Debian Security Advisory DSA 2984-1 (acpi-support - security update)

CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUSSESSIONBUSADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script. OpenVAS Vulnerability Test $Id: deb2984.nasl 6724 2017-07-14 09:57:17Z teissa $...

Debian Security Advisory DSA 2983-1 (drupal7 - security update)

Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting. More information can be found at https://www.drupal.org/SA-CORE-2014-003 . OpenVAS Vulnerability Test $Id: deb2983.nasl 8972 2018-02-28 07:02:10Z cfischer...

Debian Security Advisory DSA 2982-1 (ruby-activerecord-3.2 - security update)

Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection. OpenVAS Vulnerability Test $Id: deb2982.nasl 6724 2017-07-14 09:57:17Z teissa $ Auto-generated from advisory DSA 2982-1 using nvtgen 1.0 Script version: 1.1 Author: Greenbone...

Debian Security Advisory DSA 2981-1 (polarssl - security update)

A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute...

Debian Security Advisory DSA 2980-1 (openjdk-6 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. OpenVAS Vulnerability Test $Id: deb2980.nasl 6663 2017-07-11 09:58:05Z...

Debian Security Advisory DSA 2979-1 (fail2ban - security update)

Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses,...

Debian Security Advisory DSA 2977-1 (libav - security update)

Don A. Baley discovered an integer overflow in the lzo compression handler which could result in the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2977.nasl 6750 2017-07-18 09:56:47Z teissa $ Auto-generated from advisory DSA 2977-1 using nvtgen 1.0 Script version: 1.0 Author:...

Debian Security Advisory DSA 2978-1 (libxml2 - security update)

Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution. OpenVAS Vulnerability Test $Id: deb2978.nasl 6724 2017-07-14 09:57:17Z teissa $ Auto-generated from advisory DSA 2978-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright:...

Debian Security Advisory DSA 2976-1 (eglibc - security update)

Stephane Chazelas discovered that the GNU C library, glibc, processed '..' path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings. OpenVAS...

Debian Security Advisory DSA 2973-1 (vlc - security update)

Multiple buffer overflows have been found in the VideoLAN media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2973.nasl 6663 2017-07-11 09:58:05Z teissa $ Auto-generated fro...

Debian Linux <= 2.1 Print Queue Control Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/508/info The LPRng software is an enhanced, extended, and portable version of the Berkeley LPR software the standard UNIX printer spooler that ships with Debian GNU/Linux. When root controls the print queue, the...

Debian Linux 2.2 splitvt Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2210/info splitvt is a VT100 window splitter, designed to allow the user two command line interfaces in one terminal window, originally written by Sam Lantinga. It is freely available, open source, and included with many...

Salim Gasmi GLD 1.x Postfix Greylisting Daemon Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13129/info It is reported that GLD contains a buffer overflow vulnerability. This issue is due to a failure of the application to properly ensure that a fixed-size memory buffer is sufficiently large prior to copying...

Snes9x 1.3 - Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3437/info Snes9x is a free Super Nintendo emulator that runs on a number of platforms. Snes9x is prone to a buffer overflow. This is due to improper bounds checking of rom names. In this case, 4089 characters are required...

Debian Linux 2.0 Super Syslog Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/342/info After the first super buffer overflow vulnerability was discovered, another appeared shortly after. This vulnerability exists when the syslog option is enabled. The overflow is in the file error.c, in the Error...

Abuse 2.0 - Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6094/info Vulnerabilities have been discovered in two files used by Abuse. By passing an execessively long commandline argument to Abuse, it is possible to overrun a buffer. Exploiting this issue could allow a local...

GnomeHack 1.0.5 - Local Buffer Overflow Exploit

No description provided by source. / linux/debiangnomehackv1.0.5 buffer overflow, by: [email protected]. this will give you an egid=60games shell if gnomehack is sgid=2755 games on debian/2.2, which has gnomehack. this can also be applied to nethack syntax: ./debgnomehack offset alignment. exampl...

Leksbot 1.2 - Multiple Unspecified Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/7505/info Multiple vulnerabilities have been reported for Leksbot. The precise nature of these vulnerabilities are currently unknown however, exploitation of this issue may result in an attacker obtaining elevated...

Debian Linux 2.1 apcd Symlink Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/958/info A vulnerability exists in the apcd package, as shipped in Debian GNU/Linux 2.1. By sending the apcd process a SIGUSR1, a file will be created in /tmp called upsstat. This file contains information about the statu...

Debian Linux 2.1,Linux kernel 2.2/2.3,RedHat Linux 6.0,S.u.S.E. Linux 6.1 IP Options Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/302/info A vulnerability in the Linux Kernel's IPv4 option processing may allow a remote user to crash the system. The vulnerability is the result of the kernel freeing a socket buffer when it shouldn't while sending an...