 - Mcafee multiple generic evasions WWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html Vendor : http://www.mcafee.com Status : Patched CVE : CVE-2009-1348 (provided by mcafee) https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Security notification reaction rating : very good Notification to patch window : +-27 days (Eastern holidays in between) Disclosure Policy : http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html Affected products : - McAfee VirusScan\xae Plus 2009 - McAfee Total Protection\x99 2009 - McAfee Internet Security - McAfee VirusScan USB - McAfee VirusScan Enterprise - McAfee VirusScan Enterprise Linux - McAfee VirusScan Enterprise for SAP - McAfee VirusScan Enterprise for Storage - McAfee VirusScan Commandline - Mcafee SecurityShield for Microsoft ISA Server - Mcafee Security for Microsoft Sharepoint - Mcafee Security for Email Servers - McAfee Email Gateyway - McAfee Total Protection for Endpoint - McAfee Active Virus Defense - McAfee Active VirusScan It is unkown whether SaaS were affected (tough likely) : - McAfee Email Security Service - McAfee Total Protection Service Advanced I. Background ~~~~~~~~~~~~~ Quote: "McAfee proactively secures systems and networks from known and as yet undiscovered threats worldwide. Home users, businesses, service providers, government agencies, and our partners all trust our unmatched security expertise and have confidence in our comprehensive and proven solutions to effectively block attacks and prevent disruptions." II. Description ~~~~~~~~~~~~~~~ The parsing engine can be bypassed by a specially crafted and formated RAR (Headflags and Packsize),ZIP (Filelenght) archive. III. Impact ~~~~~~~~~~~ A general description of the impact and nature of AV Bypasses/evasions can be read at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html The bug results in denying the engine the possibility to inspect code within RAR and ZIP archives. There is no inspection of the content at all and hence the impossibility to detect malicious code. IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD/MM/YYYY 04/04/2009 : Send proof of concept RAR I, description the terms under which I cooperate and the planned disclosure date 06/04/2009 : Send proof of concept RAR II, description the terms under which I cooperate and the planned disclosure date 06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack acknowledges receipt of RARII 10/04/2009 : Send proof of concept ZIP I, description the terms under which I cooperate and the planned disclosure date 21/04/2009 : Mcafee provides CVE number CVE-2009-1348 28/04/2009 : Mcafee informs me that the patch might be released on the 29th 29/04/2009 : Mcafee confirms patch release and provides URL https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT 29/04/2009 : Ask for affected versions 29/04/2009 : Mcafee replies " This issue does affect all vs engine products, including both gateway and endpoint" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.". Multiple browsers are prone to a security-bypass vulnerability because they fail to display warnings when pages operating in a secure context try to request resources through insecure methods. Attackers may exploit this vulnerability to aid in phishing attacks or to obtain sensitive information. Other attacks are also possible. Note that to take advantage of this issue, an attacker must be able to intercept or control network traffic. This would normally be possible through a man-in-the-middle attack, DNS poisoning, or similar vectors. The following are vulnerable: Microsoft Internet Explorer Mozilla Firefox Apple Safari Opera Google Chrome Other browsers may also be affected

Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. Multiple browsers are prone to a man-in-the-middle vulnerability. Attackers may exploit this vulnerability to aid in phishing attacks or to obtain sensitive information. Other attacks are also possible. Note that to take advantage of this issue, an attacker must be able to intercept or control network traffic. This would normally be possible through a man-in-the-middle attack, DNS poisoning, or similar vectors. The following are vulnerable: Mozilla Firefox prior to 3.0.10 Apple Safari prior to 3.2.2 Opera prior to 9.25 Additional browsers may also be affected. A man-in-the-middle attacker can modify the content of an http site by modifying the response of the content and causing an attack on any http network site. A 302 redirect message to execute arbitrary web scripts

