Debian News, Tips, Tricks & More
From http://debian.org/News/2009/20090627
June 27th, 2009
The Debian project is pleased to announce the second update of its stable distribution Debian GNU/Linux 5.0 (codename “lenny”). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems.
Please note that this update does not constitute a new version of Debian GNU/Linux [...]
Package : mt-daapd
Vulnerability : multiple vulnerabilities
Problem type : remote
Debian-specific : no
CVE Id(s) : CVE-2007-5824 CVE-2007-5825 CVE-2008-1771
Debian Bug : 459961 476241 496217
In DSA-1597-1, an update was announced for multiple vulnerabilities in
the mt-daapd audio server. One of the fixes introduced a regression
preventing successful authentication to the administration interface.
An updated release is available which corrects this problem. [...]
The U.S. Computer Emergency Readiness Team (CERT) has issued a warning for Linux based infrastructures. The attack uses compromised SSH keys to gain access to a system then uses local kernel exploits to gain root access. Once root is obtained a rootkit by the name of phalanx2 is installed.
From CERT
Phalanx2 appears to be a derivative [...]
Date Reported:
26 Aug 2008
Affected Packages:
tiff
Vulnerable:
Yes
Security database references:
In Mitre’s CVE dictionary: CVE-2008-2327.
More information:
Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in [...]
Date Reported:
22 Aug 2008
Affected Packages:
libxml2
Vulnerable:
Yes
Security database references:
In Mitre’s CVE dictionary: CVE-2008-3281.
More information:
Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.
For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-3.
For the unstable distribution (sid), this problem will be [...]
•