8 matches found
Null pointer dereference
The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...
[SECURITY] [DSA 4010-1] git-annex security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3940-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-3934-1 : git - security update
Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
bind: denial of service
A very uncommon combination of zone data has been found that triggers a bug in BIND, with the result that named will exit with a "REQUIRE" failure in name.c when validating the data returned in answer to a recursive query. This means that a recursive resolver that is performing DNSSEC validation...
Mandriva Linux Security Advisory : bind (MDVSA-2015:165)
Updated bind packages fix security vulnerabilities : By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the...
Debian DLA-104-1 : pdns-recursor security update
Florian Maury from ANSSI discovered a flaw in pdns-recursor, a recursive DNS server : a remote attacker controlling maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial of service. NOTE: Tenable...
[SECURITY] [DLA 112-1] bind9 security update
Package : bind9 Version : 9.7.3.dfsg-1squeeze13 CVE ID : CVE-2014-8500 Debian Bug : 772610 This update fixes a denial of service vulnerability in BIND, a DNS server. By making use of maliciously-constructed zones or a rogue server, an attacker could exploit an oversight in the code BIND 9 used to...