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. Multiple McAfee products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. The issue affects all McAfee software that uses DAT files. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: McAfee Products Archive Handling Security Bypass SECUNIA ADVISORY ID: SA34949 VERIFY ADVISORY: http://secunia.com/advisories/34949/ DESCRIPTION: Some weaknesses have been reported in various McAfee products, which can be exploited by malware to bypass the scanning functionality. The weaknesses are caused due to errors in the handling of archive file formats (e.g. SOLUTION: Update .DAT files to DAT 5600 or later. http://www.mcafee.com/apps/downloads/security_updates/dat.asp PROVIDED AND/OR DISCOVERED BY: * Thierry Zoller * The vendor also credits Mickael Roger. ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Thierry Zoller: http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ________________________________________________________________________ From the low-hanging-fruit-department - Mcafee multiple generic evasions ________________________________________________________________________ Release mode: Coordinated but limited disclosure. Ref : TZO-182009 - Mcafee multiple generic evasions WWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html Vendor : http://www.mcafee.com Status : Patched CVE : CVE-2009-1348 (provided by mcafee) https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Security notification reaction rating : very good Notification to patch window : +-27 days (Eastern holidays in between) Disclosure Policy : http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html Affected products : - McAfee VirusScan\xae Plus 2009 - McAfee Total Protection\x99 2009 - McAfee Internet Security - McAfee VirusScan USB - McAfee VirusScan Enterprise - McAfee VirusScan Enterprise Linux - McAfee VirusScan Enterprise for SAP - McAfee VirusScan Enterprise for Storage - McAfee VirusScan Commandline - Mcafee SecurityShield for Microsoft ISA Server - Mcafee Security for Microsoft Sharepoint - Mcafee Security for Email Servers - McAfee Email Gateyway - McAfee Total Protection for Endpoint - McAfee Active Virus Defense - McAfee Active VirusScan It is unkown whether SaaS were affected (tough likely) : - McAfee Email Security Service - McAfee Total Protection Service Advanced I. Background ~~~~~~~~~~~~~ Quote: "McAfee proactively secures systems and networks from known and as yet undiscovered threats worldwide. Home users, businesses, service providers, government agencies, and our partners all trust our unmatched security expertise and have confidence in our comprehensive and proven solutions to effectively block attacks and prevent disruptions." II. Description ~~~~~~~~~~~~~~~ The parsing engine can be bypassed by a specially crafted and formated RAR (Headflags and Packsize),ZIP (Filelenght) archive. III. Impact ~~~~~~~~~~~ A general description of the impact and nature of AV Bypasses/evasions can be read at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html The bug results in denying the engine the possibility to inspect code within RAR and ZIP archives. There is no inspection of the content at all and hence the impossibility to detect malicious code. IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD/MM/YYYY 04/04/2009 : Send proof of concept RAR I, description the terms under which I cooperate and the planned disclosure date 06/04/2009 : Send proof of concept RAR II, description the terms under which I cooperate and the planned disclosure date 06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack acknowledges receipt of RARII 10/04/2009 : Send proof of concept ZIP I, description the terms under which I cooperate and the planned disclosure date 21/04/2009 : Mcafee provides CVE number CVE-2009-1348 28/04/2009 : Mcafee informs me that the patch might be released on the 29th 29/04/2009 : Mcafee confirms patch release and provides URL https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT 29/04/2009 : Ask for affected versions 29/04/2009 : Mcafee replies " This issue does affect all vs engine products, including both gateway and endpoint" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/. Description ~~~~~~~~~~~~~~~ Improper parsing of the PDF structure leads to evasion of detection of malicious PDF documents at scantime and runtime. This has been tested with several malicious PDF files and represents a generic evasion of all PDF signatures and heuristics. General information about evasion/bypasses can be found at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html III. Impact ~~~~~~~~~~~ Known PDF exploits/malware may evade signature detection, 0day exploits may evade heuristics. