Debian DSA-2739-1 : cacti - several vulnerabilities

Two security issues SQL injection and command line injection via SNMP settings were found in Cacti, a web interface for graphing of monitoring systems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

Debian Security Advisory DSA 2739-1 (cacti - several vulnerabilities)

Two security issues SQL injection and command line injection via SNMP settings were found in Cacti, a web interface for graphing of monitoring systems. OpenVAS Vulnerability Test $Id: deb2739.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2739-1 using nvtgen 1.0 Script...

Debian Security Advisory DSA 2735-1 (iceweasel - several vulnerabilities)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code, cross-site scripting, privilege escalation, bypass of t...

Debian Security Advisory DSA 2734-1 (wireshark - several vulnerabilities)

Multiple vulnerabilities were discovered in the dissectors for DVB-CI, GSM A Common and ASN.1 PER and in the Netmon file parser. OpenVAS Vulnerability Test $Id: deb2734.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2734-1 using nvtgen 1.0 Script version: 1.0 Author:...

Debian Security Advisory DSA 2733-1 (otrs2 - SQL injection)

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. OpenVAS Vulnerabili...

Debian DSA-2729-1 : openafs - several vulnerabilities

OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003 In addition the...

Debian Security Advisory DSA 2730-1 (gnupg - information leak)

Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. This update fixes this issue for the 1.4 series of GnuPG. GnuPG 2.x is affected through its use of the...

Debian Security Advisory DSA 2731-1 (libgcrypt11 - information leak)

Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2729-1 (openafs - several vulnerabilities)

OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003In addition the...

Debian Security Advisory DSA 2728-1 (bind9 - denial of service)

Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2726-1 (php-radius - buffer overflow)

A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow. OpenVAS Vulnerability Test $Id: deb2726.na...

Debian Security Advisory DSA 2727-1 (openjdk-6 - several vulnerabilities)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. OpenVAS Vulnerability Test $Id: deb2727.nasl 6611 2017-07-07 12:07:20Z...

Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)

Two security issues have been found in the Tomcat servlet and JSP engine: CVE-2012-3544 The input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service. CVE-2013-2067 The FormAuthenticator module was vulnerab...

Debian Security Advisory DSA 2723-1 (php5 - heap corruption)

It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2722-1 (openjdk-7 - several vulnerabilities)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. OpenVAS Vulnerability Test $Id: deb2722.nasl 6611 2017-07-07 12:07:20Z...

Debian Security Advisory DSA 2719-1 (poppler - several vulnerabilities)

Multiple vulnerabilities were discovered in the poppler PDF rendering library. CVE-2013-1788 Multiple invalid memory access issues, which could potentially lead to arbitrary code execution if the user were tricked into opening a malformed PDF document. CVE-2013-1790 An uninitialized memory issue,...

Debian Security Advisory DSA 2721-1 (nginx - buffer overflow)

A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxypass to untrusted upstream HTTP servers is used. An attacker may use this flaw to perform denial of service attacks, disclose worker...

Debian DSA-2715-1 : puppet - code execution

It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially crafted payload to execute arbitrary code on the puppet master. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

Debian Security Advisory DSA 2717-1 (xml-security-c - heap overflow)

Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature...

Debian Security Advisory DSA 2716-1 (iceweasel - several vulnerabilities)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementation errors may lead to the execution of arbitrary...