Debian 10241 Published by

The following security updates has been released for Debian:

[DLA 186-1] mailman security update
[DLA 187-1] tor security update
[DSA 3213-1] arj security update
[DSA 3214-1] mailman security update
[DSA 3215-1] libgd2 security update
[DSA 3216-1] tor security update



[DLA 186-1] mailman security update

Package : mailman
Version : 1:2.1.13-6
CVE ID : CVE-2015-2775
Debian Bug : 781626

A path traversal vulnerability was discovered in Mailman, the mailing
list manager. Installations using a transport script (such as
postfix-to-mailman.py) to interface with their MTA instead of static
aliases were vulnerable to a path traversal attack. To successfully
exploit this, an attacker needs write access on the local file system.

[DLA 187-1] tor security update

Package : tor
Version : 0.2.4.27-1~deb6u1
CVE ID : CVE-2015-2928 CVE-2015-2929

Several hidden service related denial-of-service issues have been
discovered in Tor, a connection-based low-latency anonymous
communication system.

o "disgleirio" discovered that a malicious client could trigger an
assertion failure in a Tor instance providing a hidden service, thus
rendering the service inaccessible.
[CVE-2015-2928]

o "DonnchaC" discovered that Tor clients would crash with an assertion
failure upon parsing specially crafted hidden service descriptors.
[CVE-2015-2929]

o Introduction points would accept multiple INTRODUCE1 cells on one
circuit, making it inexpensive for an attacker to overload a hidden
service with introductions. Introduction points no longer allow
multiple such cells on the same circuit.

[DSA 3213-1] arj security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3213-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
April 06, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : arj
CVE ID : CVE-2015-0556 CVE-2015-0557 CVE-2015-2782
Debian Bug : 774015 774434 774435

Multiple vulnerabilities have been discovered in arj, an open source
version of the arj archiver. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2015-0556

Jakub Wilk discovered that arj follows symlinks created during
unpacking of an arj archive. A remote attacker could use this flaw
to perform a directory traversal attack if a user or automated
system were tricked into processing a specially crafted arj archive.

CVE-2015-0557

Jakub Wilk discovered that arj does not sufficiently protect from
directory traversal while unpacking an arj archive containing file
paths with multiple leading slashes. A remote attacker could use
this flaw to write to arbitrary files if a user or automated system
were tricked into processing a specially crafted arj archive.

CVE-2015-2782

Jakub Wilk and Guillem Jover discovered a buffer overflow
vulnerability in arj. A remote attacker could use this flaw to cause
an application crash or, possibly, execute arbitrary code with the
privileges of the user running arj.

For the stable distribution (wheezy), these problems have been fixed in
version 3.10.22-10+deb7u1.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 3.10.22-13.

For the unstable distribution (sid), these problems have been fixed in
version 3.10.22-13.

We recommend that you upgrade your arj packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3214-1] mailman security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3214-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
April 06, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mailman
CVE ID : CVE-2015-2775
Debian Bug : 781626

A path traversal vulnerability was discovered in Mailman, the mailing
list manager. Installations using a transport script (such as
postfix-to-mailman.py) to interface with their MTA instead of static
aliases were vulnerable to a path traversal attack. To successfully
exploit this, an attacker needs write access on the local file system.

For the stable distribution (wheezy), this problem has been fixed in
version 1:2.1.15-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.1.18-2.

We recommend that you upgrade your mailman packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3215-1] libgd2 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3215-1 security@debian.org
http://www.debian.org/security/ Alessandro Ghedini
April 06, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libgd2
CVE ID : CVE-2014-2497 CVE-2014-9709
Debian Bug : 744719

Multiple vulnerabilities were discovered in libgd2, a graphics library:

CVE-2014-2497

The gdImageCreateFromXpm() function would try to dereference a NULL
pointer when reading an XPM file with a special color table. This
could allow remote attackers to cause a denial of service (crash) via
crafted XPM files.

CVE-2014-9709

Importing an invalid GIF file using the gdImageCreateFromGif() function
would cause a read buffer overflow that could allow remote attackers to
cause a denial of service (crash) via crafted GIF files.

For the stable distribution (wheezy), these problems have been fixed in
version 2.0.36~rc1~dfsg-6.1+deb7u1.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 2.1.0-5.

For the unstable distribution (sid), these problems have been fixed in
version 2.1.0-5.

We recommend that you upgrade your libgd2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3216-1] tor security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3216-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 06, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : tor
CVE ID : CVE-2015-2928 CVE-2015-2929

Several vulnerabilities have been discovered in Tor, a connection-based
low-latency anonymous communication system:

CVE-2015-2928

"disgleirio" discovered that a malicious client could trigger an
assertion failure in a Tor instance providing a hidden service,
thus rendering the service inaccessible.

CVE-2015-2929

"DonnchaC" discovered that Tor clients would crash with an
assertion failure upon parsing specially crafted hidden service
descriptors.

Introduction points would accept multiple INTRODUCE1 cells on one
circuit, making it inexpensive for an attacker to overload a hidden
service with introductions. Introduction points now no longer allow
multiple cells of that type on the same circuit.

For the stable distribution (wheezy), these problems have been fixed in
version 0.2.4.27-1.

For the unstable distribution (sid), these problems have been fixed in
version 0.2.5.12-1.

For the experimental distribution, these problems have been
fixed in version 0.2.6.7-1.

We recommend that you upgrade your tor packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/