Debian DSA-3864-1 : fop - security update

It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3864. Th...

Debian DSA-3865-1 : mosquitto - security update

It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3865. The text itself is copyright C Software in t...

Debian Security Advisory DSA 3868-1 (openldap - security update)

Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend. OpenVAS Vulnerability Test $Id: deb3868.nasl 6607 2017-07-07 12:04:25Z cfische...

Debian DSA-3861-1 : libtasn1-6 - security update

Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into...

Debian Security Advisory DSA 3861-1 (libtasn1-6 - security update)

Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into...

Debian Security Advisory DSA 3858-1 (openjdk-7 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography. OpenVAS Vulnerability Test $Id: deb3858.nasl 6607 2017-07-07 12:04:25Z cfischer ...

Debian Security Advisory DSA 3857-1 (mysql-connector-java - security update)

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver. OpenVAS Vulnerability Test $Id: deb3857.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3857-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2017 Greenbone...

Debian Security Advisory DSA 3855-1 (jbig2dec - security update)

Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened. OpenVAS Vulnerability Test...

Debian DSA-3850-1 : rtmpdump - security update

Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-3848-1 : git - security update

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn 'git upload-pack --help'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian Security Advisory DSA 3848-1 (git - security update)

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn OpenVAS Vulnerability Test $Id: deb3848.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3848-1...

Debian Security Advisory DSA 3845-1 (libtirpc - security update)

Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion depending on memory management settings. OpenVAS Vulnerability Test $Id: deb3845.nasl 6607 2017-07-07...

Debian DSA-3825-1 : jhead - security update

It was discovered that jhead, a tool to manipulate the non-image part of EXIF compliant JPEG files, is prone to an out-of-bounds access vulnerability, which may result in denial of service or, potentially, the execution of arbitrary code if an image with specially crafted EXIF data is processed...

Debian Security Advisory DSA 3823-1 (eject - security update)

Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper, and used in eject, does not check return values from setuid and setgid when dropping privileges. OpenVAS Vulnerability Test $Id: deb3823.nasl 6607 2017-07-0...

Debian Security Advisory DSA 3819-1 (gst-plugins-base1.0 - security update)

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. OpenVAS Vulnerability Test $Id: deb3819.nasl 6607 2017-07-07 12:04:25Z cfisch...

Debian Security Advisory DSA 3821-1 (gst-plugins-ugly1.0 - security update)

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. OpenVAS Vulnerability Test $Id: deb3821.nasl 6607 2017-07-07 12:04:25Z cfisch...

Debian Security Advisory DSA 3814-1 (audiofile - security update)

Several vulnerabilities have been discovered in the audiofile library, which may result in denial of service or the execution of arbitrary code if a malformed audio file is processed. OpenVAS Vulnerability Test $Id: deb3814.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DS...

Debian DSA-3812-1 : ioquake3 - security update

It was discovered that ioquake3, a modified version of the ioQuake3 game engine performs insufficent restrictions on automatically downloaded content pk3 files or game code, which allows malicious game servers to modify configuration settings including driver settings. %NASLMINLEVEL 70300 C Tenab...

Debian Security Advisory DSA 3811-1 (wireshark - security update)

It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for ASTERIX, DHCPv6, NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to various crashes, denial-of-service or execution of arbitrary code. OpenVAS Vulnerability Test...

Debian DSA-3801-1 : ruby-zip - security update

It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. %NASLMINLEVEL 70300 C...