Debian 10263 Published by

The following security updates has been released for Debian: [DSA 2846-1] libvirt security update, [DSA 2831-2] puppet regression update, and [DSA 2845-1] mysql-5.1 security update



[DSA 2846-1] libvirt security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2846-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 17, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libvirt
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-6458 CVE-2014-1447

Multiple security issues have been found in Libvirt, a virtualisation
abstraction library:

CVE-2013-6458

It was discovered that insecure job usage could lead to denial of
service against libvirtd.

CVE-2014-1447

It was discovered that a race condition in keepalive handling could
lead to denial of service against libvirtd.

For the stable distribution (wheezy), these problems have been fixed in
version 0.9.12.3-1. This bugfix point release also addresses some
additional bugfixes.

For the unstable distribution (sid), these problems have been fixed in
version 1.2.1-1.

We recommend that you upgrade your libvirt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
[DSA 2831-2] puppet regression update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2831-2 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
January 17, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : puppet
Vulnerability : regression
Debian-specific: no
Debian Bug : 734444

The fix for CVE-2013-4969 contained a regression affecting the default
file mode if none is specified on a file resource.

The oldstable distribution (squeeze) is not affected by this regression.

For the stable distribution (wheezy), this problem has been fixed in
version 2.7.23-1~deb7u3.

For the testing distribution (jessie) and the unstable distribution
(sid), this problem has been fixed in version 3.4.2-1.

For reference, the original advisory text follows.

An unsafe use of temporary files was discovered in Puppet, a tool for
centralized configuration management. An attacker can exploit this
vulnerability and overwrite an arbitrary file in the system.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6.2-5+squeeze9.

For the stable distribution (wheezy), this problem has been fixed in
version 2.7.23-1~deb7u2.

For the testing distribution (jessie), this problem has been fixed in
version 3.4.1-1.

For the unstable distribution (sid), this problem has been fixed in
version 3.4.1-1.

We recommend that you upgrade your puppet packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
[DSA 2845-1] mysql-5.1 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2845-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 17, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mysql-5.1
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-5908 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401
CVE-2014-0402 CVE-2014-0412 CVE-2014-0437

This DSA updates the MySQL 5.1 database to 5.1.73. This fixes multiple
unspecified security problems in MySQL:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

For the oldstable distribution (squeeze), these problems have been fixed in
version 5.1.73-1.

We recommend that you upgrade your mysql-5.1 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/