[Pkg-ia32-libs-maintainers] Bug#684236: embedded code copies in ia32-libs possibly may be out of date and vulnerable
Silvio Cesare
silvio.cesare at gmail.com
Wed Aug 8 00:19:52 UTC 2012
Package: ia32-libs
Severity: important
Tags: security
I have been working on a tool called Clonewise to automatically identify
embedded code copies in Debian packages and determine if they are out of
date and vulnerable. Ideally, embedding code and libraries should be
avoided and a system wide library should be used instead.
I recently ran the tool on Debian 6 stable. The results are here at
http://www.foocodechu.com/downloads/Clonewise-report.txt*
*The ia32-libs package reported potential issues appended to this message.
The analysis tries to justify why it believes a library or code is embedded
in the package and if the relationship is not already being tracked by
Debian in the embedded-code-copies database it shows the files that are
shared between the two pieces of software.
Apologies if these are false positives. Your help in advising me on whether
these issues are real will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0205
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0211
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0212
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0433
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0628
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0629
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0740
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0742
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1205
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1320
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1322
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2067
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2233
avahi CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2244
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2249
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2443
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2498
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2499
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2500
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2519
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2520
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2541
libmikmod CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2546
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2596
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2597
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2805
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2806
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2808
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2939
libmikmod CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2971
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3053
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3054
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3311
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3316
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3814
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3853
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3855
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3864
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4665
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4706
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4707
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0014
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0226
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0284
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0285
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0408
avahi CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1002
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1024
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1025
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1081
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1167
dbus CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2200
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2501
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2691
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2692
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3048
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3207
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3328
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-4354
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1012
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1013
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1165
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-2110
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-2131
# Package ia32-libs may be vulnerable to the following issues:
#
CVE-2010-0205
CVE-2010-0211
CVE-2010-0212
CVE-2010-0433
CVE-2010-0628
CVE-2010-0629
CVE-2010-0740
CVE-2010-0742
CVE-2010-1205
CVE-2010-1320
CVE-2010-1322
CVE-2010-2067
CVE-2010-2233
CVE-2010-2244
CVE-2010-2249
CVE-2010-2443
CVE-2010-2498
CVE-2010-2499
CVE-2010-2500
CVE-2010-2519
CVE-2010-2520
CVE-2010-2541
CVE-2010-2546
CVE-2010-2596
CVE-2010-2597
CVE-2010-2805
CVE-2010-2806
CVE-2010-2808
CVE-2010-2939
CVE-2010-2971
CVE-2010-3053
CVE-2010-3054
CVE-2010-3311
CVE-2010-3316
CVE-2010-3814
CVE-2010-3853
CVE-2010-3855
CVE-2010-3864
CVE-2010-4665
CVE-2010-4706
CVE-2010-4707
CVE-2011-0014
CVE-2011-0226
CVE-2011-0284
CVE-2011-0285
CVE-2011-0408
CVE-2011-1002
CVE-2011-1024
CVE-2011-1025
CVE-2011-1081
CVE-2011-1167
CVE-2011-2200
CVE-2011-2501
CVE-2011-2691
CVE-2011-2692
CVE-2011-3048
CVE-2011-3207
CVE-2011-3328
CVE-2011-4354
CVE-2012-1012
CVE-2012-1013
CVE-2012-1165
CVE-2012-2110
CVE-2012-2131
### Reports by package:
###
# SUMMARY: The png_decompress_chunk function in pngrutil.c in libpng
1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does
not properly handle compressed ancillary-chunk data that has a
disproportionately large uncompressed representation, which allows
remote attackers to cause a denial of service (memory and CPU
consumption, and application hang) via a crafted PNG file, as
demonstrated by use of the deflate compression method on data composed
of many occurrences of the same character, related to a "decompression
bomb" attack.
#
# CVE-2010-0205 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrutil.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0205
# SUMMARY: The slap_modrdn2mods function in modrdn.c in OpenLDAP
2.4.22 does not check the return value of a call to the smr_normalize
function, which allows remote attackers to cause a denial of service
(segmentation fault) and possibly execute arbitrary code via a modrdn
call with an RDN string containing invalid UTF-8 sequences, which
triggers a free of an invalid, uninitialized pointer in the
slap_mods_free function, as demonstrated using the Codenomicon LDAPv3
test suite.
