≡ Menu

arbitrary code execution

Debian GNU/Linux 4.0 Update 6 Released

Didn't take long to release new updated version.

The Debian project is pleased to announce the sixth update of its stable distribution Debian GNU/Linux 4.0 (codename "etch"). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. This update has been rated as having important security impact. You are advised to upgrade system ASAP.
[click to continue…]

There are new two vulnerabilities have been discovered in the Debian Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems:
=> Package : linux-2.6
=> Vulnerability : heap overflow
=> Problem type : local/remote
=> Debian-specific: no
=> CVE Id(s) : CVE-2008-1673 CVE-2008-2358

How do I fix this problem

Type the following command to update the internal database and to install corrected packages:
# apt-get update
# apt-get upgrade
# reboot

It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code. This is affected on all Linux / UNIX distributions.

Details:

Package : libtk-img
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0553

Debian / Ubuntu Linux Fix

Type the following command:
# apt-get update
# apt-get upgrade

Almost all Linux distros and other UNIX like operating systems are affected by new local and remote buffer overflows arbitrary code execution errors. Stefan Cornelius discovered two buffer overflows in Imlib's - a powerful image loading and rendering library - image loaders for PNM and XPM images, which may result in the execution of arbitrary code.

=> Package : imlib2
=> Vulnerability : buffer overflows
=> Problem type : local(remote)
=> Debian-specific: no
=> CVE Id(s) : CVE-2008-2426

Fix For Debian / Ubuntu Linux users

Type the following commands:
# apt-get update
# apt-get upgrade

OR download updated version from Debian web site.

Security: mt-daapd DAAP audio server

Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server). The Common Vulnerabilities and Exposures project identifies the following three problems:

Insufficient validation and bounds checking of the Authorization: HTTP header enables a heap buffer overflow, potentially enabling the execution of arbitrary code.

Format string vulnerabilities in debug logging within the authentication of XML-RPC requests could enable the execution of arbitrary code.

An integer overflow weakness in the handling of HTTP POST variables could allow a heap buffer overflow and potentially arbitrary code execution.

How do I patch my system?

Simply type the following command:
# apt-get update
# apt-get upgrade