Debian Security Advisory DSA 2713-1 (curl - heap overflow)

Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curleasyunescape function. The curl command line tool is not affected by this problem as it doesn't use the curleasyunescape function. OpenVAS...

Debian Security Advisory DSA 2711-1 (haproxy - several vulnerabilities)

Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code. CVE-2013-1912 Buffer overflow in the HTTP keepalive code. CVE-2013-2175 Denial of service in parsing HTTP headers. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2712-1 (otrs2 - privilege escalation)

It was discovered that users with a valid agent login could use crafted URLs to bypass access control restrictions and read tickets to which they should not have access. The oldstable distribution squeeze is not affected by this problem. OpenVAS Vulnerability Test $Id: deb2712.nasl 6611 2017-07-0...

Debian Security Advisory DSA 2698-1 (tiff - buffer overflow)

Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion. CVE-2013-1960 Emmanuel Bouillon discovered a heap-based buffer overflow in the tpprocessjpegstrip function in the tiff2pdf tool. This could potentially lead to a crash or arbitra...

Debian Security Advisory DSA 2628-1 (nss-pam-ldapd - buffer overflow)

Garth Mollett discovered that a file descriptor overflow issue in the use of FDSET in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that...

Debian Security Advisory DSA 2709-1 (wireshark - several vulnerabilities)

Multiple vulnerabilities were discovered in the dissectors for CAPWAP, GMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave file parser, which could result in denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2709.nasl 6611 2017-07-07...

Debian Security Advisory DSA 2708-1 (fail2ban - denial of service)

Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enabl...

Debian Security Advisory DSA 2707-1 (dbus - denial of service)

Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in dbusprintfstringupperbound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to...

Debian Security Advisory DSA 2705-1 (pymongo - denial of service)

Jibbers McGee discovered that PyMongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash. The oldstable distribution squeeze is not affected by this issue...

Debian Security Advisory DSA 2704-1 (mesa - out of bounds access)

It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets. The oldstable distribution squeeze is not...

Debian Security Advisory DSA 2702-1 (telepathy-gabble - TLS verification bypass)

Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perfor...

Debian Security Advisory DSA 2700-1 (wireshark - several vulnerabilities)

Multiple vulnerabilities were discovered in the dissectors for GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could result in denial of service or the execution of arbitrary code. The oldstable distribution squeeze is not affected. OpenVAS Vulnerability Test $Id: deb2700.na...

Debian Security Advisory DSA 2697-1 (gnutls26 - out-of-bounds array read)

It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding. The oldstable distribution squeeze is not affected because the security fix that introduced this vulnerability was not applied ...

Debian Security Advisory DSA 2696-1 (otrs2 - privilege escalation)

A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets they are not permitte...

Debian Security Advisory DSA 2701-1 (krb5 - denial of service)

It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition. OpenVAS Vulnerability Test $Id: deb2701.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2701-1 using nvtgen 1....

Debian Security Advisory DSA 2694-1 (spip - privilege escalation)

A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website. OpenVAS Vulnerability Test $Id: deb2694.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2694-1 using nvtgen 1.0 Script...

Debian Security Advisory DSA 2693-1 (libx11 - several vulnerabilities)

Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to...

Debian Security Advisory DSA 2675-2 (libxvmc - several vulnerabilities)

Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to...

Debian DSA-2685-1 : libxp - several vulnerabilities

Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to...

Debian Security Advisory DSA 2692-1 (libxxf86vm - several vulnerabilities)

Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to...