11 matches found
Debian DSA-3546-1 : optipng - security update
Hans Jerry Illikainen discovered that missing input sanitising in the BMP processing code of the optipng PNG optimiser may result in denial of service or the execution of arbitrary code if a malformed file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-3420-1 : bind9 - security update
It was discovered that the BIND DNS server does not properly handle the parsing of incoming responses, allowing some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently...
Debian DSA-3405-1 : smokeping - security update
Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd modcgi passed additional arguments to the smokepingcgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests. %NASLMINLEV...
Debian DSA-3220-1 : libtasn1-3 - security update
Hanno Boeck discovered a stack-based buffer overflow in the asn1derdecoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code...
Debian DSA-3098-1 : graphviz - security update
Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...
Debian DSA-2923-1 : openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...
Debian DSA-2887-1 : ruby-actionmailer-3.2 - security update
Aaron Neyer discovered that missing input sanitising in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Debian DSA-2875-1 : cups-filters - security update
Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Debian DSA-2791-1 : tryton-client - missing input sanitization
Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client...
Debian DSA-2747-1 : cacti - several vulnerabilities
Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems : - CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. - CVE-2013-5589 cacti/host.php contained a SQL injection vulnerability, allowing an attacker ...
Debian DSA-2729-1 : openafs - several vulnerabilities
OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003 In addition the...