Debian Security Advisory DSA 3009-1 (python-imaging - security update)

Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed. OpenVAS Vulnerability Test $Id: deb3009.nasl 6769 2017-07-20 09:56:33Z teissa $ Auto-generated from advisory DSA 3009-1 usin...

Debian Security Advisory DSA 2940-1 (libstruts1.2-java - security update)

It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2940.nasl 6759 2017-07-19 09:56:33Z teissa $ Auto-generated from advisory DSA 2940-1 using nvtgen 1.0 Script version: 1.0 Author:...

Debian Security Advisory DSA 3007-1 (cacti - security update)

Multiple security issues cross-site scripting, missing input sanitising and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring systems. OpenVAS Vulnerability Test $Id: deb3007.nasl 6750 2017-07-18 09:56:47Z teissa $ Auto-generated from advisory DSA 3007-1 usin...

Debian Security Advisory DSA 3006-1 (xen - security update)

Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service. OpenVAS Vulnerability Test $Id: deb3006.nasl 6769 2017-07-20 09:56:33Z teissa $ Auto-generated from advisory DSA 3006-1 using nvtgen 1.0 Script version: 1.0...

Debian Security Advisory DSA 3005-1 (gpgme1.0 - security update)

TomᨠTrnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash denial of service or possibly to execute arbitrary code...

Debian Security Advisory DSA 3004-1 (kde4libs - security update)

Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation. OpenVAS Vulnerability Test $Id: deb3004.nasl 6724 2017-07-14 09:57:17Z teissa $ Auto-generated from advisory DSA 3004-1 using nvtgen 1.0 Script version: 1.0...

Debian Security Advisory DSA 3002-1 (wireshark - security update)

Multiple vulnerabilities were discovered in the dissectors for Catapult DCT2000, IrDA, GSM Management, RLC ASN.1 BER, which could result in denial of service. OpenVAS Vulnerability Test $Id: deb3002.nasl 6715 2017-07-13 09:57:40Z teissa $ Auto-generated from advisory DSA 3002-1 using nvtgen 1.0...

Debian Security Advisory DSA 3001-1 (wordpress - security update)

Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/08/wordpress-3-9-2/ . OpenVAS Vulnerability Test $Id: deb3001.nasl...

Debian Security Advisory DSA 2997-1 (reportbug - security update)

Jakub Wilk discovered a remote command execution flaw in reportbug, a tool to report bugs in the Debian distribution. A man-in-the-middle attacker could put shell metacharacters in the version number allowing arbitrary code execution with the privileges of the user running reportbug. OpenVAS...

Debian Security Advisory DSA 2995-1 (lzo2 - security update)

Don A. Bailey from Lab Mouse Security discovered an integer overflow flaw in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library,...

Debian Security Advisory DSA 2996-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb2996.nasl 6750 2017-07-18...

Debian Security Advisory DSA 2991-1 (modsecurity-apache - security update)

Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended modsecurity restrictions by using chunked transfer coding with a...

Debian Security Advisory DSA 2990-1 (cups - security update)

It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege...

Debian Security Advisory DSA 2988-1 (transmission - security update)

Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2988.nasl 6724 2017-07-14 09:57:17Z teissa $ Auto-generated from advisory DSA 2988-1 using...

Debian Security Advisory DSA 2986-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb2986.nasl 6692 2017-07-12 09:57:43Z...

Debian Security Advisory DSA 2987-1 (openjdk-7 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. OpenVAS Vulnerability Test $Id: deb2987.nasl 6663 2017-07-11 09:58:05Z...

Debian Security Advisory DSA 2984-1 (acpi-support - security update)

CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUSSESSIONBUSADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script. OpenVAS Vulnerability Test $Id: deb2984.nasl 6724 2017-07-14 09:57:17Z teissa $...

Debian Security Advisory DSA 2985-1 (mysql-5.5 - security update)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:...

Debian Security Advisory DSA 2983-1 (drupal7 - security update)

Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting. More information can be found at https://www.drupal.org/SA-CORE-2014-003 . OpenVAS Vulnerability Test $Id: deb2983.nasl 8972 2018-02-28 07:02:10Z cfischer...

Debian Security Advisory DSA 2982-1 (ruby-activerecord-3.2 - security update)

Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection. OpenVAS Vulnerability Test $Id: deb2982.nasl 6724 2017-07-14 09:57:17Z teissa $ Auto-generated from advisory DSA 2982-1 using nvtgen 1.0 Script version: 1.1 Author: Greenbone...