Debian Security Advisory DSA 3458-1 (openjdk-7 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography. OpenVAS Vulnerability Test $Id: deb3458.nasl 6608 2017-07-07 12:05:05Z cfischer $...

Debian DLA-398-1 : privoxy security update

CVE-2016-1982 Prevent invalid reads in case of corrupt chunk-encoded content CVE-2016-1983 Remove empty Host headers in client requests; resulting in invalid reads. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has...

Debian DLA-399-1 : foomatic-filters security update

cups-filters contains multiple buffer overflows caused by lack of size checks when copying from environment variables to local buffers strcpy as well on string concatenation operations strcat. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...

Debian Security Advisory DSA 3452-1 (claws-mail - security update)

DrWhax of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. OpenVAS Vulnerability Test $Id: deb3452.nasl...

Debian Security Advisory DSA 3449-1 (bind9 - security update)

It was discovered that specific APL RR data could trigger an INSIST failure in apl42.c and cause the BIND DNS server to exit, leading to a denial-of-service. OpenVAS Vulnerability Test $Id: deb3449.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3449-1 using nvtgen 1.0...

Database Assessment Tool: DbDat

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...

Debian Security Advisory DSA 3446-1 (openssh - security update)

The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client an implementation of the SSH protocol suite. SSH roaming enables a client, in case an SSH connection breaks unexpectedly, to resume it at a later time, provided the server also supports it. The OpenS...

Debian Security Advisory DSA 3442-1 (isc-dhcp - security update)

It was discovered that a maliciously crafted packet can crash any of the isc-dhcp applications. This includes the DHCP client, relay, and server application. Only IPv4 setups are affected. OpenVAS Vulnerability Test $Id: deb3442.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from adviso...

Debian Security Advisory DSA 3444-1 (wordpress - security update)

Crtc4L discovered a cross-site scripting vulnerability in wordpress, a web blogging tool, allowing a remote authenticated administrator to compromise the site. OpenVAS Vulnerability Test $Id: deb3444.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3444-1 using nvtgen 1....

Debian DSA-3441-1 : perl - security update

David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution wheezy i...

Debian Security Advisory DSA 3436-1 (openssl - security update)

Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct...

Debian DSA-3435-1 : git - security update

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitary code by injecting commands via crafted URLs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

R.I.P Ian Murdock, Founder of Debian Linux, Dies at 42

Ian Murdock, the founder the Debian Linux operating system and the creator of apt-get, has passed away. Yes, it is very sad to announce that Ian Murdock is not between us. His death has touched the entire software community. He was just 42. The announcement of Murdock death came out via a blog po...

Debian Security Advisory DSA 3421-1 (grub2 - security update)

Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group, found an integer underflow vulnerability in Grub2, a popular bootloader. A local attacker can bypass the Grub2 authentication by inserting a crafted input as username or password. More information:...

Debian DSA-3420-1 : bind9 - security update

It was discovered that the BIND DNS server does not properly handle the parsing of incoming responses, allowing some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently...

Debian Security Advisory DSA 3419-1 (cups-filters - security update)

Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. OpenVAS Vulnerability Test $Id: deb3419.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3419-1 using nvtgen 1.0 Script version: 1....

Debian Security Advisory DSA 3412-1 (redis - security update)

Luca Bruno discovered an integer overflow flaw leading to a stack-based buffer overflow in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service application crash. OpenVAS Vulnerability Test $Id: deb3412.nasl 6609 2017-07-07 12:05:59Z cfischer $...

Debian DSA-3405-1 : smokeping - security update

Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd modcgi passed additional arguments to the smokepingcgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests. %NASLMINLEV...

Debian Security Advisory DSA 3405-1 (smokeping - security update)

Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd modcgi passed additional arguments to the smokepingcgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests. OpenVAS...

Debian Security Advisory DSA 3400-1 (lxc - security update)

Roman Fiedler discovered a directory traversal flaw in LXC, the Linux Containers userspace tools. A local attacker with access to a LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container...