Debian DSA-3579-1 : xerces-c - security update

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian Security Advisory DSA 3576-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian OpenVAS Vulnerability Test $Id: deb3576.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3576-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2016 Greenbone Networks GmbH...

Debian DSA-3574-1 : libarchive - security update

Rock Stevens, Andrew Ruef and Marcin 'Icewall' Noga discovered a heap-based buffer overflow vulnerability in the zipreadmacmetadata function in libarchive, a multi-format archive and compression library, which may lead to the execution of arbitrary code if a user or automated system is tricked in...

Debian DSA-3572-1 : websvn - security update

Nitin Venkatesh discovered that websvn, a web viewer for Subversion repositories, is susceptible to cross-site scripting attacks via specially crafted file and directory names in repositories. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian Security Advisory DSA 3571-1 (ikiwiki - security update)

Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki OpenVAS Vulnerability Test $Id: deb3571.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3571-1 using nvtgen 1.0 Script...

Debian DSA-3569-1 : openafs - security update

Two vulnerabilities were discovered in openafs, an implementation of the distributed filesystem AFS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8312 Potential denial of service caused by a bug in the pioctl logic allowing a local user to overru...

Debian DSA-3568-1 : libtasn1-6 - security update

Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service...

Debian Security Advisory DSA 3431-1 (ganeti - security update)

Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak. OpenVAS Vulnerability Test $Id: deb3431.nasl 7045 2017-09-01 12:49:31Z asteins $...

Debian DSA-3563-1 : poppler - security update

It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DLA-446-1 : poppler security update

A heap buffer overflow vulnerability was found in the poppler library. A maliciously crafted file could cause the application to crash. The issue happens when 'ExtGState' is not a valid blend mode. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...

Debian Security Advisory DSA 3563-1 (poppler - security update)

It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened. OpenVAS Vulnerability Test $Id: deb3563.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA...

Debian Security Advisory DSA 3558-1 (openjdk-7 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure. OpenVAS Vulnerability Test $Id: deb3558.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from...

Debian DSA-3546-1 : optipng - security update

Hans Jerry Illikainen discovered that missing input sanitising in the BMP processing code of the optipng PNG optimiser may result in denial of service or the execution of arbitrary code if a malformed file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-3547-1 : imagemagick - security update

Several vulnerabilities were discovered in Imagemagick, a program suite for image manipulation. This update fixes a large number of potential security problems such as NULL pointer access and buffer-overflows that might lead to memory leaks or denial of service. None of these security problems ha...

Debian DSA-3543-1 : oar - security update

Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian Security Advisory DSA 3541-1 (roundcube - security update)

High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code. OpenVAS Vulnerability Test $Id: deb3541.nasl 6608...

Debian Security Advisory DSA 3543-1 (oar - security update)

Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation. OpenVAS Vulnerability Test $Id: deb3543.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA...

Debian DSA-3535-1 : kamailio - security update

Stelios Tsampas discovered a buffer overflow in the Kamailio SIP proxy which might result in the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3535. The text...

Debian DSA-3530-1 : tomcat6 - security update

Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-3527-1 : inspircd - security update

It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users. This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service, %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...