Debian 10225 Published by

The following updates are available for Debian 6 LTS:

[DLA 165-1] eglibc security update
[DLA 166-1] libarchive security update
[DLA 167-1] redcloth security update
[DLA 168-1] konversation security update



[DLA 165-1] eglibc security update

Package : eglibc
Version : 2.11.3-4+deb6u5
CVE ID : CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 CVE-2012-4412
CVE-2012-4424 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237
CVE-2013-4332 CVE-2013-4357 CVE-2013-4458 CVE-2013-4788
CVE-2013-7423 CVE-2013-7424 CVE-2014-4043 CVE-2015-1472
CVE-2015-1473
Debian Bug : 553206 681473 681888 684889 687530 689423 699399 704623
717178 719558 722536 751774 765506 765526 765562

Several vulnerabilities have been fixed in eglibc, Debian's version of
the GNU C library.

#553206
CVE-2015-1472
CVE-2015-1473

The scanf family of functions do not properly limit stack
allocation, which allows context-dependent attackers to cause a
denial of service (crash) or possibly execute arbitrary code.

CVE-2012-3405

The printf family of functions do not properly calculate a buffer
length, which allows context-dependent attackers to bypass the
FORTIFY_SOURCE format-string protection mechanism and cause a
denial of service.

CVE-2012-3406

The printf family of functions do not properly limit stack
allocation, which allows context-dependent attackers to bypass the
FORTIFY_SOURCE format-string protection mechanism and cause a
denial of service (crash) or possibly execute arbitrary code via a
crafted format string.

CVE-2012-3480

Multiple integer overflows in the strtod, strtof, strtold,
strtod_l, and other related functions allow local users to cause a
denial of service (application crash) and possibly execute
arbitrary code via a long string, which triggers a stack-based
buffer overflow.

CVE-2012-4412

Integer overflow in the strcoll and wcscoll functions allows
context-dependent attackers to cause a denial of service (crash)
or possibly execute arbitrary code via a long string, which
triggers a heap-based buffer overflow.

CVE-2012-4424

Stack-based buffer overflow in the strcoll and wcscoll functions
allows context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code via a long string that
triggers a malloc failure and use of the alloca function.

CVE-2013-0242

Buffer overflow in the extend_buffers function in the regular
expression matcher allows context-dependent attackers to cause a
denial of service (memory corruption and crash) via crafted
multibyte characters.

CVE-2013-1914
CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function allows
remote attackers to cause a denial of service (crash) via a
hostname or IP address that triggers a large number of domain
conversion results.

CVE-2013-4237

readdir_r allows context-dependent attackers to cause a denial of
service (out-of-bounds write and crash) or possibly execute
arbitrary code via a malicious NTFS image or CIFS service.

CVE-2013-4332

Multiple integer overflows in malloc/malloc.c allow
context-dependent attackers to cause a denial of service (heap
corruption) via a large value to the pvalloc, valloc,
posix_memalign, memalign, or aligned_alloc functions.

CVE-2013-4357

The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,
getservbyname_r, getservbyport, getservbyport_r, and glob
functions do not properly limit stack allocation, which allows
context-dependent attackers to cause a denial of service (crash)
or possibly execute arbitrary code.

CVE-2013-4788

When the GNU C library is statically linked into an executable,
the PTR_MANGLE implementation does not initialize the random value
for the pointer guard, so that various hardening mechanisms are not
effective.

CVE-2013-7423

The send_dg function in resolv/res_send.c does not properly reuse
file descriptors, which allows remote attackers to send DNS
queries to unintended locations via a large number of requests that
trigger a call to the getaddrinfo function.

CVE-2013-7424

The getaddrinfo function may attempt to free an invalid pointer
when handling IDNs (Internationalised Domain Names), which allows
remote attackers to cause a denial of service (crash) or possibly
execute arbitrary code.

CVE-2014-4043

The posix_spawn_file_actions_addopen function does not copy its
path argument in accordance with the POSIX specification, which
allows context-dependent attackers to trigger use-after-free
vulnerabilities.

For the oldstable distribution (squeeze), these problems have been fixed
in version 2.11.3-4+deb6u5.

For the stable distribution (wheezy), these problems were fixed in
version 2.13-38+deb7u8 or earlier.

[DLA 166-1] libarchive security update

Package : libarchive
Version : 2.8.4.forreal-1+squeeze3
CVE ID : not yet assigned
Debian Bug : 778266

Alexander Cherepanov discovered that bsdcpio, an implementation of the
'cpio' program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.

[DLA 167-1] redcloth security update

Package : redcloth
Version : 4.2.2-1.1+deb6u1
CVE ID : CVE-2012-6684
Debian Bug : 774748

Kousuke Ebihara discovered that redcloth, a Ruby module used to
convert Textile markup to HTML, did not properly sanitize its
input. This allowed a remote attacker to perform a cross-site
scripting attack by injecting arbitrary JavaScript code into the
generated HTML.

[DLA 168-1] konversation security update

Package : konversation
Version : 1.3.1-2+deb6u1
CVE ID : CVE-2014-8483
Debian Bug : 768191

It was discovered that Konversation, an IRC client for KDE, could by
crashed when receiving malformed messages using FiSH encryption.