1293 matches found
Debian DSA-3915-1 : ruby-mixlib-archive - security update
It was discovered that ruby-mixlib-archive, a Chef Software's library used to handle various archive formats, was vulnerable to a directory traversal attack. This allowed attackers to overwrite arbitrary files by using a malicious tar archive containing '..' in its entries. %NASLMINLEVEL 70300 C...
Debian DLA-1032-1 : unattended-upgrades regression update
Since the release of the last Debian stable release 'stretch', Debian LTS 'wheezy' has been renamed 'oldoldstable', which broke the unattended-upgrades package as described in bug 867169. Updates would simply not be performed anymore. For Debian 7 'Wheezy', these problems have been fixed in versi...
[SECURITY] [DSA 3914-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3914-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 18, 2017 https://www.debian.org/security/faq -...
Debian DSA-3912-1 : heimdal - security update (Orpheus' Lyre)
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext Ticket, rather than the authenticated and encrypted KDC response. A man-in-the-middle...
Debian DSA-3902-1 : jabberd2 - security update
It was discovered that jabberd2, a Jabber instant messenger server, allowed anonymous SASL connections, even if disabled in the configuration. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
[SECURITY] [DSA 3902-1] jabberd2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3902-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2017 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3902-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3891-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3891-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 22, 2017 https://www.debian.org/security/faq -...
Debian DLA-993-2 : linux regression update (Stack Clash)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitfioctl function which may result into a use-after-free vulnerability, triggerable...
Debian: Security Advisory (DSA-3890-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-3887-1 : glibc - security update (Stack Clash)
The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt...
Debian DSA-3878-1 : zziplib - security update
Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...
Debian: Security Advisory (DSA-3866-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 3857-1 (mysql-connector-java - security update)
Two vulnerabilities have been found in the MySQL Connector/J JDBC driver. OpenVAS Vulnerability Test $Id: deb3857.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3857-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2017 Greenbone...
Debian DSA-3850-1 : rtmpdump - security update
Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian: Security Advisory (DSA-3847-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3837-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3837-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 27, 2017 https://www.debian.org/security/faq -...
Debian DLA-874-1 : jbig2dec security update
Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened. For Debian 7 'Wheezy', these problems have been fixed in version...
Debian DSA-3820-1 : gst-plugins-good1.0 - security update
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-3821-1 : gst-plugins-ugly1.0 - security update
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...