#
# CVE-2010-0211 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# modrdn.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0211
# SUMMARY: OpenLDAP 2.4.22 allows remote attackers to cause a denial
of service (crash) via a modrdn call with a zero-length RDN
destination string, which is not properly handled by the smr_normalize
function and triggers a NULL pointer dereference in the
IA5StringNormalize function in schema_init.c, as demonstrated using
the Codenomicon LDAPv3 test suite.
#
# CVE-2010-0212 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# schemainit.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0212
# SUMMARY: The kssl_keytab_is_available function in ssl/kssl.c in
OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos
configuration files cannot be opened, does not check a certain return
value, which allows remote attackers to cause a denial of service
(NULL pointer dereference and daemon crash) via SSL cipher
negotiation, as demonstrated by a chroot installation of Dovecot or
stunnel without Kerberos configuration files inside the chroot.
#
# CVE-2010-0433 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# kssl.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0433
# SUMMARY: The spnego_gss_accept_sec_context function in
lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in
MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows
remote attackers to cause a denial of service (assertion failure and
daemon crash) via an invalid packet that triggers incorrect
preparation of an error token.
#
# CVE-2010-0628 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# spnegomech.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0628
# SUMMARY: Use-after-free vulnerability in
kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5)
1.5 through 1.6.3 allows remote authenticated users to cause a denial
of service (daemon crash) via a request from a kadmin client that
sends an invalid API version number.
#
# CVE-2010-0629 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# serverstubs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0629
# SUMMARY: The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL
0.9.8f through 0.9.8m allows remote attackers to cause a denial of
service (crash) via a malformed record in a TLS connection that
triggers a NULL pointer dereference, related to the minor version
number. NOTE: some of these details are obtained from third party
information.
#
# CVE-2010-0740 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# spkt.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0740
# SUMMARY: The Cryptographic Message Syntax (CMS) implementation in
crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a
does not properly handle structures that contain OriginatorInfo, which
allows context-dependent attackers to modify invalid memory locations
or conduct double-free attacks, and possibly execute arbitrary code,
via unspecified vectors.
#
# CVE-2010-0742 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# cmsasn.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0742
# SUMMARY: Buffer overflow in pngpread.c in libpng before 1.2.44 and
1.4.x before 1.4.3, as used in progressive applications, might allow
remote attackers to execute arbitrary code via a PNG image that
triggers an additional data row.
#
# CVE-2010-1205 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngpread.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1205
# SUMMARY: Double free vulnerability in do_tgs_req.c in the Key
Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x
before 1.8.2 allows remote authenticated users to cause a denial of
service (daemon crash) or possibly execute arbitrary code via a
request associated with (1) renewal or (2) validation.
#
# CVE-2010-1320 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# dotgsreq.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1320
# SUMMARY: The merge_authdata function in kdc_authdata.c in the Key
Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before
1.8.4 does not properly manage an index into an authorization-data
list, which allows remote attackers to cause a denial of service
(daemon crash), or possibly obtain sensitive information, spoof
authorization, or execute arbitrary code, via a TGS request that
triggers an uninitialized pointer dereference, as demonstrated by a
request from a Windows Active Directory client.
#
# CVE-2010-1322 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# kdcauthdata.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1322
# SUMMARY: Stack-based buffer overflow in the TIFFFetchSubjectDistance
function in tif_dirread.c in LibTIFF before 3.9.4 allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long EXIF SubjectDistance field in a TIFF
file.
#
# CVE-2010-2067 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifdirread.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2067
# SUMMARY: tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit
platforms, as used in ImageMagick, does not properly perform vertical
flips, which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
TIFF image, related to "downsampled OJPEG input."
#
# CVE-2010-2233 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifgetimage.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2233
# SUMMARY: The AvahiDnsPacket function in avahi-core/socket.c in
avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to
cause a denial of service (assertion failure and daemon exit) via a
DNS packet with an invalid checksum followed by a DNS packet with a
valid checksum, a different vulnerability than CVE-2008-5081.
#
# CVE-2010-2244 relates to a vulnerability in package avahi.
# The following source filenames are likely responsible:
# socket.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
avahi CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2244
# SUMMARY: Memory leak in pngrutil.c in libpng before 1.2.44, and
1.4.x before 1.4.3, allows remote attackers to cause a denial of
service (memory consumption and application crash) via a PNG image
containing malformed Physical Scale (aka sCAL) chunks.
