Debian Security Advisory DSA 2765-1 (davfs2 - privilege escalation)

Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation. OpenVAS Vulnerability Test $Id: deb2765.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2765-1 using nvtgen 1.0 Script version: 1....

Debian Security Advisory DSA 2764-1 (libvirt - programming error)

Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats function could lead to denial of service. The oldstable distribution squeeze is not affected. OpenVAS Vulnerability Test $Id: deb2764.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from...

Debian DSA-2763-1 : pyopenssl - hostname check bypassing

It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field. A remote attacker in the position to obtain a certificate for 'www.foo.org\0.example.com' from a CA that a SSL client...

Debian Security Advisory DSA 2763-1 (pyopenssl - hostname check bypassing)

It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field. A remote attacker in the position to obtain a certificate for 'www.foo.org\0.example.com' from a CA that a SSL client...

Debian Security Advisory DSA 2760-1 (chrony - several vulnerabilities)

Florian Weimer discovered two security problems in the Chrony time synchronisation software buffer overflows and use of uninitialised data in command replies. OpenVAS Vulnerability Test $Id: deb2760.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2760-1 using nvtgen 1.0...

Debian Security Advisory DSA 2759-1 (iceweasel - several vulnerabilities)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows may lead to the execution of arbitrary code. The Iceweasel version in the oldstable distribution squeeze is no longer supported with security...

Debian Security Advisory DSA 2595-1 (ghostscript - integer overflow)

Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb25951.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2595-1 using nvtgen 1.0 Script version: 1.0...

Debian Security Advisory DSA 2594-1 (virtualbox-ose - programming error)

halfdog discovered that incorrect interrupt handling in VirtualBox, a x86 virtualization solution, can lead to denial of service. OpenVAS Vulnerability Test $Id: deb25941.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2594-1 using nvtgen 1.0 Script version: 1.0 Author:...

Debian Security Advisory DSA 2587-1 (libcgi-pm-perl - HTTP header injection)

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers. OpenVAS Vulnerability Test $Id: deb25871.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2587-1 using...

Debian Security Advisory DSA 2427-1 (imagemagick - several vulnerabilities)

Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images. CVE-2012-0247When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invali...

Debian Security Advisory DSA 2439-1 (libpng - buffer overflow)

Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. OpenVAS Vulnerability Test $Id: deb24391.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2439-1 using...

Debian Security Advisory DSA 2589-1 (tiff - buffer overflow)

The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code. OpenVAS Vulnerability Test $Id: deb25891.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from...

Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)

Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb24622.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory D...

Debian Security Advisory DSA 2393-1 (bip - buffer overflow)

Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxy which may allow arbitrary code execution by remote users. The oldstable distribution lenny is not affected by this problem. OpenVAS Vulnerability Test $Id: deb23931.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated fro...

Debian Security Advisory DSA 2592-1 (elinks - programming error)

Marko Myllynen discovered that ELinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate. OpenVAS Vulnerability Test $Id: deb25921.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2592-1 using nvtgen 1.0 Script version: 1.0 Author:...

Debian Security Advisory DSA 2456-1 (dropbear - use after free)

Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place. OpenVAS Vulnerability Test...

Debian Security Advisory DSA 2596-1 (mediawiki-extensions - cross-site scripting)

Thorsten Glaser discovered that the RSSReader extension for MediaWiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the MediaWiki pages. OpenVAS Vulnerability Test $Id: deb25961.nasl 8972 2018-02-28...

Debian Security Advisory DSA 2585-1 (bogofilter - buffer overflow)

A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution. OpenVAS Vulnerability Test $Id: deb25851.nasl...

Debian Security Advisory DSA 2591-1 (mahara - several vulnerabilities)

Multiple security issues have been found in Mahara, an electronic portfolio, weblog, and resume builder, which can result in cross-site scripting, clickjacking or arbitrary file execution. OpenVAS Vulnerability Test $Id: deb25911.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from...

Debian Security Advisory DSA 2586-1 (perl - several vulnerabilities)

Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195The x operator could cause the Perl interpreter to crash if very long strings were created. CVE-2012-5526The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers...