Debian Security Advisory DSA 2942-1 (typo3-src - security update)

Multiple security issues have been discovered in the Typo3 CMS. More information can be found in the upstream advisory: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ OpenVAS Vulnerability Test $Id: deb2942.nasl 8972 2018-02-28 07:02:10Z cfischer $...

Debian Security Advisory DSA 2944-1 (gnutls26 - security update)

Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial of service. OpenVAS Vulnerability Test $Id: deb2944.nasl 6759 2017-07-19 09:56:33Z teissa $...

Debian Security Advisory DSA 2941-1 (lxml - security update)

It was discovered that cleanhtml function of lxml pythonic bindings for the libxml2 and libxslt libraries performed insufficient sanitisation for some non-printable characters. This could lead to cross-site scripting. OpenVAS Vulnerability Test $Id: deb2941.nasl 6735 2017-07-17 09:56:49Z teissa $...

PT-2014-1423

Name of the Vulnerable Software and Affected Versions file versions prior to 5.19 Red Hat Enterprise Linux file-static-5.04 Red Hat Enterprise Linux file-5.04 Red Hat Enterprise Linux file-debuginfo-5.04 Red Hat Enterprise Linux file-libs-5.04 Red Hat Enterprise Linux file-devel-5.04 Debian...

Debian Security Advisory DSA 2937-1 (mod-wsgi - security update)

Two security issues have been found in the Python WSGI adapter module for Apache: CVE-2014-0240 Robert Kisteleki discovered a potential privilege escalation in daemon mode. This is not exploitable with the kernel used in Debian 7.0/wheezy. CVE-2014-0242 Buck Golemon discovered that incorrect memo...

Debian Security Advisory DSA 2936-1 (torque - security update)

John Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges. OpenVAS Vulnerability Test $Id: deb2936.nasl 67...

Debian Security Advisory DSA 2935-1 (libgadu - security update)

It was discovered that malformed responses from a Gadu-Gadu file relay server could lead to denial of service or the execution of arbitrary code in applications linked to the libgadu library. The oldstable distribution squeeze is not affected. OpenVAS Vulnerability Test $Id: deb2935.nasl 6769...

Debian Security Advisory DSA 2931-1 (openssl - security update)

It was discovered that incorrect memory handling in OpenSSL's dossl3write function could result in denial of service. The oldstable distribution squeeze is not affected. OpenVAS Vulnerability Test $Id: deb2931.nasl 6724 2017-07-14 09:57:17Z teissa $ Auto-generated from advisory DSA 2931-1 using...

Debian Security Advisory DSA 2930-1 (chromium-browser - security update)

Several vulnerabilties have been discovered in the chromium web browser. CVE-2014-1740 Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation. CVE-2014-1741 John Butler discovered multiple integer overflow issues in the Blink/Webkit document object model...

Debian Security Advisory DSA 2925-1 (rxvt-unicode - security update)

Phillip Hallam-Baker discovered that window property values could be queried in rxvt-unicode, resulting in the potential execution of arbitrary commands. OpenVAS Vulnerability Test $Id: deb2925.nasl 6759 2017-07-19 09:56:33Z teissa $ Auto-generated from advisory DSA 2925-1 using nvtgen 1.0 Script...

Debian DSA-2923-1 : openjdk-7 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

Debian Security Advisory DSA 2922-1 (strongswan - security update)

A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE/IPsec suite used to establish IPsec protected links. By sending a crafted IDDERASN1DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a null pointer dereference in the daemon parsing th...

Debian Security Advisory DSA 2924-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: multiple memory safety errors, buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of...

Debian Security Advisory DSA 2923-1 (openjdk-7 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. OpenVAS Vulnerability Test $Id: deb2923.nasl 6735 2017-07-17 09:56:49Z...

Debian Security Advisory DSA 2921-1 (xbuffy - security update)

Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts. By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash ...

Debian Security Advisory DSA 2919-1 (mysql-5.5 - security update)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.37. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:...

Debian Security Advisory DSA 2918-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code,...

Debian DSA-2916-1 : libmms - security update

Alex Chapman discovered that a buffer overflow in processing 'MMS over HTTP' messages could result in the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2916...

Debian DSA-2917-1 : super - security update

John Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMITNPROC attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian Security Advisory DSA 2915-1 (dpkg - security update)

Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked. The update to the stable distribution wheezy incorporates...