#
# CVE-2010-2249 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrutil.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2249
# SUMMARY: The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF
before 3.9.3 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via an OJPEG image
with undefined strip offsets, related to the TIFFVGetField function.
#
# CVE-2010-2443 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifojpeg.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2443
# SUMMARY: The psh_glyph_find_strong_points function in
pshinter/pshalgo.c in FreeType before 2.4.0 does not properly
implement hinting masks, which allows remote attackers to cause a
denial of service (heap memory corruption and application crash) or
possibly execute arbitrary code via a crafted font file that triggers
an invalid free operation.
#
# CVE-2010-2498 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# pshalgo.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2498
# SUMMARY: Buffer overflow in the Mac_Read_POST_Resource function in
base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted LaserWriter PS font file with an embedded
PFB fragment.
#
# CVE-2010-2499 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftobjs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2499
# SUMMARY: Integer overflow in the gray_render_span function in
smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted font file.
#
# CVE-2010-2500 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftgrays.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2500
# SUMMARY: Heap-based buffer overflow in the Mac_Read_POST_Resource
function in base/ftobjs.c in FreeType before 2.4.0 allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted length value in a POST fragment
header in a font file.
#
# CVE-2010-2519 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftobjs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2519
# SUMMARY: Heap-based buffer overflow in the Ins_IUP function in
truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode
support is enabled, allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted font file.
#
# CVE-2010-2520 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ttinterp.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2520
# SUMMARY: Buffer overflow in ftmulti.c in the ftmulti demo program in
FreeType before 2.4.2 allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted font file.
#
# CVE-2010-2541 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftmulti.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2541
# SUMMARY: Multiple heap-based buffer overflows in loaders/load_it.c
in libmikmod, possibly 3.1.12, might allow remote attackers to execute
arbitrary code via (1) crafted samples or (2) crafted instrument
definitions in an Impulse Tracker file, related to panpts, pitpts, and
IT_ProcessEnvelope. NOTE: some of these details are obtained from
third party information. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2009-3995.
#
# CVE-2010-2546 relates to a vulnerability in package libmikmod.
# The following source filenames are likely responsible:
# loadit.c
#
# The following package clones are NOT tracked in the embedded-code-copies
# database.
#
libmikmod CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2546
MATCH dlhpux.c/dlhpux.c (8.423981)
MATCH drvaf.c/drvaf.c (9.117128)
MATCH drvaix.c/drvaix.c (9.117128)
MATCH drvalsa.c/drvalsa.c (9.117128)
MATCH drvdart.c/drvdart.c (9.117128)
MATCH drvds.c/drvds.c (9.117128)
MATCH drvesd.c/drvesd.c (9.117128)
MATCH drvhp.c/drvhp.c (9.117128)
MATCH drvmac.c/drvmac.c (9.117128)
MATCH drvnos.c/drvnos.c (8.423981)
MATCH drvoss.c/drvos.c (9.117128)
MATCH drvpipe.c/drvpipe.c (9.117128)
MATCH drvraw.c/drvraw.c (8.711663)
MATCH drvsam.c/drvsam.c (9.117128)
MATCH drvsgi.c/drvsgi.c (9.117128)
MATCH drvstdout.c/drvstdout.c (9.117128)
MATCH drvsun.c/drvsun.c (9.117128)
MATCH drvultra.c/drvultra.c (9.117128)
MATCH drvwav.c/drvwav.c (9.117128)
MATCH drvwin.c/drvwin.c (9.117128)
MATCH load.c/bload.c (8.200837)
MATCH loadamf.c/loadamf.c (8.018516)
MATCH loaddsm.c/loaddsm.c (8.018516)
MATCH loadfar.c/loadfar.c (8.018516)
MATCH loadgdm.c/loadgdm.c (8.423981)
MATCH loadit.c/loadit.c (7.730834)
MATCH loadm.c/load.c (5.225307)
MATCH loadmed.c/loadmed.c (8.018516)
MATCH loadmtm.c/loadmtm.c (7.864365)
MATCH loadokt.c/loadokt.c (8.018516)
MATCH loadstx.c/loadstm.c (7.864365)
MATCH loadult.c/loadult.c (7.864365)
MATCH loaduni.c/loaduni.c (8.423981)
MATCH loadxm.c/loadm.c (8.423981)
MATCH mdreg.c/mdreg.c (8.423981)
MATCH mdriver.c/driver.c (5.195155)
MATCH mdulaw.c/mdulaw.c (9.117128)
MATCH memcmp.c/memcmp.c (5.332938)
MATCH mloader.c/mloader.c (8.018516)
MATCH mlutil.c/mlutil.c (8.018516)
MATCH mmalloc.c/emalloc.c (7.412380)
MATCH mmerror.c/merror.c (7.613050)
MATCH mmio.c/mmio.c (6.865836)
MATCH mplayer.c/mplayer.c (7.102225)
MATCH munitrk.c/munitrk.c (8.018516)
MATCH mwav.c/mwav.c (8.423981)
MATCH npertab.c/npertab.c (8.423981)
MATCH strcasecmp.c/cstrcasecmp.c (6.719233)
MATCH strdup.c/estrdup.c (8.018516)
MATCH strstr.c/cstrstr.c (8.423981)
MATCH virtch.c/virtch.c (8.423981)
MATCH virtchcommon.c/virtchcommon.c (8.423981)
# SUMMARY: The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF
3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause
a denial of service (assertion failure and application exit) via a
crafted TIFF image, related to "downsampled OJPEG input."
