Debian Security Advisory DSA 3923-1 (freerdp - security update)

Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol RDP, contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client...

Debian Security Advisory DSA 3921-1 (enigmail - security update)

In DSA 3918 Thunderbird was upgraded to the latest ESR series. This update upgrades Enigmail, the OpenPGP extention for Thunderbird, to version 1.9.8.1 to restore full compatibility. OpenVAS Vulnerability Test $Id: deb3921.nasl 6835 2017-08-02 12:55:28Z cfischer $ Auto-generated from advisory DSA...

Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see th...

Debian Security Advisory DSA 3919-1 (openjdk-8 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or bypassing Jar verification. OpenVA...

Debian Security Advisory DSA 3909-1 (samba - security update)

Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus OpenVAS Vulnerability Test $Id: deb3909.nasl 6800 2017-07-26 06:58:22Z cfischer $ Auto-generated from advisory DSA...

Debian DSA-3905-1 : xorg-server - security update

Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3905. The tex...

Debian DSA-3903-1 : tiff - security update

Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Debian Security Advisory DSA 3902-1 (jabberd2 - security update)

It was discovered that jabberd2, a Jabber instant messenger server, allowed anonymous SASL connections, even if disabled in the configuration. OpenVAS Vulnerability Test $Id: deb3902.nasl 6757 2017-07-19 05:57:31Z cfischer $ Auto-generated from advisory DSA 3902-1 using nvtgen 1.0 Script version:...

Debian Security Advisory DSA 3903-1 (tiff - security update)

Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb3903.nasl 6682 2017-07-12 09:00:18Z cfischer $ Auto-generated from advisory DSA 3903-1 using...

Debian DSA-3891-1 : tomcat8 - security update

Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacemen...

Debian DSA-3895-1 : flatpak - security update

It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian DSA-3890-1 : spip - security update

Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Debian Security Advisory DSA 3893-1 (jython - security update)

Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer. OpenVAS Vulnerability Test $Id: deb3893.nasl 6782 2017-07-2...

Debian Security Advisory DSA 3890-1 (spip - security update)

Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution. OpenVAS Vulnerability Test $Id: deb3890.nasl 6607...

Debian Security Advisory DSA 3888-1 (exim4 - security update)

The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. OpenVAS Vulnerability Test $Id: deb3888.nasl 6618 2017-07-07 14:17:52Z cfischer $ Auto-generate...

Debian Security Advisory DSA 3884-1 (gnutls28 - security update)

Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash denial of service. OpenVAS Vulnerability Test $Id: deb3884.nasl 660...

Debian Security Advisory DSA 3878-1 (zziplib - security update)

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed. OpenVAS Vulnerability Test $Id: deb3878.nasl 6607 2017-07-07 12:04:25Z...

Debian DSA-3870-1 : wordpress - security update

Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-3869-1 : tnef - security update

It was discovered that tnef, a tool used to unpack MIME attachments of type 'application/ms-tnef', did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash...

Debian Security Advisory DSA 3869-1 (tnef - security update)

It was discovered that tnef, a tool used to unpack MIME attachments of type OpenVAS Vulnerability Test $Id: deb3869.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3869-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2017 Greenbo...