Debian Security Alert: Concerns Regarding Mozilla and ImageMagick Software

Several remote vulnerabilities have been discovered in Mozilla Firefox. It was discovered that an integer overflow in text/enhanced message parsing allows the execution of arbitrary code.

advisories/debian/debian-new-mozilla-firefox-packages-fix-several

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identified the flaws. Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames.

advisories/debian/debian-new-xulrunner-packages-fix-several-vulnerabilities-73165

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following flaws. Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames.

advisories/debian/debian-new-iceweasel-packages-fix-several-vulnerabilities-60726

Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: One, Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames.

advisories/debian/debian-new-iceape-packages-fix-several-vulnerabilities-79321

A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives.

advisories/debian/debian-new-clamav-packages-fix-denial-of-service-32713

Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks. An update for the oldstable distribution (sarge) is in preparation. It will be released soon.

advisories/debian/debian-new-bind9-packages-fix-dns-cache-poisoning-192

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript.

advisories/fedora/fedora-core-6-update-thunderbird-15012-2fc6-13-30-00-128828

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox.

advisories/fedora/fedora-core-6-update-firefox-15012-4fc6-13-30-00-128829

Multiple vulnerabilities have been discovered in MPlayer, possibly allowing for the remote execution of arbitrary code.A remote attacker could entice a user to open a specially crafted file with malicious CDDB entries, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer.

A vulnerability has been discovered in NVClock, allowing for the execution of arbitrary code. A local attacker could create a specially crafted temporary file in /tmp to execute arbitrary code with the privileges of the user running NVCLock.

Multiple vulnerabilities have been discovered in GIMP, allowing for the remote execution of arbitrary code. A remote attacker could entice a user to open a specially crafted image file, possibly resulting in the execution of arbitrary code with the privileges of the user running GIMP.

A vulnerability has been discovered in Festival, allowing for a local privilege escalation. Konstantine Shirow reported a vulnerability in default Gentoo configurations of Festival. The daemon is configured to run with root privileges and to listen on localhost, without requiring a password.

kadmind is affected by multiple vulnerabilities in the RPC library shipped with MIT Kerberos 5. It fails to properly handle zero-length RPC credentials (CVE-2007-2442) and the RPC library can write past the end of the stack buffer (CVE-2007-2443). Furthermore kadmind fails to do proper bounds checking (CVE-2007-2798).

A number of vulnerabilities were discovered in how ImageMagick handles DCM and XWD image files. If a user were tricked into processing a specially crafted image file with an application that uses ImageMagick, an attacker could cause a heap-based buffer overflow and possibly execute arbitrary code with the user's privileges. The updated packages have been patched to prevent these issues.

An integer overflow in tcpdump could allow a remote attacker to execute arbitrary code via crafted TLVs in a BGP packet. Updated packages have been patched to prevent this issue.

The DNS query id generation code in BIND9 is vulnerable to cryptographic analysis which provides a 1-in-8 change of guessing the next query ID for 50% of the query IDs, which could be used by a remote attacker to perform cache poisoning by an attacker (CVE-2007-2926). As well, in BIND9 9.4.x, the default ACLs were note being correctly set, which could allow anyone to make recursive queries and/or query the cache contents (CVE-2007-2925). This update provides packages which are patched to prevent these issues.

A vulnerability in the RAR VM in ClamAV allowed user-assisted remote attackers to cause a crash via a crafted RAR archive which resulted in a NULL pointer dereference. Other bugs have also been corrected in 0.91.1 which is being provided with this update.

Updated bind packages that fix a security issue are now available. A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-bind-security-update-59187

New Thunderbird packages are available for Slackware 11.0 and 12.0 to fix two possible security issues. This package may also be used on many older versions of Slackware (though we're not certain how far back...) More details about the issues may be found here: https://www.mozilla.org/en-US/security/known-vulnerabilities/

USN-489-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding fixes for the redhat cluster suite kernel sources. A flaw was discovered in the cluster manager. A remote attacker could connect to the DLM port and block further DLM operations.

advisories/ubuntu/ubuntu-redhat-cluster-suite-vulnerability-26371

A flaw was discovered in dvb ULE decapsulation. A remote attacker could send a specially crafted message and cause a denial of service. The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode.

advisories/ubuntu/ubuntu-linux-kernel-vulnerabilities-39223

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-3734,

advisories/ubuntu/ubuntu-firefox-vulnerabilities-99643

A flaw was discovered in Bind's sequence number generator. A remote attacker could calculate future sequence numbers and send forged DNS query responses. This could lead to client connections being directed to attacker-controlled hosts, resulting in credential theft and other attacks.

advisories/ubuntu/ubuntu-bind-vulnerability