[SECURITY] [DSA 3217-1] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3217-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3217-1 (dpkg - security update)

Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file .dsc. Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the...

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file .dsc...

DSA-3217-1 dpkg - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3217-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3188-1 : freetype - security update

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Ubuntu 10.04 LTS / 12.04 LTS : eglibc vulnerability (USN-2485-1) (GHOST)

It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service. Note that Tenable Network Security has extracted the...

CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

DEBIAN-CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

Format string

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

CVE-2014-8625

CVE-2014-8625 affects dpkg prior to 1.17.22, where the parse_error_msg function in parsehelp.c is vulnerable to format-string processing via the package or architecture name, enabling a denial of service and potentially arbitrary code execution. Public references in the connected docs consistentl...

CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

Oracle Solaris Third-Party Patch Update : gnu-patch (multiple_vulnerabilities_in_gnu_patch)

The remote Solaris system is missing necessary patches to address security updates : - Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-forma...

Debian DSA-3126-1 : php5 - security update

It was discovered that libmagic as used by PHP, would trigger an out of bounds memory access when trying to identify a crafted file. Additionally, this updates fixes a potential dependency loop in dpkg trigger handling. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 3126-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3126-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 12, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3126-1 (php5 - security update)

It was discovered that libmagic as used by PHP, would trigger an out of bounds memory access when trying to identify a crafted file. Additionally, this updates fixes a potential dependency loop in dpkg trigger handling. OpenVAS Vulnerability Test $Id: deb3126.nasl 8972 2018-02-28 07:02:10Z cfisch...

Debian DSA-3124-1 : otrs2 - security update

Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered a privilege escalation vulnerability in otrs2, the Open Ticket Request System. An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is...