Debian DSA-4456-1 : exim4 - security update

The Qualys Research Labs reported a flaw in Exim, a mail transport agent. Improper validation of the recipient address in the delivermessage function may result in the execution of arbitrary commands. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Linux Alternate Patch Detection

This is a wrapper plugin for ensuring that detection scripts for custom software patching methodologies outside of yum, dpkg, and similar package management systems get run prior to the execution of localcheck plugins. Add additional detection scripts to the scriptdependencies attribute. C Tenabl...

Fedora 28 : dpkg (2018-ff8d8c33b1)

fixes bugs 1598872 and security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

USN-3722-5 clamav regression

USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain...

USN-3722-5: ClamAV regression

USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain...

MGASA-2018-0352 Updated dpkg packages fix security vulnerability

Updated dpkg packages fix security vulnerability: A flaw was found dpkg which allows an attacker to perform a directory traversal by extracting with "dpkg-deb --raw-extract" a crafted .deb file with a /DEBIAN symlink bdo879982...

Updated dpkg packages fix security vulnerability

Updated dpkg packages fix security vulnerability: A flaw was found dpkg which allows an attacker to perform a directory traversal by extracting with "dpkg-deb --raw-extract" a crafted .deb file with a /DEBIAN symlink bdo879982...

Fedora Update for dpkg FEDORA-2018-0a61e79f56

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for dpkg FEDORA-2018-ff8d8c33b1

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4170-1 : pjproject - security update

Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

Debian DSA-4128-1 : trafficserver - security update

Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash. C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-4121-1 : gcc-6 - security update

This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4121. The text itself i...

Debian DSA-4084-1 : gifsicle - security update

It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4084. The text itself is...

Debian DSA-4014-1 : thunderbird - security update

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4014. The...

Debian DSA-4009-1 : shadowsocks-libev - security update

Niklas Abel discovered that insufficient input sanitising in the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

Debian DSA-4004-1 : jackson-databind - security update

Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. %NASLMINLEVEL 70300 C Tenable...

Debian DSA-3986-1 : ghostscript - security update

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DSA-3938-1 : libgd2 - security update

Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a...

Debinject - Inject malicious code into *.debs

Inject malicious code into .debs CLONE git clone https://github.com/UndeadSec/Debinject.git RUNNING cd Debinject python debinject.py If you have another version of Python: python2.7 debinject.py RUN ON TARGET SIDE chmod 755 default.deb dpkg -i backdoored.deb PREREQUISITES dpkg dpkg-deb metasploit...

Debian DSA-3888-1 : exim4 - security update (Stack Clash)

The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. For the full details, please refer to their advisory published at:...