Debian Security Advisory DSA 3064-1 (php5 - security update)

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream...

Debian DSA-3056-1 : libtasn1-3 - security update

Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 Abstract Syntax Notation One structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

OpenVPN 2.2.29 - ShellShock Exploit

No description provided by source. Exploit Title: ShellShock OpenVPN Exploit Date: Fri Oct 3 15:48:08 EDT 2014 Exploit Author: hobbily AKA @fj33r Version: 2.2.29 Tested on: Debian Linux CVE : CVE-2014-6271 Probably should of submitted this the day I tweeted it. server.conf port 1194 proto udp dev...

Debian Security Advisory DSA 3048-1 (apt - security update)

Guillem Jover discovered that the changelog retrieval functionality in apt-get used temporary files in an insecure way, allowing a local user to cause arbitrary files to be overwritten. This vulnerability is neutralized by the fs.protectedsymlinks setting in the Linux kernel, which is enabled by...

Debian Security Advisory DSA 3047-1 (rsyslog - security update)

Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss. This vulnerability can be seen as an incomplete fi...

Debian Security Advisory DSA 3045-1 (qemu - security update)

Several vulnerabilities were discovered in qemu, a fast processor emulator: Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code.A NULL pointer dereference in SLIRP may result in denial of serviceAn information le...

OpenVPN 2.2.29 - Shellshock Remote Command Injection

OpenVPN 2.2.29 - Shellshock Remote Command Injection Exploit Title: ShellShock OpenVPN Exploit Date: Fri Oct 3 15:48:08 EDT 2014 Exploit Author: hobbily AKA @fj33r Version: 2.2.29 Tested on: Debian Linux CVE : CVE-2014-6271 Probably should of submitted this the day I tweeted it. server.conf port...

OpenVPN 2.2.29 - 'Shellshock' Remote Command Injection

Exploit Title: ShellShock OpenVPN Exploit Date: Fri Oct 3 15:48:08 EDT 2014 Exploit Author: hobbily AKA @fj33r Version: 2.2.29 Tested on: Debian Linux CVE : CVE-2014-6271 Probably should of submitted this the day I tweeted it. server.conf port 1194 proto udp dev tun client-cert-not-required...

Debian Security Advisory DSA 3037-1 (icedove - security update)

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS the Mozilla Network Security Service library, embedded in Wheezy OpenVAS Vulnerability Test $Id: deb3037.nasl 6759 2017-07-19 09:56:33Z teissa $ Auto-generated from advisory DSA 3037-1 using nvtgen 1.0 Script version: 1.0 Autho...

Debian Security Advisory DSA 3041-1 (xen - security update)

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. OpenVAS Vulnerability Test $Id: deb3041.nasl 6692 2017-07-12 09:57:43Z teissa $ Auto-generated from advisory DSA 3041-1 using...

Debian Security Advisory DSA 3032-1 (bash - security update)

Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell. OpenVAS Vulnerabilit...

Debian Security Advisory DSA 3030-1 (mantis - security update)

Multiple SQL injection vulnerabilities have been discovered in the Mantis bug tracking system. OpenVAS Vulnerability Test $Id: deb3030.nasl 6715 2017-07-13 09:57:40Z teissa $ Auto-generated from advisory DSA 3030-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyrig...

Debian DSA-3028-1 : icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian Security Advisory DSA 3028-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian OpenVAS Vulnerability Test $Id: deb3028.nasl 6735 2017-07-17 09:56:49Z teissa $ Auto-generated from advisory DSA 3028-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2014 Greenbone Networks GmbH...

Debian Security Advisory DSA 3023-1 (bind9 - security update)

Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause...

Debian Security Advisory DSA 3018-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb3018.nasl 6692 2017-07-12 09:57:43Z...

Debian Security Advisory DSA 3017-1 (php-cas - security update)

Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting. OpenVAS Vulnerability Test $Id: deb3017.nasl 6692 2017-07-12 09:57:43Z teissa $ Auto-generated...

Debian Security Advisory DSA 3015-1 (lua5.1 - security update)

A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution. OpenVAS Vulnerability Test...

Debian Security Advisory DSA 3016-1 (lua5.2 - security update)

A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution. OpenVAS Vulnerability Test...

Debian Security Advisory DSA 3014-1 (squid3 - security update)

Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests. OpenVAS Vulnerability Test $Id: deb3014.nasl 6724 2017-07-14...