Debian DSA-4555-1 : pam-python - security update

Malte Kraus discovered that libpam-python, a PAM module allowing PAM modules to be written in Python, didn't sanitise environment variables which could result in local privilege escalation if used with a setuid binary. C Tenable Network Security, Inc. The descriptive text and package checks in th...

Debian DSA-4443-1 : samba - security update

Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba's Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. Details can be found in the upstream advisory at C Tenable Network Security, Inc. The...

Debian DSA-4354-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Debian DSA-4252-1 : znc - security update

Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4252. The text itself is...

Debian DSA-4234-1 : lava-server - security update

Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call. C Tenable Network...

glibc 'realpath()' Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library glibc version 2.26 and prior. This module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath and create a SUID root shell. The exploit has offsets for glibc...

Debian DSA-4153-1 : firefox-esr - security update

It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4153. The text itself is copyright C Softwar...

Debian DSA-4098-1 : curl - security update

Two vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn't affect the oldstable distribution jessie. - CVE-2018-1000007 Craig de Stigter discovered that...

Debian DSA-4094-1 : smarty3 - security update

It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian DSA-4092-1 : awstats - security update

The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DSA-4063-1 : pdns-recursor - security update

Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer. The oldstable distribution jessie is not affected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-4001-1 : yadifa - security update

It was discovered that YADIFA, an authoritative DNS server, did not sufficiently check its input. This allowed a remote attacker to cause a denial-of-service by forcing the daemon to enter an infinite loop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

Debian DSA-3990-1 : asterisk - security update

Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak. Please see the upstream advisory at http://downloads.asterisk.org/pub/security/AST-2017-008.html for additional details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Debian DSA-3950-1 : libraw - security update

Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS Denial of Service with craft KDC or TIFF file. %NASLMINLEVEL 70300 C Tenable Network Security,...

Debian DSA-3924-1 : varnish - security update

A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process. See https://varnish-cache.org/security/VSV00001.html for detail...

Debian DSA-3911-1 : evince - security update

Felix Wilhelm discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives CBT. Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely. %NASLMINLEVEL 70300 C Tenable Network Security...

Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation

/ Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C 2012-2017 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under t...