Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0732 X.org security updates 24 May 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libdmx libxv libxvmc libxfixes libxrender mesa xserver-xorg-video-openchrome libxt libxcursor libxext libxi libxrandr libxp libxcb libfs libxres libxtst libxxf86dga libxinerama libxxf86vm Publisher: Debian Operating System: Debian GNU/Linux 7 UNIX variants (UNIX, Linux, OSX) Impact/Access: Increased Privileges -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-2066 CVE-2013-2064 CVE-2013-2063 CVE-2013-2062 CVE-2013-2005 CVE-2013-2003 CVE-2013-2002 CVE-2013-2001 CVE-2013-2000 CVE-2013-1999 CVE-2013-1998 CVE-2013-1996 CVE-2013-1995 CVE-2013-1994 CVE-2013-1993 CVE-2013-1992 CVE-2013-1991 CVE-2013-1990 CVE-2013-1989 CVE-2013-1988 CVE-2013-1987 CVE-2013-1986 CVE-2013-1985 CVE-2013-1984 CVE-2013-1983 CVE-2013-1982 Original Bulletin: http://www.debian.org/security/2013/dsa-2673 http://www.debian.org/security/2013/dsa-2674 http://www.debian.org/security/2013/dsa-2675 http://www.debian.org/security/2013/dsa-2676 http://www.debian.org/security/2013/dsa-2677 http://www.debian.org/security/2013/dsa-2678 http://www.debian.org/security/2013/dsa-2679 http://www.debian.org/security/2013/dsa-2680 http://www.debian.org/security/2013/dsa-2681 http://www.debian.org/security/2013/dsa-2682 http://www.debian.org/security/2013/dsa-2683 http://www.debian.org/security/2013/dsa-2684 http://www.debian.org/security/2013/dsa-2685 http://www.debian.org/security/2013/dsa-2686 http://www.debian.org/security/2013/dsa-2687 http://www.debian.org/security/2013/dsa-2688 http://www.debian.org/security/2013/dsa-2689 http://www.debian.org/security/2013/dsa-2690 http://www.debian.org/security/2013/dsa-2691 http://www.debian.org/security/2013/dsa-2692 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libdmx, libxv, libxvmc, libxfixes, libxrender, mesa, xserver-xorg-video-openchrome, libxt, libxcursor, libxext, libxi, libxrandr, libxp, libxcb, libfs, libxres, libxtst, libxxf86dga, libxinerama or libxxf86vm check for an updated version of the software for their operating system. This bulletin contains twenty (20) Debian security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2673-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libdmx Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1992 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.1.0-2+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1.1.2-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1.1.2-1+deb7u1. We recommend that you upgrade your libdmx packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeM1UACgkQXm3vHE4uylpQPgCeO0wyNY7OIfaZAftZgG9SVMFX 0oIAnRjZAaERaUGkQ4GYeR4TI665E0Yp =WBmW - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2674-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxv Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1989 CVE-2013-2066 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), these problems have been fixed in version 2:1.0.5-1+squeeze1. For the stable distribution (wheezy), these problems have been fixed in version 2:1.0.7-1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 2:1.0.7-1+deb7u1. We recommend that you upgrade your libxv packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeM8oACgkQXm3vHE4uylo6EQCfdm8PIgsn9oCKoeT5BQZCxDHW tnEAoKrkpGMgI3p2cciWIj3E5V9XQf5j =9LEf - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2675-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxvmc Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1990 CVE-2013-1999 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), these problems have been fixed in version 2:1.0.5-1+squeeze1. For the stable distribution (wheezy), these problems have been fixed in version 2:1.0.7-1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 2:1.0.7-1+deb7u1. We recommend that you upgrade your libxvmc packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNB0ACgkQXm3vHE4uylpi6gCgxvPOGpUp2C1WzBaTKmYo2llz MLoAoKdsBUkUM1qMKN9lyMqFo/L/ZjRo =C2hN - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2676-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxfixes Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1983 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 4.0.5-1+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1:5.0-4+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:5.0-4+deb7u1. We recommend that you upgrade your libxfixes packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNGgACgkQXm3vHE4uylorbACfbKyJ+5tuvzMDW5LOK7C/0Lis V2gAoLMvptDOSkBeG8UalxWLhzVZAMnq =xHEW - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2677-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxrender Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1987 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 1:0.9.6-1+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1:0.9.7-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:0.9.7-1+deb7u1. We