Debian Security Advisory DSA 2586-1 (perl - several vulnerabilities)

Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195The x operator could cause the Perl interpreter to crash if very long strings were created. CVE-2012-5526The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers...

Debian Security Advisory DSA 2593-1 (moin - several vulnerabilities)

It was discovered that missing input validation in the twikidraw and anywikidraw actions can result in the execution of arbitrary code. This security issue is being actively exploited. This update also addresses path traversal in AttachFile. OpenVAS Vulnerability Test $Id: deb25931.nasl 6611...

Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the...

Debian Security Advisory DSA 2471-1 (ffmpeg - several vulnerabilities)

Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code. These...

Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities)

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. The reported vulnerabilities could lead to the execution of arbitrary code or the bypass of...

Debian Security Advisory DSA 2758-1 (python-django - denial of service)

It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords. A non-authenticated remote attacker could mount a denial of service by submitting arbitrarily large passwords, tying up server resources in the...

Debian DSA-2753-1 : mediawiki - information leak

It was discovered that in MediaWiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Debian Security Advisory DSA 2756-1 (wireshark - several vulnerabilities)

Multiple vulnerabilities were discovered in the dissectors for LDAP, RTPS and NBAP and in the Netmon file parser, which could result in denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2756.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from...

Debian Security Advisory DSA 2753-1 (mediawiki - information leak)

It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential. OpenVAS Vulnerability Test $Id: deb2753.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generat...

Debian Security Advisory DSA 2754-1 (exactimage - denial of service)

It was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialized variable being passed to longjmp. This is a...

Debian Security Advisory DSA 2752-1 (phpbb3 - permissions too wide)

Andreas Beckmann discovered that phpBB, a web forum, as installed in Debian, sets incorrect permissions for cached files, allowing a malicious local user to overwrite them. OpenVAS Vulnerability Test $Id: deb2752.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2752-1...

Debian Security Advisory DSA 2751-1 (libmodplug - several vulnerabilities)

Several vulnerabilities have been discovered in libmodplug, a library for mod music based on ModPlug, that might allow arbitrary code execution when processing specially-crafted ABC files through applications using the library, such as media players. OpenVAS Vulnerability Test $Id: deb2751.nasl...

Debian Security Advisory DSA 2750-1 (imagemagick - buffer overflow)

Anton Kortunov reported a heap corruption in ImageMagick, a program collection and library for converting and manipulating image files. Crafted GIF files could cause ImageMagick to crash, potentially leading to arbitrary code execution. The oldstable distribution squeeze is not affected by this...

Debian Security Advisory DSA 2749-1 (asterisk - several vulnerabilities)

Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service. OpenVAS Vulnerability Test $Id: deb2749.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from...

Debian DSA-2747-1 : cacti - several vulnerabilities

Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems : - CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. - CVE-2013-5589 cacti/host.php contained a SQL injection vulnerability, allowing an attacker ...

Debian Security Advisory DSA 2748-1 (exactimage - denial of service)

Several denial-of-service vulnerabilities were discovered in the dcraw code base, a program for procesing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package. OpenVAS Vulnerability Test $Id: deb2748.nasl 6611 2017-07-07 12:07:20...

Debian Security Advisory DSA 2747-1 (cacti - several vulnerabilities)

Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems: CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. CVE-2013-5589 cacti/host.php contained an SQL injection vulnerability, allowing an attacker to...

Debian Security Advisory DSA 2744-1 (tiff - several vulnerabilities)

Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2744.nasl 6611 2017-07-07 12:07:20Z cfischer ...

Debian Security Advisory DSA 2742-1 (php5 - interpretation conflict)

It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be...

Debian DSA-2739-1 : cacti - several vulnerabilities

Two security issues SQL injection and command line injection via SNMP settings were found in Cacti, a web interface for graphing of monitoring systems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...