#
# CVE-2010-2596 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifojpeg.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2596
# SUMMARY: The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0
and 3.9.2 makes incorrect calls to the TIFFGetField function, which
allows remote attackers to cause a denial of service (application
crash) via a crafted TIFF image, related to "downsampled OJPEG input"
and possibly related to a compiler optimization that triggers a
divide-by-zero error.
#
# CVE-2010-2597 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifstrip.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2597
# SUMMARY: The FT_Stream_EnterFrame function in base/ftstream.c in
FreeType before 2.4.2 does not properly validate certain position
values, which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
font file.
#
# CVE-2010-2805 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftstream.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2805
# SUMMARY: Array index error in the t42_parse_sfnts function in
type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via negative size values for certain strings in
FontType42 font files, leading to a heap-based buffer overflow.
#
# CVE-2010-2806 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# tparse.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2806
# SUMMARY: Buffer overflow in the Mac_Read_POST_Resource function in
base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font
File (aka LWFN) font.
#
# CVE-2010-2808 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftobjs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2808
# SUMMARY: Double free vulnerability in the ssl3_get_key_exchange
function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a,
0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows
context-dependent attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted private key with an
invalid prime. NOTE: some sources refer to this as a use-after-free
issue.
#
# CVE-2010-2939 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# sclnt.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2939
# SUMMARY: loaders/load_it.c in libmikmod, possibly 3.1.12, does not
properly account for the larger size of name##env relative to
name##tick and name##node, which allows remote attackers to trigger a
buffer over-read and possibly have unspecified other impact via a
crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE:
this issue exists because of an incomplete fix for CVE-2009-3995.
