Bug#770222: CVE request: icecast: possible leak of on-connect scripts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > It was reported that Icecast could possibly leak the contents of > on-connect scripts to clients, which may contain sensitive information. > This issue has been fixed in the 2.4.1 release: > "Fix on-connect and on-disconnect script STDIN/STDOUT/STDERR corruption > due to shared file descriptors." > Information contained can include passwords > http://icecast.org/news/icecast-release-2_4_1/ > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222 > https://trac.xiph.org/ticket/2089 > https://trac.xiph.org/ticket/2087 > https://trac.xiph.org/changeset/19308 Use CVE-2014-9018. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUbf+QAAoJEKllVAevmvmsB/QH/iv2tkycZVO3mWFqsEkkNWSj v9B9xhVZzCGKnL3WU/89w6jszoCZfoJXA/kUPwnOzIyl2OpJNvHAKyRcONTo8gu8 rBpYYl2id90Xf4DEJucKjJFeMzo6q1BIxQAtOPro5VMBYZ+EC7Ups9AO0iMxzwr+ g9lusgsVy6jOEb+aeng3SX2GCgnwAv+SZ78wipPuBnxyO6Ec8W++lHOdB+7SDY/J 6A38oMJstLVy4PUSiHfNjK71Ej7m1Hx++mk3cMPXEINJh1dV9LcJEeAoANAePMma gRwboepBmq5FDDsV099VPfqMB4XQli3svZEjdkUCbPhjl1D4dj8s74i0uF9GGyI= =EjxT -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr
On Tue, 30 Dec 2014, Moritz Muehlenhoff wrote: On Mon, Dec 08, 2014 at 01:45:12PM +0100, Vasyl Kaigorodov wrote: Hello, A buffer overflow was reported [1] in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer (discussion is at [1]; first fix in the GMP documentation is at [2]). This bug is present in the MPFR versions from 2.1.0 (adding mpfr_strtofr) to this one, and can be detected by running "make check" in a 32-bit ABI under GNU/Linux with alloca disabled (this is currently possible by using the --with-gmp-build configure option where alloca has been disabled in the GMP build). It is fixed by the strtofr patch [3]. Corresponding changeset in the 3.1 branch: 9110 [4]. [1]: https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html [2]: https://gmplib.org/repo/gmp-5.1/raw-rev/d19172622a74 [3]: http://www.mpfr.org/mpfr-3.1.2/patch11 [4]: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9110 References: - https://bugzilla.redhat.com/show_bug.cgi?id=1171701 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008 Can a CVE be assigned to this please? Use CVE-2014-9474. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#768369: Stack smashing in libjpeg-turbo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 > > I created a minimal test case in around 200 lines. > > It uses a file with the intercepted scanlines of the calls to > jpeg_write_scanlines. > > Also the Exif marker is read from such a file. > (And without this Exif marker the stack smash does not happen...) Use CVE-2014-9092. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUdYGqAAoJEKllVAevmvmsA7QH/ijNNlUkWF2Vst56xw9AZNUN dYdTRNXISkzOotHcglCpOomIzjbTWy4ablsLxryr0kUc4ZjIc5RlZuCTKAaVJ+EC RgphhkmFHkKNqPSVMLtIOpP4ZX/0uPSKAMlzoXsRzRgmEBG6pnYnokJTa47sit26 iSpvAqXUNwJ/ZA14eUFMDdP6FbpOB4wmHS9h5nnUO7lzhmM/93XasD6WluBB0EBo F9xZ/a0pCfEV+9RwKMiGsr2w+nPYDzUWlnrNbVnw8ou9msI/tolGadUbbwCM1NY9 FiemAFw4ZRExQIjDKaubApDlNuYzckmDNvBWJkwdVIJvBvQqNPVmUMP4MefDGhw= =F4GF -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#782561: Buffer overruns in Linux kernel RFC4106 implementation using AESNI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Linux kernel commit ccfe8c3f7e52 ("crypto: aesni - fix memory usage in
> GCM decryption") fixes two bugs in pointer arithmetic that lead to
> buffer overruns (even with valid parameters!):
>
> https://git.kernel.org/linus/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
> https://bugs.debian.org/782561
>
> These are described as resulting in DoS (local or remote), but are
> presumably also exploitable for privilege escalation.
> As the destination buffer for decryption only needs to hold the
> plaintext memory but cryptlen references the input buffer holding
> (ciphertext || authentication tag), the assumption of the destination
> buffer length in RFC4106 GCM operation leads to a too large size. ...
> In addition, ... cryptlen already includes the size of the tag. Thus,
> the tag does not need to be added.
