Debian Security Advisory DSA 2968-1 (gnupg2 - security update)

Jean-René Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop. OpenVAS Vulnerabilit...

Debian Security Advisory DSA 2969-1 (libemail-address-perl - security update)

Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using...

Debian Security Advisory DSA 2967-1 (gnupg - security update)

Jean-René Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop. OpenVAS Vulnerabilit...

Debian Security Advisory DSA 2964-1 (iodine - security update)

Oscar Reparaz discovered an authentication bypass vulnerability in iodine, a tool for tunneling IPv4 data through a DNS server. A remote attacker could provoke a server to accept the rest of the setup or also network traffic by exploiting this flaw. OpenVAS Vulnerability Test $Id: deb2964.nasl 67...

Debian DSA-2963-1 : lucene-solr - security update

Multiple vulnerabilities were found in Solr, an open source enterprise search server based on Lucene, resulting in information disclosure or code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Debian Security Advisory DSA 2962-1 (nspr - security update)

Abhiskek Arya discovered an out of bounds write in the cvtt function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2962.nasl 6735 2017-07-17 09:56:49Z teissa $ Auto-generated from advisory DSA 2962-1 using nvtgen...

Debian Security Advisory DSA 2963-1 (lucene-solr - security update)

Multiple vulnerabilities were found in Solr, an open source enterprise search server based on Lucene, resulting in information disclosure or code execution. OpenVAS Vulnerability Test $Id: deb2963.nasl 6637 2017-07-10 09:58:13Z teissa $ Auto-generated from advisory DSA 2963-1 using nvtgen 1.0...

Debian DSA-2960-1 : icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian Security Advisory DSA 2960-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb2960.nasl 6724 2017-07-14...

Debian Security Advisory DSA 2961-1 (php5 - security update)

It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as t...

Debian Security Advisory DSA 2958-1 (apt - security update)

Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via 'apt-get source'. This only affects use cases where source packages are downloaded via this command; it does not affect regular Debian package...

Debian Security Advisory DSA 2957-1 (mediawiki - security update)

Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid usernames on Special:PasswordReset as wikitext when $wgRawHtml is enabled. On such wikis this allows an unauthenticated attacker to insert malicious JavaScript, a cross site scripting attack. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2956-1 (icinga - security update)

Multiple security issues have been found in the Icinga host and network monitoring system buffer overflows, cross-site request forgery, off-by ones which could result in the execution of arbitrary code, denial of service or session hijacking. OpenVAS Vulnerability Test $Id: deb2956.nasl 6637...

Debian Security Advisory DSA 2955-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb2955.nasl 6735 2017-07-17 09:56:49Z...

Debian Security Advisory DSA 2954-1 (dovecot - security update)

It was discovered that the Dovecot email server is vulnerable to a denial of service attack against imap/pop3-login processes due to incorrect handling of the closure of inactive SSL/TLS connections. OpenVAS Vulnerability Test $Id: deb2954.nasl 6750 2017-07-18 09:56:47Z teissa $ Auto-generated fr...

Debian Security Advisory DSA 2953-1 (dpkg - security update)

Multiple vulnerabilities were discovered in dpkg that allow file modification through path traversal when unpacking source packages with specially crafted patch files. This update had been scheduled before the end of security support for the oldstable distribution squeeze, hence an exception has...

Debian Security Advisory DSA 2951-1 (mupdf - security update)

It was discovered that a buffer overflow in the MuPDF viewer might lead to the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2951.nasl 6769 2017-07-20 09:56:33Z teissa $ Auto-generated from advisory DSA 2951-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks...

Debian Security Advisory DSA 2948-1 (python-bottle - security update)

It was discovered that Bottle, a WSGI-framework for Python, performed a too permissive detection of JSON content, resulting a potential bypass of security mechanisms. OpenVAS Vulnerability Test $Id: deb2948.nasl 6637 2017-07-10 09:58:13Z teissa $ Auto-generated from advisory DSA 2948-1 using nvtg...

Debian Security Advisory DSA 2947-1 (libav - security update)

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.12 OpenVAS Vulnerability Test $Id: deb2947.nasl 8972 2018-02-28 07:02:10...

Debian Security Advisory DSA 2945-1 (chkrootkit - security update)

Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option. OpenVAS Vulnerability Test $Id: deb2945.nasl 6637 2017-07-10 09:58:13Z teissa $ Auto-generated from advisory DSA 2945-1...