Category Archives: Debian

Debian Security Advisories

DSA-3124 otrs2 – security update

Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered
a privilege escalation vulnerability in otrs2, the Open Ticket Request
System. An attacker with valid OTRS credentials could access and
manipulate ticket data of other users via the GenericInterface, if a
ticket webservice is configured and not additionally secured.

DSA-3123 binutils – security update

Multiple security issues have been found in binutils, a toolbox for
binary file manipulation. These vulnerabilities include multiple memory
safety errors, buffer overflows, use-after-frees and other implementation
errors may lead to the execution of arbitrary code, the bypass of security
restrictions, path traversal attack or denial of service.

DSA-3122 curl – security update

Andrey Labunets of Facebook discovered that cURL, an URL transfer
library, fails to properly handle URLs with embedded end-of-line
characters. An attacker able to make an application using libcurl to
access a specially crafted URL via an HTTP proxy could use this flaw to
do additional requests in a way that was not intended, or insert
additional request headers into the request.

DSA-3119 libevent – security update

Andrew Bartlett of Catalyst reported a defect affecting certain
applications using the Libevent evbuffer API. This defect leaves
applications which pass insanely large inputs to evbuffers open to a
possible heap overflow or infinite loop. In order to exploit this flaw,
an attacker needs to be able to find a way to provoke the program into
trying to make a buffer chunk larger than what will fit into a single
size_t or off_t.