Debian Security Advisory DSA 3219-1 (libdbd-firebird-perl - security update)

Stefan Roas discovered a way to cause a buffer overflow in DBD-FireBird, a Perl DBI driver for the Firebird RDBMS, in certain error conditions, due to the use of the sprintf function to write to a fixed-size memory buffer. OpenVAS Vulnerability Test $Id: deb3219.nasl 6609 2017-07-07 12:05:59Z...

Debian Security Advisory DSA 3217-1 (dpkg - security update)

Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file .dsc. Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the...

Debian Security Advisory DSA 3205-1 (batik - security update)

Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause...

Debian DLA-24-1 : poppler security update

It was discovered that poppler did return program execution to the libjpeg library under error conditions, which is not expected by the library and results in application crash and possibly code execution. NOTE: Tenable Network Security has extracted the preceding description block directly from...

Debian DLA-60-1 : icinga security update

Two fixes for the Classic UI : - fix off-by-one memory access in processcgivars CVE-2013-7108 - prevent possible buffer overflows in cmd.cgi CVE-2014-1878 NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to...

Debian DLA-168-1 : konversation security update

It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean...

Debian DLA-105-1 : graphviz security update

Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. NOTE: Tenable Network Security has extracted the...

Debian Security Advisory DSA 3201-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3201.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3201-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

Debian Security Advisory DSA 3188-1 (freetype - security update)

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb3188.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3188-1 using nvtgen 1.0...

Debian Security Advisory DSA 3190-1 (putty - security update)

Patrick Coleman discovered that the Putty SSH client failed to wipe out unused sensitive memory. In addition Florent Daigniere discovered that exponential values in Diffie Hellman exchanges were insufficienty restricted. OpenVAS Vulnerability Test $Id: deb3190.nasl 6609 2017-07-07 12:05:59Z...

Debian Security Advisory DSA 3186-1 (nss - security update)

It was discovered that the Mozilla Network Security Service library nss incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack. OpenVAS Vulnerability Test $Id: deb3186.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated...

Debian Security Advisory DSA 3179-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian OpenVAS Vulnerability Test $Id: deb3179.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3179-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks GmbH...

Debian Security Advisory DSA 3178-1 (unace - security update)

Jakub Wilk discovered that unace, an utility to extract, test and view .ace archives, contained an integer overflow leading to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ace archive, an attacker could cause a denial of service application cra...

Debian Security Advisory DSA 3172-1 (cups - security update)

Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files. By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow. OpenVAS Vulnerability Test $Id: deb3172.nasl 6609...

Debian Security Advisory DSA 3165-1 (xdg-utils - security update)

Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user OpenVAS Vulnerability Test $Id: deb3165.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3165-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright:...

Debian Security Advisory DSA 3161-1 (dbus - security update)

Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this fla...

Debian Security Advisory DSA 3160-1 (xorg-server - security update)

Olivier Fourdan discovered that missing input validation in the Xserver OpenVAS Vulnerability Test $Id: deb3160.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3160-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone...

Debian Security Advisory DSA 3145-1 (privoxy - security update)

Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service. OpenVAS Vulnerability Test $Id: deb3145.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3145-1 using nvtgen 1.0 Script version: 1.0 Author:...

Debian Security Advisory DSA 3144-1 (openjdk-7 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. OpenVAS Vulnerability Test $Id: deb3144.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from...

Debian Security Advisory DSA 3139-1 (squid - security update)

Matthew Daley discovered that squid, a web proxy cache, does not properly perform input validation when parsing requests. A remote attacker could use this flaw to mount a denial of service attack, by sending specially crafted Range requests. OpenVAS Vulnerability Test $Id: deb3139.nasl 6609...