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD.MM.YYYY 01.06.2009 - Reported 20.10.2009 - McAfee informed us that they published the advisory on their website < waiting for others vendors to patch > 27.10.2009 - G-SEC releases this advisory About G-SEC ~~~~~~~~~~~ G-SEC\x99 is a vendor independent luxemburgish led IT security consulting group. More information available at : http://www.g-sec.lu/ _______________________________________________ Full-Disclosure - We believe in it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. Quagga is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users. Quagga 0.99.11 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz Size/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc Size/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179 Architecture independent packages: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb Size/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb Size/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb Size/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a arm architecture (ARM) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb Size/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb Size/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb Size/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb Size/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb Size/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb Size/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb Size/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7 -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.99.11-2. Updated packages are available that bring Quagga to version 0.99.12 which provides numerous bugfixes over the previous 0.99.9 version, and also corrects this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572 _______________________________________________________________________ Updated Packages: Corporate 4.0: 48c1d2504e08d2a26ac6ace2bc01124d corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm df93a452f47b8926f65a51231dd11f36 corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm d2386e488423fbb81e44cb6dda4de9df corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm d4b9c5e2cec03ce49a76adcfe0e4a42e corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: afc986d05e0bde73541f0cfe5b147d2c corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm 4cc0bec07f2b919abeac75dc06d7f3c0 corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm 3d606fef235993483e9a448665e4e377 corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm f549ced36115d6609ac835c5aca0863d corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKBsjAmqjQ0CJFipgRAkoyAJ4o+uz6I6p3tycZQfB5GbqTsTL5TwCgjJHK lIRHZW4+jB0P4UXMSyVUpxo= =2fxe -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-775-1 May 12, 2009 quagga vulnerability CVE-2009-1572 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.5 Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.2 Ubuntu 8.10: quagga 0.99.9-6ubuntu0.1 Ubuntu 9.04: quagga 0.99.11-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the BGP service in Quagga did not correctly handle certain AS paths containing 4-byte ASNs. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA35685 VERIFY ADVISORY: http://secunia.com/advisories/35685/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA33338 SA33853 SA33884 SA34035 SA34481 SA34746 SA34797 SA35021 SA35128 SA35216 SA35296 SA35344 SA35422 1) A boundary error exists within the "pg_db_putline()" function in perl-DBD-Pg's dbdimp.c. This can be exploited to cause a heap-based buffer overflow if malicious rows are retrieved from the database using the "pg_getline()" or "getline()" function. 2) A memory leak exists within the function "dequote_bytea()" in perl-DBD-Pg's quote.c, which can be exploited to cause a memory exhaustion. 3) Various integer overflow errors exist within the "pdftops" application. This can be exploited to e.g. cause a crash or potentially execute arbitrary code by printing a specially crafted PDF file. 4) A vulnerability is caused due to an assertion error in bgpd when handling an AS path containing multiple 4 byte AS numbers, which can be exploited to crash to the daemon by advertising specially crafted AS paths. SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2009:012: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html OTHER REFERENCES: SA33338: http://secunia.com/advisories/33338/ SA33853: http://secunia.com/advisories/33853/ SA33884: http://secunia.com/advisories/33884/ SA34035: http://secunia.com/advisories/34035/ SA34481: http://secunia.com/advisories/34481/ SA34746: http://secunia.com/advisories/34746/ SA34797: http://secunia.com/advisories/34797/ SA35021: http://secunia.com/advisories/35021/ SA35128: http://secunia.com/advisories/35128/ SA35216: http://secunia.com/advisories/35216/ SA35296: http://secunia.com/advisories/35296/ SA35344: http://secunia.com/advisories/35344/ SA35422: http://secunia.com/advisories/35422/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple Trend Micro products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. ServerProtect for Microsoft Windows/Novell NetWare ServerProtect for EMC Celerra ServerProtect for NetApp ServerProtect for Linux ServerProtect for Network Appliance Filers Internet Security Pro Internet Security OfficeScan Component Worry Free Business Security - Standard Worry Free Business Security - Advanced Worry Free Business Security Hosted Housecall InterScan Web Security Suite InterScan Web Protect for ISA InterScan Messaging Security Appliance Neatsuite Advanced ScanMail for Exchange ScanMail for Domino Suites

Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console.". The impact of this vulnerability is currently unknown. Very few details are available regarding this issue. We will update this BID as more information emerges. Citrix Licensing 11.5 is vulnerable. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. SOLUTION: Update to the latest version of the Licensing Server. https://www.citrix.com/site/SS/downloads/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX120742 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. Pragyan CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Pragyan CMS 2.6.4 is vulnerable; other versions may also be affected

Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information. MuPDF is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: MuPDF "loadexponentialfunc()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA34916 VERIFY ADVISORY: http://secunia.com/advisories/34916/ DESCRIPTION: c has discovered a vulnerability in MuPDF, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a boundary error within the "loadexponentialfunc()" function in pdf_function.c. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in the MuPDF library included in the mupdf-20090223-win32 package. Other versions may also be affected. SOLUTION: Do not process untrusted PDF files using the library. PROVIDED AND/OR DISCOVERED BY: c ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0258.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the server process. Information obtained may aid in further attacks. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware 1.00R22 and 1.00R24 are affected; other versions may also be vulnerable. The Linksys WVC54GCA is a wireless network camera

Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions. Symantec Brightmail Gateway is prone to a remote privilege-escalation vulnerability. Remote authorized attackers who have access to the targeted host's local network can exploit this issue to gain elevated access. Successful exploits may compromise the affected computer and may aid in other attacks. Versions prior to Brightmail Gateway 8.0.1 are vulnerable. Brightmail Gateway is Symantec's information security management platform. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: Symantec Brightmail Gateway Control Center Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34885 VERIFY ADVISORY: http://secunia.com/advisories/34885/ DESCRIPTION: Some vulnerabilities have been reported in Symantec Brightmail Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to bypass certain security restrictions. 1) Certain unspecified input passed to the Control Center is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to version 8.0.1 or later. PROVIDED AND/OR DISCOVERED BY: Marian Ventuneac, Perot Systems ORIGINAL ADVISORY: SYM09-005: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible. Wvc54gca is prone to a directory traversal vulnerability. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the server process. Information obtained may aid in further attacks. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware 1.00R22 and 1.00R24 are affected; other versions may also be vulnerable. The Linksys WVC54GCA is a wireless network camera

Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets. A successful attack allows a remote attacker to cause the application to crash or to consume excessive memory, denying further service to legitimate users. Versions prior to IPsec-Tools 0.7.2 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPSec Tools: Denial of Service Date: May 24, 2009 Bugs: #267135 ID: 200905-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service. Background ========== The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections. * Multiple memory leaks exist in (1) the eay_check_x509sign() function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c (CVE-2009-1632). Impact ====== A remote attacker could send specially crafted fragmented ISAKMP packets without a payload or exploit vectors related to X.509 certificate authentication and NAT traversal, possibly resulting in a crash of the racoon daemon. Workaround ========== There is no known workaround at this time. Resolution ========== All IPSec Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2" References ========== [ 1 ] CVE-2009-1574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574 [ 2 ] CVE-2009-1632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1804-1 security@debian.org http://www.debian.org/security/ Nico Golde May 20th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : ipsec-tools Vulnerability : null pointer dereference, memory leaks Problem type : remote Debian-specific: no Debian bug : 527634 528933 CVE ID : CVE-2009-1574 CVE-2009-1632 Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the following problems: Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets that contain no payload. This results in the daemon crashing which can be used for denial of service attacks (CVE-2009-1574). For the oldstable distribution (etch), this problem has been fixed in version 0.6.6-3.1etch3. For the stable distribution (lenny), this problem has been fixed in version 0.7.1-1.3+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1:0.7.1-1.5. We recommend that you upgrade your ipsec-tools packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc Size/MD5 checksum: 722 8b561cf84ac9c46ec07b037ce3ad06f1 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz Size/MD5 checksum: 49875 7444fb4ad448ccfffe878801a2b88d2e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb Size/MD5 checksum: 343790 9cee9f8c479a3a2952d2913d7bdc4c5d http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb Size/MD5 checksum: 89184 5ccd4554eec28da6d933dc20a8a39393 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_arm.deb Size/MD5 checksum: 325706 9ce7988b74bccee252be7dac7ac8b5f7 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_arm.deb Size/MD5 checksum: 89748 513ded0e4a33200710444e1bf4ab67d8 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_hppa.deb Size/MD5 checksum: 353066 c56644b426ae945ca420d4ca37fc3f2a http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_hppa.deb Size/MD5 checksum: 94092 80b46b6fd60e857c84c588432b098957 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_i386.deb Size/MD5 checksum: 330258 b905d30958bd5c51d355f286f81b8be1 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_i386.deb Size/MD5 checksum: 85046 294ccbc4b51e4942edaeec7cd746dfa3 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_ia64.deb Size/MD5 checksum: 113356 111f0daa2075584c100efc9c11ecef73 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_ia64.deb Size/MD5 checksum: 468296 bd4d69b5e0d4ee39ec564e1304f7649c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mips.deb Size/MD5 checksum: 89018 b6af57d65d43a7433132bee9657ba608 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mips.deb Size/MD5 checksum: 344558 aba2d85d5196c2a46555ad9e478d338a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mipsel.deb Size/MD5 checksum: 346856 97e04d97bdd55f852392d7461bad7f4d http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mipsel.deb Size/MD5 checksum: 90308 9e780cda3df3384d0f1e33637d003f21 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_powerpc.deb Size/MD5 checksum: 91048 98174626d8ad1fba940c81001c337a4f http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_powerpc.deb Size/MD5 checksum: 337266 9f636e6d8904103b0096a4eed99e9cae s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_s390.deb Size/MD5 checksum: 341586 b42ddbad323dcdbd775d502f786ab449 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_s390.deb Size/MD5 checksum: 90750 62d4c3e618a6c69d532b8d8d33bb27b9 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_sparc.deb Size/MD5 checksum: 85710 9f1f526be4f2df4eb64d46023d87c6b3 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_sparc.deb Size/MD5 checksum: 317136 38e50e9d97b46b51d12429b9ea727858 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz Size/MD5 checksum: 49472 4bc8ba2bd520a7514f2c33021c64e8ce http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1.orig.tar.gz Size/MD5 checksum: 1039057 ddff5ec5a06b804ca23dc41268368853 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc Size/MD5 checksum: 1144 46d3f28156ee183512a451588ef414e4 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_alpha.deb Size/MD5 checksum: 428532 052c13540da3fab19fdca83e9a389a39 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_alpha.deb Size/MD5 checksum: 114088 