#
# CVE-2010-2971 relates to a vulnerability in package libmikmod.
# The following source filenames are likely responsible:
# loadit.c
#
# The following package clones are NOT tracked in the embedded-code-copies
# database.
#
libmikmod CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2971
MATCH dlhpux.c/dlhpux.c (8.423981)
MATCH drvaf.c/drvaf.c (9.117128)
MATCH drvaix.c/drvaix.c (9.117128)
MATCH drvalsa.c/drvalsa.c (9.117128)
MATCH drvdart.c/drvdart.c (9.117128)
MATCH drvds.c/drvds.c (9.117128)
MATCH drvesd.c/drvesd.c (9.117128)
MATCH drvhp.c/drvhp.c (9.117128)
MATCH drvmac.c/drvmac.c (9.117128)
MATCH drvnos.c/drvnos.c (8.423981)
MATCH drvoss.c/drvos.c (9.117128)
MATCH drvpipe.c/drvpipe.c (9.117128)
MATCH drvraw.c/drvraw.c (8.711663)
MATCH drvsam.c/drvsam.c (9.117128)
MATCH drvsgi.c/drvsgi.c (9.117128)
MATCH drvstdout.c/drvstdout.c (9.117128)
MATCH drvsun.c/drvsun.c (9.117128)
MATCH drvultra.c/drvultra.c (9.117128)
MATCH drvwav.c/drvwav.c (9.117128)
MATCH drvwin.c/drvwin.c (9.117128)
MATCH load.c/bload.c (8.200837)
MATCH loadamf.c/loadamf.c (8.018516)
MATCH loaddsm.c/loaddsm.c (8.018516)
MATCH loadfar.c/loadfar.c (8.018516)
MATCH loadgdm.c/loadgdm.c (8.423981)
MATCH loadit.c/loadit.c (7.730834)
MATCH loadm.c/load.c (5.225307)
MATCH loadmed.c/loadmed.c (8.018516)
MATCH loadmtm.c/loadmtm.c (7.864365)
MATCH loadokt.c/loadokt.c (8.018516)
MATCH loadstx.c/loadstm.c (7.864365)
MATCH loadult.c/loadult.c (7.864365)
MATCH loaduni.c/loaduni.c (8.423981)
MATCH loadxm.c/loadm.c (8.423981)
MATCH mdreg.c/mdreg.c (8.423981)
MATCH mdriver.c/driver.c (5.195155)
MATCH mdulaw.c/mdulaw.c (9.117128)
MATCH memcmp.c/memcmp.c (5.332938)
MATCH mloader.c/mloader.c (8.018516)
MATCH mlutil.c/mlutil.c (8.018516)
MATCH mmalloc.c/emalloc.c (7.412380)
MATCH mmerror.c/merror.c (7.613050)
MATCH mmio.c/mmio.c (6.865836)
MATCH mplayer.c/mplayer.c (7.102225)
MATCH munitrk.c/munitrk.c (8.018516)
MATCH mwav.c/mwav.c (8.423981)
MATCH npertab.c/npertab.c (8.423981)
MATCH strcasecmp.c/cstrcasecmp.c (6.719233)
MATCH strdup.c/estrdup.c (8.018516)
MATCH strstr.c/cstrstr.c (8.423981)
MATCH virtch.c/virtch.c (8.423981)
MATCH virtchcommon.c/virtchcommon.c (8.423981)
# SUMMARY: bdf/bdflib.c in FreeType before 2.4.2 allows remote
attackers to cause a denial of service (application crash) via a
crafted BDF font file, related to an attempted modification of a value
in a static string.
#
# CVE-2010-3053 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# bdflib.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3053
# SUMMARY: Unspecified vulnerability in FreeType 2.3.9, and other
versions before 2.4.2, allows remote attackers to cause a denial of
service via vectors involving nested Standard Encoding Accented
Character (aka seac) calls, related to psaux.h, cffgload.c,
cffgload.h, and t1decode.c.
#
# CVE-2010-3054 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# cffgload.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3054
# SUMMARY: Integer overflow in base/ftstream.c in libXft (aka the X
FreeType library) in FreeType before 2.4 allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted Compact Font Format (CFF) font file that
triggers a heap-based buffer overflow, related to an "input stream
position error" issue, a different vulnerability than CVE-2010-1797.
#
# CVE-2010-3311 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftstream.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3311
# SUMMARY: The run_coprocess function in pam_xauth.c in the pam_xauth
module in Linux-PAM (aka pam) before 1.1.2 does not check the return
values of the setuid, setgid, and setgroups system calls, which might
allow local users to read arbitrary files by executing a program that
relies on the pam_xauth PAM check.
#
# CVE-2010-3316 relates to a vulnerability in package pam.
# The following source filenames are likely responsible:
# pamxauth.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3316
# SUMMARY: Heap-based buffer overflow in the Ins_SHZ function in
ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to
execute arbitrary code or cause a denial of service (application
crash) via a crafted SHZ bytecode instruction, related to TrueType
opcodes, as demonstrated by a PDF document with a crafted embedded
font.
#
# CVE-2010-3814 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ttinterp.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3814
# SUMMARY: pam_namespace.c in the pam_namespace module in Linux-PAM
(aka pam) before 1.1.3 uses the environment of the invoking
application or service during execution of the namespace.init script,
which might allow local users to gain privileges by running a setuid
program that relies on the pam_namespace PAM check, as demonstrated by
the sudo program.
#
# CVE-2010-3853 relates to a vulnerability in package pam.
# The following source filenames are likely responsible:
# pamnamespace.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3853
# SUMMARY: Buffer overflow in the ft_var_readpackedpoints function in
truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted TrueType GX font.
