2114 matches found
Debian Security Advisory DSA 3724-1 (gst-plugins-good0.10 - security update)
Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecu...
Debian Security Advisory DSA 3720-1 (tomcat8 - security update)
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...
Debian DSA-3718-1 : drupal7 - security update
Multiple vulnerabilities has been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-005 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian Security Advisory DSA 3716-1 (firefox-esr - security update)
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update...
Debian Security Advisory DSA 3713-1 (gst-plugins-bad0.10 - security update)
Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code. Further details can be found in his advisory at http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html . OpenVAS Vulnerability Test...
Debian DSA-3712-1 : terminology - security update
Nicolas Braud-Santoni discovered that incorrect sanitising of character escape sequences in the Terminology terminal emulator may result in the execution of arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...
Debian DSA-3708-1 : mat - security update
Hartmut Goebel discovered that MAT, a toolkit to anonymise/remove metadata from files did not remove metadata from images embededed in PDF documents. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
Debian Security Advisory DSA 3703-1 (bind9 - security update)
Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...
Debian Security Advisory DSA 3706-1 (mysql-5.5 - security update)
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see th...
Debian Security Advisory DSA 3700-1 (asterisk - security update)
Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation. OpenVAS Vulnerability Test $Id: deb3700.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3700-1...
Debian Security Advisory DSA 3692-1 (freeimage - security update)
Multiple vulnerabilities were discovered in the FreeImage multimedia library, which might result in denial of service or the execution of arbitrary code if a malformed XMP or RAW image is processed. OpenVAS Vulnerability Test $Id: deb3692.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated...
Debian Security Advisory DSA 3678-1 (python-django - security update)
Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery CSRF protections built into Django. OpenVAS Vulnerability Test $Id:...
The vulnerability of the Debian GNU/Linux operating system and the DBD::mysql driver allows attackers to exert undefined effects.
The vulnerability of the mylogin function in the Debian GNU/Linux operating system and the DBD::mysql driver is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to have unpredictable effects by using the mysqlerrno function after the mylogin...
Debian Security Advisory DSA 3669-1 (tomcat7 - security update)
Dawid Golunski of LegalHackers discovered that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. OpenVAS Vulnerability Test $Id: deb3669.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3669-1 using nvtgen 1.0 Script...
Debian Security Advisory DSA 3668-1 (mailman - security update)
It was discovered that there was a CSRF vulnerability in mailman, a web-based mailing list manager, which could allow an attacker to obtain a user OpenVAS Vulnerability Test $Id: deb3668.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3668-1 using nvtgen 1.0 Script...
Debian DSA-3662-1 : inspircd - security update
It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3662. The text...
Debian DSA-3661-1 : charybdis - security update
It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3661. The text...
Debian Security Advisory DSA 3661-1 (charybdis - security update)
It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users. OpenVAS Vulnerability Test $Id: deb3661.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3661-1 using nvtgen 1.0 Script version: 1.0 Author:...
Debian Security Advisory DSA 3654-1 (quagga - security update)
Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. CVE-2016-4036 Tams Nmeth discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handling man...
Debian DSA-3654-1 : quagga - security update
Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. - CVE-2016-4036 Tamas Nemeth discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. - CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handli...