78065dd99d3732291e8d499383af17d9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb Size/MD5 checksum: 409514 a421f12270f5b22639d67be8d2cc8b4e http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb Size/MD5 checksum: 104612 9ec93c697cf64232728d0dd5658efac8 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_arm.deb Size/MD5 checksum: 104604 78fa45a7e0503e4ee87e7508294cb0b0 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_arm.deb Size/MD5 checksum: 381692 f1943edf9599189d16a2f936fa971abc armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_armel.deb Size/MD5 checksum: 387510 63ebe895d019d2362a0a11a0de0842c6 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_armel.deb Size/MD5 checksum: 104268 6c224349c910ffce5bb892f2a06dc243 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_i386.deb Size/MD5 checksum: 375004 5a43cbb6106d576ab686e9e4eb78c245 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_i386.deb Size/MD5 checksum: 99098 6c81df8c4653265f10ad6abf68091329 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_ia64.deb Size/MD5 checksum: 131288 dfa8646655028ae53bddad7f41e9f3a4 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_ia64.deb Size/MD5 checksum: 544150 8e274b6b73125efe0fa8392398e0c5ea mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mips.deb Size/MD5 checksum: 103502 5bd00dfdef0862a63bb666ed949e26ef http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mips.deb Size/MD5 checksum: 388820 46fc10315192943b912126fe68ffeea9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mipsel.deb Size/MD5 checksum: 104216 a271cb33c891084479ed441945672f14 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mipsel.deb Size/MD5 checksum: 390562 352f78906e08ddb861053dfed30640bf powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_powerpc.deb Size/MD5 checksum: 403162 0210fa37088d78ee9aa53395aa0148e8 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_powerpc.deb Size/MD5 checksum: 109438 26f043be5fb248d33b605d1987fa472a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_s390.deb Size/MD5 checksum: 107474 aa6203b0e9e6dacbe39520be6b849eea http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_s390.deb Size/MD5 checksum: 399386 e965abdcf32838fff7753e789e703205 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_sparc.deb Size/MD5 checksum: 102486 57b2e115a15e08518f00158c1fe36cf2 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_sparc.deb Size/MD5 checksum: 373916 7e2278ac7b4f0b352814ad2f55b1213a These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoUDnMACgkQHYflSXNkfP8LtgCdF9LmW/TOn9JDPTVGlt+7dccI 3MYAoJVcwmqHztsGgCgBps9hyqzrQJ5l =84V/ -----END PGP SIGNATURE----- . The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632 _______________________________________________________________________ Updated Packages: Corporate 4.0: 4ccc0eafc222a8a5976a0e9eebbc7499 corporate/4.0/i586/ipsec-tools-0.6.5-2.4.20060mlcs4.i586.rpm f244df60a927a7aa4a539c2e8d9c699a corporate/4.0/i586/libipsec0-0.6.5-2.4.20060mlcs4.i586.rpm 95443caad35eb54d1f291f7368aac511 corporate/4.0/i586/libipsec0-devel-0.6.5-2.4.20060mlcs4.i586.rpm 0e9a4820ef81a4917d9c0a9c5befa27b corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: a1ccfd8a891340f52aa2f64d69e46e47 corporate/4.0/x86_64/ipsec-tools-0.6.5-2.4.20060mlcs4.x86_64.rpm 44ed76407c8633fcea7f4a3ab94f1842 corporate/4.0/x86_64/lib64ipsec0-0.6.5-2.4.20060mlcs4.x86_64.rpm d7a3ecf831ecfcbc1319558303a1be17 corporate/4.0/x86_64/lib64ipsec0-devel-0.6.5-2.4.20060mlcs4.x86_64.rpm 0e9a4820ef81a4917d9c0a9c5befa27b corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.4.20060mlcs4.src.rpm Multi Network Firewall 2.0: f43aaba27d5ff88b38db39ebeaaaf5cd mnf/2.0/i586/ipsec-tools-0.2.5-0.7.M20mdk.i586.rpm fb19d1e75fd8f08ce9dc1586cdf9fa3b mnf/2.0/i586/libipsec-tools0-0.2.5-0.7.M20mdk.i586.rpm 2db168e39d44b361bab9ada981edaa90 mnf/2.0/SRPMS/ipsec-tools-0.2.5-0.7.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKETmdmqjQ0CJFipgRAloWAJ9wHsc3F9b0lI8E87n8+gT7j4t+jACg8OD2 obN0TVwX9QBtElK0wQeibi8= =dlxS -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-785-1 June 09, 2009 ipsec-tools vulnerabilities CVE-2009-1574, CVE-2009-1632 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: racoon 1:0.6.5-4ubuntu1.3 Ubuntu 8.04 LTS: racoon 1:0.6.7-1.1ubuntu1.2 Ubuntu 8.10: racoon 1:0.7-2.1ubuntu1.8.10.1 Ubuntu 9.04: racoon 1:0.7-2.1ubuntu1.9.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. (CVE-2009-1574) It was discovered that ipsec-tools did not properly handle memory usage when verifying certificate signatures or processing nat-traversal keep-alive messages. A remote attacker could send specially crafted packets to the server and exhaust available memory, leading to a denial of service