Debian 10225 Published by

The following security updates are available for Debian:

[DLA 453-1] extplorer security update
[DLA 454-1] minissdpd security update
[DLA 455-1] asterisk security update
[DLA 456-1] openssl security update
[DSA 3566-1] openssl security update



[DLA 453-1] extplorer security update

Package : extplorer
Version : 2.1.0b6+dfsg.3-4+deb7u2
CVE ID : CVE-2015-0896
Debian Bug : 783231

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before
2.1.7 allow remote attackers to inject arbitrary web script or HTML via
unspecified vectors.

[DLA 454-1] minissdpd security update

Package : minissdpd
Version : 1.1.20120121-1+deb7u1
CVE ID : CVE-2016-3178 CVE-2016-3179

The minissdpd daemon contains a improper validation of array index
vulnerability (CWE-129) when processing requests sent to the Unix
socket at /var/run/minissdpd.sock the Unix socket can be accessed
by an unprivileged user to send invalid request causes an
out-of-bounds memory access that crashes the minissdpd daemon.

[DLA 455-1] asterisk security update

Package : asterisk
Version : 1:1.8.13.1~dfsg1-3+deb7u4
CVE ID : CVE-2014-2286 CVE-2014-4046 CVE-2014-6610 CVE-2014-8412
CVE-2014-8418 CVE-2015-3008
Debian Bug : 741313 762164 771463 782411


CVE-2014-6610
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1
and Certified Asterisk 11.6 before 11.6-cert6, when using the
res_fax_spandsp module, allows remote authenticated users to
cause a denial of service (crash) via an out of call message,
which is not properly handled in the ReceiveFax dialplan
application.

CVE-2014-4046
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1
and Certified Asterisk 11.6 before 11.6-cert3 allows remote
authenticated Manager users to execute arbitrary shell commands
via a MixMonitor action.

CVE-2014-2286
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x
before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk
1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote
attackers to cause a denial of service (stack consumption) and
possibly execute arbitrary code via an HTTP request with a large
number of Cookie headers.

CVE-2014-8412
The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager
Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1,
11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1
and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before
11.6-cert8 allows remote attackers to bypass the ACL restrictions
via a packet with a source IP that does not share the address family
as the first ACL entry.

CVE-2014-8418
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32,
11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and
Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8
allows remote authenticated users to gain privileges via a call from
an external protocol, as demonstrated by the AMI protocol.

CVE-2015-3008
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x
before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28
before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before
13.1-cert2, when registering a SIP TLS device, does not properly
handle a null byte in a domain name in the subject's Common Name (CN)
field of an X.509 certificate, which allows man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority.

[DLA 456-1] openssl security update

Package : openssl
Version : 1.0.1e-2+deb7u21
CVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108
CVE-2016-2109 CVE-2016-2176

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer
toolkit.

CVE-2016-2105

Guido Vranken discovered that an overflow can occur in the function
EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can
supply a large amount of data. This could lead to a heap corruption.

CVE-2016-2106

Guido Vranken discovered that an overflow can occur in the function
EVP_EncryptUpdate() if an attacker can supply a large amount of data.
This could lead to a heap corruption.

CVE-2016-2107

Juraj Somorovsky discovered a padding oracle in the AES CBC cipher
implementation based on the AES-NI instruction set. This could allow
an attacker to decrypt TLS traffic encrypted with one of the cipher
suites based on AES CBC.

CVE-2016-2108

David Benjamin from Google discovered that two separate bugs in the
ASN.1 encoder, related to handling of negative zero integer values
and large universal tags, could lead to an out-of-bounds write.

CVE-2016-2109

Brian Carpenter discovered that when ASN.1 data is read from a BIO
using functions such as d2i_CMS_bio(), a short invalid encoding can
casuse allocation of large amounts of memory potentially consuming
excessive resources or exhausting memory.

CVE-2016-2176

Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes
can cause an overread in applications using the X509_NAME_oneline()
function on EBCDIC systems. This could result in arbitrary stack data
being returned in the buffer.

Additional information about these issues can be found in the OpenSSL
security advisory at https://www.openssl.org/news/secadv/20160503.txt



[DSA 3566-1] openssl security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3566-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
May 03, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108
CVE-2016-2109 CVE-2016-2176

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer
toolkit.

CVE-2016-2105

Guido Vranken discovered that an overflow can occur in the function
EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can
supply a large amount of data. This could lead to a heap corruption.

CVE-2016-2106

Guido Vranken discovered that an overflow can occur in the function
EVP_EncryptUpdate() if an attacker can supply a large amount of data.
This could lead to a heap corruption.

CVE-2016-2107

Juraj Somorovsky discovered a padding oracle in the AES CBC cipher
implementation based on the AES-NI instruction set. This could allow
an attacker to decrypt TLS traffic encrypted with one of the cipher
suites based on AES CBC.

CVE-2016-2108

David Benjamin from Google discovered that two separate bugs in the
ASN.1 encoder, related to handling of negative zero integer values
and large universal tags, could lead to an out-of-bounds write.

CVE-2016-2109

Brian Carpenter discovered that when ASN.1 data is read from a BIO
using functions such as d2i_CMS_bio(), a short invalid encoding can
casuse allocation of large amounts of memory potentially consuming
excessive resources or exhausting memory.

CVE-2016-2176

Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes
can cause an overread in applications using the X509_NAME_oneline()
function on EBCDIC systems. This could result in arbitrary stack data
being returned in the buffer.

Additional information about these issues can be found in the OpenSSL
security advisory at https://www.openssl.org/news/secadv/20160503.txt

For the stable distribution (jessie), these problems have been fixed in
version 1.0.1k-3+deb8u5.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.2h-1.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/