Debian DSA-3536-1 : libstruts1.2-java - security update

It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This allows input validation to be bypassed, even if MPV is not used directly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-3526-1 : libmatroska - security update

It was discovered that libmatroska, an extensible open standard audio/video container format, incorrectly processed EBML lacing. By providing maliciously crafted input, an attacker could use this flaw to force some leakage of information located in the process heap memory. %NASLMINLEVEL 70300 C...

Debian DSA-3310-1 : freexl - security update

It was discovered that an integer overflow in freexl, a library to parse Microsoft Excel spreadsheets may result in denial of service if a malformed Excel file is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

Debian DSA-3179-1 : icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Debian DSA-3171-1 : samba - security update

Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. %NASLMINLEVEL 70300 C Tenable...

Debian DSA-3072-1 : file - security update

Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service out-of-bounds read and application crash by supplying a specially crafted ELF file...

Debian DSA-2997-1 : reportbug - security update

Jakub Wilk discovered a remote command execution flaw in reportbug, a tool to report bugs in the Debian distribution. A man-in-the-middle attacker could put shell metacharacters in the version number allowing arbitrary code execution with the privileges of the user running reportbug. %NASLMINLEVE...

Debian DSA-2984-1 : acpi-support - security update

CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUSSESSIONBUSADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 2937-1] mod-wsgi security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2937-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 27, 2014 http://www.debian.org/security/faq -...

DSA-2937-1 mod-wsgi - security update

Bulletin has no description...

Debian Security Advisory DSA 2937-1 (mod-wsgi - security update)

Two security issues have been found in the Python WSGI adapter module for Apache: CVE-2014-0240 Robert Kisteleki discovered a potential privilege escalation in daemon mode. This is not exploitable with the kernel used in Debian 7.0/wheezy. CVE-2014-0242 Buck Golemon discovered that incorrect memo...

Debian DSA-2921-1 : xbuffy - security update

Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts. By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash ...

Debian DSA-2866-1 : gnutls26 - certificate verification flaw

Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default. The oldstable distribution squeeze is not affected by this problem as X.509 version 1 trusted CA certificates are not allowed by default...

Debian DSA-2800-1 : nss - buffer overflow

Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library nss. With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 2745-1] linux security update

---------------------------------------------------------------------- Debian Security Advisory DSA-2745-1 [email protected] http://www.debian.org/security/ Dann Frazier August 28, 2013 http://www.debian.org/security/faq - ----------------------------------------------------------------------...

Debian DSA-2704-1 : mesa - out of bounds access

It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets. The oldstable distribution squeeze is not...

Debian Security Advisory DSA 2263-2 (movabletype-opensource)

The remote host is missing an update to movabletype-opensource announced via advisory DSA 2263-2. OpenVAS Vulnerability Test $Id: deb22632.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2263-2 movabletype-opensource Authors: Thomas Reinke Copyright:...