Use CVE-2015-3331.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJVMdeRAAoJEKllVAevmvmsidIH/i/kj781LmDCrwkAoGRREwKE
Bw8eKCM7Rb5u5om8T+wfX93UBvXQEm9sms3B4LAhpvhQ+hE64M8ETsQq8/Y2J5b3
gz5UQDd57TxIiBUkKuSA6CTQxUw5m+SRd2tlZckgpBjRRWYfKZvaPj/KqI/Uztq+
/WwFU0hXDzAq650mMFGluduwpKpeDIXxtYaNajbFHJdDDhVL0eUiJv2SxUsc3cse
Okx2fFoAKXmyf7YfXN6bgZKE4A4w2LWq175/TvcDTsVzUdct3ramDPVRNBE2LCYx
JXkLV4vuoFxkCScPH6zUPOgaqC+obqCWN0XBjkXx064on9BAM/34aZgZfX5TCf0=
=KYnV
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#736969: (possible) CVE request: suPHP 0.7.2 release fixed a possible arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > suPHP 0.7.2 has been released. > This release fixes a security issue that was introduced with the 0.7.0 > release. This issue affected the source-highlighting feature and could > only be exploited, if the suPHP_PHPPath option was set. In this case > local users which could create or edit .htaccess files could possibly > execute arbitrary code with the privileges of the user the webserver > was running as. Use CVE-2014-1867. A commit reference isn't strictly necessary, but without one we sometimes wait a short time for further information before sending a CVE assignment, in case the issue (for example) actually had multiple vulnerability types. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJS+BvwAAoJEKllVAevmvmsl7QH/jw1FQDZ72Y6+iFXRxoNH/zF vFWiTpi7G6TG9vM9H25iPn8tqwhWZLvHRrxmdjQ3E95PaRE7kNgNTs0ju9HuCein 1+JZ+PGZvCuTcKQgesW2/0XgEIX1OK0eTXsvS4joZ1FS2m4ODzZ7eoEX02fn5rqB VWiV+X80MAv0HO/SAcf4mhuAz6iofEjVbEL+1+/QCMpO12CGFCIZRF0nXoFvjdRh gWNIhVn88IifPP4Vvo3sfIinAMEcN/7CeMiRZ2nf4hkuTQlIaKD6SEfKFQK+T20c 9mBKxA0Mj0P4fDkqm7EZk612OP9pi2cox0V3+GaIzbQQpaP3RAEpkmyJZNY9zSU= =IuVz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#731848: CVE Request: ack-grep: potential remote code execution via per-project .ackrc files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > This verison of ack prevents the --pager, --regex and --output > options from being used from project-level ackrc files. It is > possible to execute malicious code with these options Use CVE-2013-7069. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSqT/wAAoJEKllVAevmvms2mUH+gMG97hD1ieJnU8eDSBz2jTP ZOy+PH/QzLcaSEtFrPG7ge9SfY8sowGGpTQPPyMI08zAdWZNlPCKzi/Y0Od0tohv dxkXwUoluY/KGvpoUD1doVGf49mGNTfP7x/KxIdYQn/0aMTOQ9uf95QA640AV3k9 kKTdUiCBs3pvQ0yT//euC0nQMEUC+cWzs6DvDtckAyGc2Dn53MLTSlL2jx3fkrvj JM/kDaWB3yebdF0anDbrnq6lDSo+XfoTie4XQgHU+AMCopVYYXryipK2xt95DKtW SwXZnBMjeWtcQMV1i0E5awL5GFEkA20sUMBcc/aDadQMGuBTcL9dn/lzhPvEy8E= =7136 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#736066: A number of EncFS issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > https://defuse.ca/audits/encfs.htm > the last one sounds CVE worthy Use CVE-2014-3462 for that issue, i.e., 'The purpose of MAC headers is to prevent an attacker with read/write access to the ciphertext from being able to make changes without being detected. Unfortunately, this feature provides little security, since it is controlled by an option in the .encfs6.xml configuration file (part of the ciphertext), so the attacker can just disable it by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes" (so that the MAC is not interpreted as data).' - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTcwbzAAoJEKllVAevmvms59MIALliH0nQBEhTa971v2fghjQS XW43V8j42cD4i2yR91GfhJMCilyrRlxY1IQS7isleOQNBufmUavOs4gZmq1A+EGv YD7F7MrQjLOKGLyl1aGbr5YpNmbYJONgqDnnpDdramjKo1MZKr/qexOLn51lLJQJ J1RUaZIm+tccToBmkyhHS6rmHF/kutlvXt1goHKPkWaBWIdCz8zkPZWASj1D4KYX Ynxtc+ikC60AdhQp1ggTmWff0NDnfjI7DUDWM88DbfLfGJ48/uAatgcEhKns326l Z4eomykAB4IA62fgm0XisPrXNpibQs2aEOfr3fDwyCRBi7IA5y7C2SCFZ9V37bM= =Rfv2 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#751417: (Linux kernel) Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > According to the manual page, after calling it with 1 as a second > argument, any consecutive system calls other than read(), write(), > _exit() and sigreturn() should result in the delivery of SIGKILL. > However, under MIPS any consecutive system call behaves as if > prctl(PR_SET_SECCOMP, 1, ...) was never called. > I see no check for seccomp on the MIPS syscall 'fast path'. The > seccomp check appears to be done on the 'slow path' which is used only > if tracing or audit is also enabled for the task. If I run the above > program under strace, it is killed as expected. Use CVE-2014-4157. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJToL2jAAoJEKllVAevmvmswgUIAJbfESCClCJ35JPb7mukT3nC VFCIPzdiVqXNB/3OvC3hRUqY2J5TffMwYNnTiUJ3MtRcbbJXHf24lK3IM3H8/b7A 7ZpxBh7cZSeEX+d2+uOZqVW1DDJQ0BmmYHV0tlRI0jry2GAPvGdrBpVAKmxe+fvg 6qnceILeat1/1M4fbIabw683gjwZktF0S11LvSvn0OCSPM/sPK0cKMO5m0NEQzwI 2NZWljHvNpQ851Lpe7ICvDVr1v9PmgnsA+oHvqzZ46gXocrBcwMvlyP1xIFm/Ajk UZoE5jpP/dpXMS4/aTO+ucivLNKNjav741lKRg8MIBK274iKaWcUPv15aDdoYBw= =ycHE -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
