DSA-3126-1 php5 - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3126-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OracleVM 3.3 : rpm (OVMSA-2014-0083)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix race condidition where unchecked data is exposed in the file system CVE-2013-64351163059 - Fix thinko in the non-root python byte-compilation fix - Byte-compile versioned python libdirs in non-roo...

Debian DSA-3033-1 : nss - security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS the Mozilla Network Security Service library was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification...

USN-2353-1: APT vulnerability

It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for...

Fedora 19 : dpkg-1.16.15-1.fc19 (2014-8564)

Update to 1.16.15, fixes: CVE-2014-3864, CVE-2014-3865 , rhbz 1103026 Update to 1.16.14, fixes CVE-2014-0471, rhbz 1092210 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean an...

Fedora Update for dpkg FEDORA-2014-8564

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2983-1 : drupal7 - security update

Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting. More information can be found at https://www.drupal.org/SA-CORE-2014-003. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Fedora Update for dpkg FEDORA-2014-7697

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : dpkg-1.16.15-1.fc20 (2014-7697)

Update to 1.16.15, fixes: CVE-2014-3864, CVE-2014-3865 , rhbz 1103026 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

[SECURITY] Fedora 20 Update: dpkg-1.16.15-1.fc20

This package contains the tools including dpkg-source required to unpack, build and upload Debian source packages. This package also contains the programs dpkg which used to handle the installation and removal of packages on a Debian system. This package also contains dselect, an interface for...

Updated dpkg packages fixes security vulnerabilities

Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked CVE-2014-0471. Multiple vulnerabilities were discovered in dpkg...

MGASA-2014-0289 Updated dpkg packages fixes security vulnerabilities

Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked CVE-2014-0471. Multiple vulnerabilities were discovered in dpkg...

Ubuntu: Security Advisory (USN-2242-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[oss-security] Re: CVE request: another path traversal in dpkg-source during unpack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another path traversal was discovered The short answer is that bug 746498 is CVE-2014-3864, and bug 749183 is CVE-2014-3865. We can also, first, review the status of the CVEs related to our 1 May 2014 message. The proposed CVE mappings for all four of...

dpkg directory traversal

No description provided...

Debian DSA-2958-1 : apt - security update

Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via 'apt-get source'. This only affects use cases where source packages are downloaded via this command; it does not affect regular Debian package...

Ubuntu 14.04 LTS : dpkg vulnerabilities (USN-2242-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2242-1 advisory. It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into...

USN-2242-1: dpkg vulnerabilities

It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service...

Debian DSA-2953-1 : dpkg - security update

Multiple vulnerabilities were discovered in dpkg that allow file modification through path traversal when unpacking source packages with specially crafted patch files. This update had been scheduled before the end of security support for the oldstable distribution squeeze, hence an exception has...