recommend that you upgrade your libxrender packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNLUACgkQXm3vHE4uyloWLwCdExGEri73mKXnX/jd3atI54Gd fHUAn2jTyN+sW+JIQu7Yrun4m9WUxCQ3 =IgPf - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2678-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mesa Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1993 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 7.7.1-6. For the stable distribution (wheezy), this problem has been fixed in version 8.0.5-4+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 8.0.5-6. We recommend that you upgrade your mesa packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNRMACgkQXm3vHE4uylok7wCgoYincClsSUlWB9CfAnyqUs8M GukAoM9LF+Ip0kMPRlU9dBz9xNL82g8I =h7YT - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2679-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : xserver-xorg-video-openchrome Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1994 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 0.2.904+svn842-2+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 0.2.906-2+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 0.2.906-2+deb7u1. We recommend that you upgrade your xserver-xorg-video-openchrome packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNWgACgkQXm3vHE4uylrTpgCgiBj+1I/dfil1g/twTYSiZHJL KPwAoIM3x/WBiv691U1KrJCPCkLIozOx =MrEv - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2680-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxt Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2002 CVE-2013-2005 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), these problems have been fixed in version 1:1.0.7-1+squeeze1. For the stable distribution (wheezy), these problems have been fixed in version 1:1.1.3-1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 1:1.1.3-1+deb7u1. We recommend that you upgrade your libxt packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNcMACgkQXm3vHE4uylqcaQCfV0+rOuDMcV8+rEdK97xsS6Gt JKIAniCBFZA1mxf9P3vInyIRW3CyDyZZ =M7zp - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2681-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxcursor Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2003 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.1.10-2+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1:1.1.13-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.1.13-1+deb7u1. We recommend that you upgrade your libxcursor packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNiEACgkQXm3vHE4uylqueQCgxNhVeiuAWxZiltTa9qednH80 AxMAoKlzGd4n3R/FqGxQAlxYYyAs89g5 =UP6u - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2682-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxext Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1982 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 2:1.1.2-1+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 2:1.3.1-2+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 2:1.3.1-2+deb7u1. We recommend that you upgrade your libxext packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNmgACgkQXm3vHE4uylpVYACfRb+H3PUEGtobBFX3RbsybBZX V6oAn1qWPcdPuXIv/FsB5vTn2PzSBl10 =F/p+ - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2683-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxi Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), these problems have been fixed in version 2:1.3-8. For the stable distribution (wheezy), these problems have been fixed in version 2:1.6.1-1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 2:1.6.1-1+deb7u1. We recommend that you upgrade your libxi packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNuQACgkQXm3vHE4uylqwkgCg2wpO4xxuZcNIdmhzU77/BkYp fqgAniSSgyOipXL842s19bceNfBljw/y =eaz9 - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2684-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxrandr Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1986 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 2:1.3.0-3+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 2:1.3.2-2+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 2:1.3.2-2+deb7u1. We recommend that you upgrade your libxrandr packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeNzMACgkQXm3vHE4uylrhFQCfYHBP99XPbhQcKTzjTfrgvphm 0RcAni6xpidICEgPNAtfxx5SMapo5Kex =QCny - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2685-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxp Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2062 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.0.0.xsf1-2+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1:1.0.1-2+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.0.1-2+deb7u1. We recommend that you upgrade your libxp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeN4AACgkQXm3vHE4uylp7JQCguqKXqXG9GqBhrNDb2B7SIKUe czoAoNnzD4qyJRi9CbqIPR/j2pjDyDRn =umC9 - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2686-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxcb Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2064 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 1.6-1+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1.8.1-2+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1.8.1-2+deb7u1. We recommend that you upgrade your libxcb packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeN9EACgkQXm3vHE4uylr53gCeMXQ0/KXlRqLQ5Xw4bvtkHa8d ce4AnjyUYH34VDTIq56rV5CVhOkLU+U8 =ucCl - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2687-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libfs Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1996 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 2:1.0.2-1+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 2:1.0.4-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 2:1.0.4-1+deb7u1. We recommend that you upgrade your libfs packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeOBwACgkQXm3vHE4uylo0wwCeKo/LPrrrtxViPOdaHlylBl6W 5PwAnjikx0jhWFqwf/h8sFkhbS14ewyx =UdYB - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2688-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxres Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1988 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 2:1.0.4-1+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 2:1.0.6-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 2:1.0.6-1+deb7u1. We recommend that you upgrade your libxres packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeOI4ACgkQXm3vHE4uylrwnACfaX+RwOPjFkir3+zBx3EePjiE 6TUAnjP/4FDp6iM2VX38Yed19xBFA4GV =RayP - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2689-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxtst Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2063 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 2:1.1.0-3+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 2:1.2.1-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 2:1.2.1-1+deb7u1. We recommend that you upgrade your libxtst packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeON8ACgkQXm3vHE4uylp8tQCgz9rbJY7bp51pFHYM0xr0f7/f bMUAoMCn8dSk/F7IQ+3dbVMxVFBkIwEw =ee0F - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2690-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxxf86dga Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1991 CVE-2013-2000 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), these problems have been fixed in version 2:1.1.1-2+squeeze1. For the stable distribution (wheezy), these problems have been fixed in version 2:1.1.3-2+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 2:1.1.3-2+deb7u1. We recommend that you upgrade your libxxf86dga packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeOl8ACgkQXm3vHE4uylpDKACdHWUKZzMN3YOgJDpYenbeLOyd UVsAn3mwxkngZVFHuMoEFoifrTn87IHU =exJE - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2691-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxinerama Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1985 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 1.1-3+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1.1.2-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1.1.2-1+deb7u1. We recommend that you upgrade your libxinerama packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeOpQACgkQXm3vHE4uylrHtQCeNA0Icopuu81Z0jp7MsGGjBY3 YWEAniQIJ+AOY+qt7d8UHcXA55WUpQ0C =ApP3 - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2692-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxxf86vm Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2001 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), this problem will be fixed soon as version 1:1.1.0-2+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1:1.1.2-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.1.2-1+deb7u1. We recommend that you upgrade your libxxf86vm packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeOvAACgkQXm3vHE4uylr6EgCffVfHl2qmCgS8tN5JmlF54cnE 9xgAoO0I9C9vPBeJ6vSl4qr/zQu9lGYg =N55T - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUZ7QI+4yVqjM2NGpAQL9bw//SL7mv9HuR/geIunblXBv6ANh5qoa1YsO ExERkKSkKW3XwE7+po28wmfzu+6F8i0B91p6ZeU0iYlKbOPuEYc+3iRg+46WbLfP I8xAbvIT9KhA4+bX5J+BJ6woqB9zEeoeXbeoIsKUm4bjzrpxf2dKR6NjZGf1Fzuf 6gjs1N5FF23x0LwQdeOtewAfkdYha3x1FzTEvhgXbiArDeGbNDqDNdchssNdthCJ 0X/aNmlAq7xEPKmkM+t6Dkkq1m5tjA/inv9PUDvf3p43WdjJWuyZeMI7sAzzyb+G h/oQK9R/nT91MkyJaxk3RpDzsitvQlnk7gbtpTClnBuiyuoMo9eraW7czdpaPNhQ ab5+ap9NOhFTOhMzGr6E2/6tseFsRQBP9t5otosdUmNePJ6WOTF9RGSvsmJUZXcj ohUQ0aA3C6KSHXkmh6GhNAfa2oUJATdw4+8Ks9S+abDa0vG9R2q7KOPiqOClCPDP 1o8WEevAEnrdp1iPOTbJ6TvuXXjJ9iESN06LR3p6Bfe2fFdbiJiv/poMkhFnOT1M nr9HxhXNf3XLJGUabgNXk9ssVJTAlIjUmsmY5xC8wxszHQJdV9NaUiJEN71OlknN PClXhFIL6TrcmYK9z7qpXTpMLplkJQn+Dz2n596nHC7trVYrJRz3JCBeQ3nSoJ1s 1Qosi3N2nkA= =UTXd -----END PGP SIGNATURE-----