Debian DSA-3528-1 : pidgin-otr - security update

Stefan Sperling discovered that pidgin-otr, a Pidgin plugin implementing Off-The-Record messaging, contained a use-after-free bug. This could be used by a malicious remote user to intentionally crash the application, thus causing a denial-of-service. %NASLMINLEVEL 70300 C Tenable Network Security...

Debian Security Advisory DSA 3526-1 (libmatroska - security update)

It was discovered that libmatroska, an extensible open standard audio/video container format, incorrectly processed EBML lacing. By providing maliciously crafted input, an attacker could use this flaw to force some leakage of information located in the process heap memory. OpenVAS Vulnerability...

Debian Security Advisory DSA 3529-1 (redmine - security update)

Multiple vulnerabilities have been found in Redmine, a project management web application, which may result in information disclosure. OpenVAS Vulnerability Test $Id: deb3529.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3529-1 using nvtgen 1.0 Script version: 1.0...

Debian Security Advisory DSA 3522-1 (squid3 - security update)

Alex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service assertion failure and daemon exit. OpenVAS Vulnerabili...

Debian Security Advisory DSA 3524-1 (activemq - security update)

It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation. For additional information, please refer to the upstream advisory at http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt . OpenVAS Vulnerability Test $Id: deb3524.nasl 6608...

Debian Security Advisory DSA 3521-1 (git - security update)

Lael Cellier discovered two buffer overflow vulnerabilities in git, a fast, scalable, distributed revision control system, which could be exploited for remote execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb3521.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisor...

Debian DSA-3518-1 : spip - security update

Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in code injection. - CVE-2016-3153 g0uZ et sambecks, from team root-me, discovered that arbitrary PHP code could be injected when adding content. - CVE-2016-3154 Gilles Vincent discovered that deserializing...

Debian DSA-3515-1 : graphite2 - security update

Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian DSA-3513-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-1643 cloudfuzzer discovered a type confusion issue in Blink/Webkit. - CVE-2016-1644 Atte Kettunen discovered a use-after-free issue in Blink/Webkit. - CVE-2016-1645 An out-of-bounds write issue was discovered in...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Debian Debian_Linux

PoC attack server for CVE-2015-7547 vulnerability in glibc DNS...

Debian Security Advisory DSA 3512-1 (libotr - security update)

Markus Vervier of X41 D-Sec GmbH discovered an integer overflow vulnerability in libotr, an off-the-record OTR messaging library, in the way how the sizes of portions of incoming messages were stored. A remote attacker can exploit this flaw by sending crafted messages to an application that is...

Debian Security Advisory DSA 3505-1 (wireshark - security update)

Multiple vulnerabilities were discovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service. OpenVAS Vulnerability Test $I...

[SECURITY] [DSA 3426-2] ctdb regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3426-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2016 https://www.debian.org/security/faq -...

Debian DSA-3499-1 : pillow - security update

Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of service or the execution of arbitrary code if a malformed FLI, PCD or Tiff files is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-3484-1 : xdelta3 - security update

Stepan Golosunov discovered that xdelta3, a diff utility which works with binary files, is affected by a buffer overflow vulnerability within the maingetappheader function, which may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

Debian DSA-3467-1 : tiff - security update

Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...

Maru OS — Android ROM that Turns into Debian Linux When Connected to a PC

Good News for Linux Techno Freaks! Do you usually mess with your Android smartphone by trying out the continual ins and outs of various apps and custom ROMs? Then this news would be a perfect pick for you! What If, you can effectively carry a Linux computer in your pocket? Hereby introducing a ne...

Debian Security Advisory DSA 3461-1 (freetype - security update)

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb3461.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3461-1 using nvtgen 1.0...

Debian Security Advisory DSA 3465-1 (openjdk-6 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography. OpenVAS Vulnerability Test $Id: deb3465.nasl 6608 2017-07-07 12:05:05Z cfischer ...

Debian Security Advisory DSA 3462-1 (radicale - security update)

Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server. CVE-2015-8747 The not configured by default and not available on Wheezy multifilesystem storage backend allows read and write access to arbitrary files still subject to the DAC permissions of the user the radicale server is...