Debian Security Advisory DSA 2844-1 (djvulibre - arbitrary code execution)

It was discovered that djvulibre, the Open Source DjVu implementation project, can be crashed or possibly make it execute arbitrary code when processing a specially crafted djvu file. OpenVAS Vulnerability Test $Id: deb2844.nasl 6759 2017-07-19 09:56:33Z teissa $ Auto-generated from advisory DSA...

Debian Security Advisory DSA 2841-1 (movabletype-opensource - cross-site scripting)

A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine. OpenVAS Vulnerability Test $Id: deb2841.nasl 6715 2017-07-13 09:57:40Z teissa $ Auto-generated from advisory DSA 2841-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks...

Debian Security Advisory DSA 2840-1 (srtp - buffer overflow)

Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol SRTP, in how the cryptopolicysetfromprofileforrtp function applies cryptographic profiles to an srtppolicy. A remote attacker could...

Debian Security Advisory DSA 2837-1 (openssl - programming error)

Anton Johansson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. The oldstable distribution squeeze is not affected. OpenVAS Vulnerability Test $Id: deb2837.nasl 6663 2017-07-11 09:58:05Z teissa $ Auto-generated from advisory DSA 2837-1 using...

Debian Security Advisory DSA 2838-1 (libxfont - buffer overflow)

It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts BDF could result in the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2838.nasl 6715 2017-07-13 09:57:40Z teissa $ Auto-generated from advisory DSA 2838-1 using nvtgen 1.0 Script versio...

Debian Security Advisory DSA 2836-1 (devscripts - arbitrary code execution)

Several vulnerabilities have been discovered in uscan, a tool to scan upstream sites for new releases of packages, which is part of the devscripts package. An attacker controlling a website from which uscan would attempt to download a source tarball could execute arbitrary code with the privilege...

Debian Security Advisory DSA 2833-1 (openssl - several vulnerabilities)

Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this update disables the insecure DualECDRBG algorithm which was unused anyway, see...

Debian Security Advisory DSA 2834-1 (typo3-src - several vulnerabilities)

Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004 . OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)

An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. OpenVAS Vulnerability Test $Id: deb2831.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated fr...

Debian Security Advisory DSA 2830-1 (ruby-i18n - cross-site scripting)

Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package...

Debian Security Advisory DSA 2829-1 (hplip - several vulnerabilities)

Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled. OpenVAS Vulnerability Test $Id: deb2829.nasl 6611 2017-07-07 12:07:20Z cfischer $...

Debian Security Advisory DSA 2826-1 (denyhosts - Remote denial of ssh service)

Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user ...

Debian Security Advisory DSA 2825-1 (wireshark - several vulnerabilities)

Laurent Butti and Garming Sam discovered multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2825.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA...

Debian Security Advisory DSA 2824-1 (curl - unchecked tls/ssl certificate host name)

Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend. The default configuration for the curl package is not affected by this issue since the digital...

Debian Security Advisory DSA 2822-1 (xorg-server - integer underflow)

Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2822.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2822-1 using nvtgen 1.0 Script version: 1...

Debian Security Advisory DSA 2821-1 (gnupg - side channel attack)

Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts. OpenVAS Vulnerability Test $Id: deb2821.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2821-1...

Debian Security Advisory DSA 2823-1 (pixman - integer underflow)

Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2823.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2823-1 using nvtgen 1.0 Script version: 1.0 Author:...

Debian Security Advisory DSA 2820-1 (nspr - integer overflow)

It was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems. OpenVAS Vulnerability Test $Id: deb2820.nasl 6611 2017-07-07 12:07:20Z cfischer $...

Debian Security Advisory DSA 2817-1 (libtar - Integer overflow)

Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2817.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2817-1 using...

Debian DSA-2813-1 : gimp - several vulnerabilities

Murray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Adviso...