#
# CVE-2010-3855 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ttgxvar.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3855
# SUMMARY: Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f
through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal
caching are enabled on a TLS server, might allow remote attackers to
execute arbitrary code via client data that triggers a heap-based
buffer overflow, related to (1) the TLS server name extension and (2)
elliptic curve cryptography.
#
# CVE-2010-3864 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# tlib.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3864
# SUMMARY: Integer overflow in the ReadDirectory function in
tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers
to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted TIFF file containing a
directory data structure with many directory entries.
#
# CVE-2010-4665 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tiffdump.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4665
# SUMMARY: The pam_sm_close_session function in pam_xauth.c in the
pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not
properly handle a failure to determine a certain target uid, which
might allow local users to delete unintended files by executing a
program that relies on the pam_xauth PAM check.
#
# CVE-2010-4706 relates to a vulnerability in package pam.
# The following source filenames are likely responsible:
# pamxauth.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4706
# SUMMARY: The check_acl function in pam_xauth.c in the pam_xauth
module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a
certain ACL file is a regular file, which might allow local users to
cause a denial of service (resource consumption) via a special file.
#
# CVE-2010-4707 relates to a vulnerability in package pam.
# The following source filenames are likely responsible:
# pamxauth.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4707
# SUMMARY: ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0
through 1.0.0c allows remote attackers to cause a denial of service
(crash), and possibly obtain sensitive information in applications
that use OpenSSL, via a malformed ClientHello handshake message that
triggers an out-of-bounds memory access, aka "OCSP stapling
vulnerability."
#
# CVE-2011-0014 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# tlib.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0014
# SUMMARY: Integer signedness error in psaux/t1decode.c in FreeType
before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and
4.3.x before 4.3.4 and other products, allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted Type 1 font in a PDF document, as
exploited in the wild in July 2011.
#
# CVE-2011-0226 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# tdecode.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0226
# SUMMARY: Double free vulnerability in the prepare_error_as function
in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5
(aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows
remote attackers to cause a denial of service (daemon crash) or
possibly execute arbitrary code via an e_data field containing typed
data.
#
# CVE-2011-0284 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# doasreq.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0284
# SUMMARY: The process_chpw_request function in schpw.c in the
password-changing functionality in kadmind in MIT Kerberos 5 (aka
krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote
attackers to execute arbitrary code or cause a denial of service
(daemon crash) via a crafted request that triggers an error condition.
#
# CVE-2011-0285 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# schpw.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0285
# SUMMARY: pngrtran.c in libpng 1.5.x before 1.5.1 allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted palette-based PNG image that
triggers a buffer overflow, related to the png_do_expand_palette
function, the png_do_rgb_to_gray function, and an integer underflow.
NOTE: some of these details are obtained from third party information.
#
# CVE-2011-0408 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrtran.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0408
# SUMMARY: avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29
allows remote attackers to cause a denial of service (infinite loop)
via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE:
this vulnerability exists because of an incorrect fix for
CVE-2010-2244.
#
# CVE-2011-1002 relates to a vulnerability in package avahi.
# The following source filenames are likely responsible:
# socket.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
avahi CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1002
# SUMMARY: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when
a master-slave configuration with a chain overlay and
ppolicy_forward_updates (aka authentication-failure forwarding) is
used, allows remote authenticated users to bypass external-program
authentication by sending an invalid password to a slave server.
#
# CVE-2011-1024 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# chain.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1024
# SUMMARY: bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does
not require authentication for the root Distinguished Name (DN), which
allows remote attackers to bypass intended access restrictions via an
arbitrary password.
#
# CVE-2011-1025 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# bind.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1025
# SUMMARY: modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows
remote attackers to cause a denial of service (daemon crash) via a
relative Distinguished Name (DN) modification request (aka MODRDN
operation) that contains an empty value for the OldDN field.
#
# CVE-2011-1081 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# modrdn.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1081
# SUMMARY: Heap-based buffer overflow in the thunder (aka ThunderScan)
decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote
attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS
data in a .tiff file that has an unexpected BitsPerSample value.
#
# CVE-2011-1167 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifthunder.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1167
# SUMMARY: The _dbus_header_byteswap function in dbus-marshal-header.c
in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and
1.5.x before 1.5.4 does not properly handle a non-native byte order,
which allows local users to cause a denial of service (connection
loss), obtain potentially sensitive information, or conduct
unspecified state-modification attacks via crafted messages.
