Debian: Security Advisory (DLA-264-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-259-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 340-1] krb5 security update

Package : krb5 Version : 1.8.3+dfsg-4squeeze10 CVE ID : CVE-2015-2695 CVE-2015-2697 Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2695 It was discovered that...

Debian DLA-284-1 : apache2 security update

A vulnerability has been found in the Apache HTTP Server. CVE-2015-3183 Apache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling via a crafted request. This flaw relates to mishandling of large chunk-size values and invalid...

[SECURITY] [DLA 283-1] icu security update

Package : icu Version : 4.4.1-8+squeeze4 CVE ID : CVE-2015-4760 A vulnerability has been found in the International Components for Unicode ICU library: CVE-2015-4760 It was discovered that ICU Layout Engine was missing multiple boundary checks. These could lead to buffer overflows and memory...

DLA-284-1 apache2 - security update

Bulletin has no description...

Debian DLA-276-1 : inspircd security update

Adam , upstream author of inspircd found the Debian patch that fixed CVE-2012-1836 was incomplete. Furthermore, it introduced an issue, since invalid dns packets caused an infinite loop. This upload corrects these problems. As of today, no CVEs has been assigned to these Debian-specific flaws. Fo...

Debian DLA-273-1 : tidy security update

Fernando Muoz discovered a security issue on the HTML syntax checker and reformatter tidy. Tidy did not properly process specific character sequences, and a remote attacker could exploit this flaw to cause a DoS, or probably, execute arbitrary code. Two different CVEs were assigned to this issue...

[SECURITY] [DLA 276-1] inspircd security update

Package : inspircd Version : 1.1.22+dfsg-4+squeeze2 Debian Bug : 780880 Adam [email protected], upstream author of inspircd found the Debian patch that fixed CVE-2012-1836 was incomplete. Furthermore, it introduced an issue, since invalid dns packets caused an infinite loop. This upload corrects the...

DLA-276-1 inspircd - security update

Bulletin has no description...

DLA-273-1 tidy - security update

Bulletin has no description...

Debian DLA-272-1 : python-django security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to...

Debian DLA-264-1 : libmodule-signature-perl security update

John Lightsey discovered multiple vulnerabilities in Module::Signature, a Perl module to manipulate CPAN SIGNATURE files. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2015-3406 Module::Signature could parse the unsigned portion of the SIGNATURE file as...

Debian DLA-263-1 : ruby1.9.1 security update

Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly restricting the ability to trigger hash collisions predictably, allowing context-dependent attackers to cause a deni...

[SECURITY] [DLA 263-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u5 CVE ID : CVE-2012-5371 CVE-2013-0269 Debian Bug : 693024 700471 Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly...

DLA-257-1 libwmf - security update

Bulletin has no description...

DLA-240-1 libapache-mod-jk - security update

Bulletin has no description...

Debian Security Advisory DSA 2787-1 (roundcube - design error)

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the session parameter in steps/utils/savepref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing rand...

Debian: Security Advisory (DSA-2623-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-2549-1 devscripts - multiple

Bulletin has no description...