Debian Security Advisory DSA 3385-1 (mariadb-10.0 - security update)

Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.22. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes...

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

Vulnerabilities in the Debian GNU/Linux operating system that allow attackers to compromise security of information

The multiple vulnerabilities of the ibfillisqlda function in the DBD-Firebird database driver for the Debian GNU/Linux operating system are caused by a buffer overflow in the stack. Exploitation of these vulnerabilities could allow an attacker to compromise security measures...

Debian Security Advisory DSA 3384-1 (virtualbox - security update)

Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution. OpenVAS Vulnerability Test $Id: deb3384.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3384-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c...

Debian Security Advisory DSA 3370-1 (freetype - security update)

It was discovered that FreeType did not properly handle some malformed inputs. This could allow remote attackers to cause a denial of service crash via crafted font files. OpenVAS Vulnerability Test $Id: deb3370.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3370-1 usi...

Debian DSA-3367-1 : wireshark - security update

Multiple vulnerabilities were discovered in the dissectors/parsers for ZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal functions which could result in denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian Security Advisory DSA 3368-1 (cyrus-sasl2 - security update)

It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service. OpenVAS Vulnerability Test $Id: deb3368.nasl 6609...

Debian Security Advisory DSA 3363-1 (owncloud-client - security update)

Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client, the client-side of the ownCloud file sharing services. The vulnerability allows man-in-the-middle attacks in situations where the server is using self-signed certificates and the connection is already established. If the use...

Debian Security Advisory DSA 3353-1 (openslp-dfsg - security update)

Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service crash. OpenVAS Vulnerability Test $Id: deb3353.nasl 7739 2017-11-13 05:04:18Z teissa $ Auto-generated from...

Debian DSA-3340-1 : zendframework - security update

Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. %NASLMINLEVEL 70300 C...

Debian DLA-296-1 : extplorer security update

Multiple cross-site scripting XSS vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has...

Debian Security Advisory DSA 3340-1 (zendframework - security update)

Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. OpenVAS Vulnerability...

Debian Security Advisory DSA 3334-1 (gnutls28 - security update)

Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName DN entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause t...

The vulnerability of the Debian GNU/Linux operating system, which allows a perpetrator to gain access to protected information

The vulnerability of the bufferslowrealign function in the HAProxy package for the Debian GNU/Linux operating system arises due to overflow in the buffer in dynamic memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information throu...

Debian Security Advisory DSA 3327-1 (squid3 - security update)

Alex Rousskov of The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not correctly handle CONNECT method peer responses when configured with cachepeer and operating on explicit proxy traffic. This could allow remote clients to gain unrestricted access through a...

The vulnerability of the Debian GNU/Linux operating system allows a perpetrator to execute arbitrary code or cause service interruptions.

The vulnerability of the WriteProlog function in the printing subsystem of the Debian GNU/Linux operating system is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by using a specially crafted...

Debian Security Advisory DSA 3319-1 (bind9 - security update)

Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 3316-1 (openjdk-7 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography. OpenVAS Vulnerability Test $Id: deb3316.nasl 660...

Debian DSA-3309-1 : tidy - security update

Fernando Munoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service crash or potentially execute arbitrary code. Geoff McLane also discovered that a similar issue...

Oracle Java SE CVE-2015-2590 Remote Security Vulnerability

Description Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Libraries' sub-component. This vulnerability affects the following supported versions: Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE...