Debian Security Advisory DSA 2878-1 (virtualbox - security update)

Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86 virtualisation solution, resulting in denial of service, privilege escalation and an information leak. OpenVAS Vulnerability Test $Id: deb2878.nasl 6735 2017-07-17 09:56:49Z teissa $ Auto-generated from advisory DSA 2878-1 usi...

Debian Security Advisory DSA 2875-1 (cups-filters - security update)

Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed. OpenVAS Vulnerability Test $Id: deb2875.nasl 6724 2017-07-14 09:57:17Z teissa $...

Debian Security Advisory DSA 2874-1 (mutt - security update)

Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2874.nasl 6663 2017-07-11 09:58:05Z teissa $ Auto-generated...

Debian Security Advisory DSA 2876-1 (cups - security update)

Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed. OpenVAS Vulnerability Test $Id: deb2876.nasl 6715 2017-07-13 09:57:40Z teissa $...

Debian Security Advisory DSA 2872-1 (udisks - several vulnerabilities)

Florian Weimer discovered a buffer overflow in udisks's mount path parsing code which may result in privilege escalation. OpenVAS Vulnerability Test $Id: deb2872.nasl 6735 2017-07-17 09:56:49Z teissa $ Auto-generated from advisory DSA 2872-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone...

Debian Security Advisory DSA 2869-1 (gnutls26 - incorrect certificate verification)

Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported successfully even in cases were an error would prevent all verification steps to be performed. An attacker doing a man-in-the-middle of a...

Debian Security Advisory DSA 2866-1 (gnutls26 - certificate verification flaw)

Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default. The oldstable distribution squeeze is not affected by this problem as X.509 version 1 trusted CA certificates are not allowed by default. OpenVAS...

Debian Security Advisory DSA 2863-1 (libtar - directory traversal)

A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tarextractglob an...

Debian Security Advisory DSA 2858-1 (iceweasel - several vulnerabilities)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or...

Debian Security Advisory DSA 2856-1 (libcommons-fileupload-java - denial of service)

It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition. OpenVAS Vulnerability Test $Id: deb2856.nasl 6663 2017-07-11 09:58:05Z teissa $...

Debian Security Advisory DSA 2852-1 (libgadu - heap-based buffer overflow)

Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code. OpenVAS Vulnerabili...

Debian Security Advisory DSA 2853-1 (horde3 - remote code execution)

Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize PHP function. A remote attacker could specially-craft one of those variables allowing her to load and execute code...

Debian Security Advisory DSA 2855-1 (libav - several vulnerabilities)

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. The IDs mentioned above are just a portion of the security issues fixed in this update. A full list of the changes is available at...

Debian Security Advisory DSA 2851-1 (drupal6 - impersonation)

Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. These fixes require...

Debian Security Advisory DSA 2849-1 (curl - information disclosure)

Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2850-1 (libyaml - heap-based buffer overflow)

Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the...

Debian Security Advisory DSA 2848-1 (mysql-5.5 - several vulnerabilities)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:...

Debian Security Advisory DSA 2846-1 (libvirt - several vulnerabilities)

Multiple security issues have been found in Libvirt, a virtualisation abstraction library: CVE-2013-6458 It was discovered that insecure job usage could lead to denial of service against libvirtd. CVE-2014-1447 It was discovered that a race condition in keepalive handling could lead to denial of...

Debian Security Advisory DSA 2845-1 (mysql-5.1 - several vulnerabilities)

This DSA updates the MySQL 5.1 database to 5.1.73. This fixes multiple unspecified security problems in MySQL: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html OpenVAS Vulnerability Test $Id: deb2845.nasl 6715 2017-07-13 09:57:40Z teissa $ Auto-generated from advisory DSA...

Debian DSA-2844-1 : djvulibre - arbitrary code execution

It was discovered that djvulibre, the Open Source DjVu implementation project, can be crashed or possibly make it execute arbitrary code when processing a specially crafted djvu file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...