#
# CVE-2011-2200 relates to a vulnerability in package dbus.
# The following source filenames are likely responsible:
# dbusmarshalheader.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
dbus CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2200
# SUMMARY: The png_format_buffer function in pngerror.c in libpng
1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and
1.5.x before 1.5.4 allows remote attackers to cause a denial of
service (application crash) via a crafted PNG image that triggers an
out-of-bounds read during the copying of error-message data. NOTE:
this vulnerability exists because of a CVE-2004-0421 regression.
#
# CVE-2011-2501 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngerror.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2501
# SUMMARY: The png_err function in pngerror.c in libpng 1.0.x before
1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before
1.5.4 makes a function call using a NULL pointer argument instead of
an empty-string argument, which allows remote attackers to cause a
denial of service (application crash) via a crafted PNG image.
#
# CVE-2011-2691 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngerror.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2691
# SUMMARY: The png_handle_sCAL function in pngrutil.c in libpng 1.0.x
before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x
before 1.5.4 does not properly handle invalid sCAL chunks, which
allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly have unspecified other
impact via a crafted PNG image that triggers the reading of
uninitialized memory.
#
# CVE-2011-2692 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrutil.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2692
# SUMMARY: The png_set_text_2 function in pngset.c in libpng 1.0.x
before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x
before 1.5.10 allows remote attackers to cause a denial of service
(crash) or execute arbitrary code via a crafted text chunk in a PNG
image file, which triggers a memory allocation failure that is not
properly handled, leading to a heap-based buffer overflow.
#
# CVE-2011-3048 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngset.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3048
# SUMMARY: crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does
not initialize certain structure members, which makes it easier for
remote attackers to bypass CRL validation by using a nextUpdate value
corresponding to a time in the past.
#
# CVE-2011-3207 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# xvfy.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3207
# SUMMARY: The png_handle_cHRM function in pngrutil.c in libpng 1.5.4,
when color-correction support is enabled, allows remote attackers to
cause a denial of service (divide-by-zero error and application crash)
via a malformed PNG image containing a cHRM chunk associated with a
certain zero value.
#
# CVE-2011-3328 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrutil.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3328
# SUMMARY: crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit
platforms, as used in stunnel and other products, in certain
circumstances involving ECDH or ECDHE cipher suites, uses an incorrect
modular reduction algorithm in its implementation of the P-256 and
P-384 NIST elliptic curves, which allows remote attackers to obtain
the private key of a TLS server via multiple handshake attempts.
#
# CVE-2011-4354 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# bnnist.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-4354
# SUMMARY: server/server_stubs.c in the kadmin protocol implementation
in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly
restrict access to (1) SET_STRING and (2) GET_STRINGS operations,
which might allow remote authenticated administrators to modify or
read string attributes by leveraging the global list privilege.
#
# CVE-2012-1012 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# serverstubs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1012
# SUMMARY: The check_1_6_dummy function in
lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5)
1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated
administrators to cause a denial of service (NULL pointer dereference
and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that
lacks a password.
#
# CVE-2012-1013 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# svrprincipal.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1013
# SUMMARY: The mime_param_cmp function in crypto/asn1/asn_mime.c in
OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to
cause a denial of service (NULL pointer dereference and application
crash) via a crafted S/MIME message, a different vulnerability than
CVE-2006-7250.
#
# CVE-2012-1165 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# asnmime.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1165
# SUMMARY: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in
OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a
does not properly interpret integer data, which allows remote
attackers to conduct buffer overflow attacks, and cause a denial of
service (memory corruption) or possibly have unspecified other impact,
via crafted DER data, as demonstrated by an X.509 certificate or an
RSA public key.
#
# CVE-2012-2110 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# adifp.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-2110
# SUMMARY: Multiple integer signedness errors in
crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to
conduct buffer overflow attacks, and cause a denial of service (memory
corruption) or possibly have unspecified other impact, via crafted DER
data, as demonstrated by an X.509 certificate or an RSA public key.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2012-2110.
#
# CVE-2012-2131 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# buffer.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-2131
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-ia32-libs-maintainers/attachments/20120808/60ec3549/attachment-0001.html>
More information about the Pkg-ia32-libs-maintainers
mailing list