Debian Security Advisory DSA 3797-1 (mupdf - security update)

Multiple vulnerabilities have been found in the PDF viewer MuPDF, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened. OpenVAS Vulnerability Test $Id: deb3797.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3797-1...

Debian: Security Advisory (DSA-3791-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 3786-1 (vim - security update)

Editor spell files passed to the vim Vi IMproved editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb3786.nasl 6607 2017-07-07...

Debian DSA-3784-1 : viewvc - security update

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian Security Advisory DSA 3777-1 (libgd2 - security update)

Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. OpenVAS Vulnerability Test $Id: deb3777.nasl 6607 2017-07-...

Debian Security Advisory DSA 3771-1 (firefox-esr - security update)

Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation. OpenVAS Vulnerability Test $Id: deb3771.nasl 6607...

Debian Security Advisory DSA 3761-1 (rabbitmq-server - security update)

It was discovered that RabbitMQ, an implementation of the AMQP protocol, didn OpenVAS Vulnerability Test $Id: deb3761.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3761-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2017...

Debian Security Advisory DSA 3763-1 (pdns-recursor - security update)

Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive DNS server, parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a...

Debian Security Advisory DSA 3760-1 (ikiwiki - security update)

Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these...

Debian DSA-3757-1 : icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple vulnerabilities may lead to the execution of arbitrary code, data leakage or bypass of the content security policy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-3754-1 : tomcat7 - security update

It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

Debian DSA-3755-1 : tomcat8 - security update

It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

Debian Security Advisory DSA 3756-1 (icoutils - security update)

Choongwoo Han discovered that a programming error in the wrestool tool of the icoutils suite allows denial of service or the execution of arbitrary code if a malformed binary is parsed. OpenVAS Vulnerability Test $Id: deb3756.nasl 7026 2017-08-31 06:13:04Z asteins $ Auto-generated from advisory D...

Debian Security Advisory DSA 3754-1 (tomcat7 - security update)

It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. OpenVAS Vulnerability Test $Id: deb3754.nasl 7026 2017-08-31 06:13:04Z asteins $ Auto-generated from advisory DSA 3754-1 using nvtgen 1.0 Script...

Debian Security Advisory DSA 3755-1 (tomcat8 - security update)

It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. OpenVAS Vulnerability Test $Id: deb3755.nasl 7026 2017-08-31 06:13:04Z asteins $ Auto-generated from advisory DSA 3755-1 using nvtgen 1.0 Script...

Debian Security Advisory DSA 3750-1 (libphp-phpmailer - security update)

Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch...

Debian Security Advisory DSA 3753-1 (libvncserver - security update)

It was discovered that libvncserver, a collection of libraries used to implement VNC/RFB clients and servers, incorrectly processed incoming network packets. This resulted in several heap-based buffer overflows, allowing a rogue server to either cause a DoS by crashing the client, or potentially...

Debian Security Advisory DSA 3752-1 (pcsc-lite - security update)

Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of PCSC-Lite might result in denial of service or potentially privilege escalation. OpenVAS Vulnerability Test $Id: deb3752.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3752-1 using nvtgen 1.0 Script...

Debian Security Advisory DSA 3751-1 (libgd2 - security update)

A stack overflow vulnerability was discovered within the gdImageFillToBorder function in libgd2, a library for programmatic graphics creation and manipulation, triggered when invalid colors are used with truecolor images. A remote attacker can take advantage of this flaw to cause a...

Debian Security Advisory DSA 3749-1 (dcmtk - security update)

Gjoko Krstic of Zero Science Labs discovered that dcmtk, a collection of libraries implementing the DICOM standard, did not properly handle the size of data received from the network. This could lead to denial-of-service via application crash or arbitrary code execution. OpenVAS Vulnerability Tes...