MCollective: Remote Code Execution

Background MCollective is a framework to build server orchestration or parallel job execution systems. Description A vulnerability was discovered in MCollective which allowed for deserialized YAML from agents without calling safeload. This allows the potential for arbitrary code execution on the...

jbig2dec: User-assisted execution of arbitrary code

Background jbig2dec is a decoder implementation of the JBIG2 image compression format. Description Integer overflow errors have been discovered in the jbig2decodesymboldict, jbig2buildhuffmantable, and jbig2imagecompose functions of jbig2dec. Impact A remote attacker, by enticing a user to open a...

AutoTrace: Multiple vulnerabilities

Background AutoTrace converts bitmap to vector graphics. Description Heap-based buffer overflows have been discovered in the pstoeditsuffixtableinit and pnmloadrawpbm functions of AutoTrace. Impact Remote attackers, by enticing a user to process a crafted bmp image file, could cause a Denial of...

Ked Password Manager: Information leak

Background Helps to manage large numbers of passwords and related information and simplifies the tasks of searching and entering password data. Description A history file in /.kedpm/history is written in clear text. All of the commands performed in the password manager are written there. This can...

bzip2: Denial of service

Background bzip2 is a high-quality data compressor used extensively by Gentoo Linux. Description A use-after-free flaw was found in bzip2recover, leading to a null pointer dereference, or a write to a closed file descriptor. Please review the CVE identifier referenced below for details. Impact A...

evilvte: User-assisted execution of arbitrary code

Background VTE based, highly customizable terminal emulator Description Steve Kemp of Debian identified a flaw in evilvte which does not properly validate hypertext links. Please review the Debian bug report referenced below. Impact Remote attackers could execute arbitrary code by enticing a user...

GPL Ghostscript: Multiple vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for additional information. Impact A context-dependent attacker could entice a user to...

RAR and UnRAR: User-assisted execution of arbitrary code

Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description A VMSFDELTA memory corruption was discovered in which an integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the “DestPos” variable which allows...

TNEF: Multiple vulnerabilities

Background TNEF is a program for unpacking MIME attachments of type “application/ms-tnef”. Description Multiple vulnerabilities have been discovered in TNEF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted...

BIND: Multiple vulnerabilities

Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted DNS request to the BIND resolver resulting in ...

Adobe Flash Player: Multiple Vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

Gajim: Information disclosure

Background Gajim is a Jabber/XMPP client which uses GTK+. Description Gajim unconditionally implements the “XEP-0146: Remote Controlling Clients” extension. Impact Remote attackers, by enticing a user to connect to a malicious XMPP server, could extract plaintext from Off The Record OTR encrypted...

MAN DB: Privilege escalation

Background MAN DB is a man replacement that utilizes BerkelyDB instead of flat files. Description The /var/cache/man directory as part of the MAN DB package has group permissions set to root. Impact A local user who does not belong to the root group, but has the ability to modify the /var/cache/m...

libcroco: Multiple vulnerabilities

Background libcroco is a standalone CSS2 parsing and manipulation library. Description Multiple vulnerabilities have been discovered in libcroco. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted CSS file...

feh: Arbitrary remote code execution

Background feh is an X11 image viewer aimed mostly at console users. Description Tobias Stoeckmann discovered it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. Impact A remote attacker, pretending to be the E17 window manager, could...

Game Music Emu: Multiple vulnerabilities

Background Game Music Emu is a multi-purpose console music emulator and player library. Description Multiple vulnerabilities have been discovered in Game Music Emu. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially...

GNOME applet for NetworkManager: Arbitrary file read/write

Background GNOME applet for NetworkManager is a GTK+ 3 front-end which works under Xorg environments with a systray. Description Frederic Bardy and Quentin Biguenet discovered that GNOME applet for NetworkManager incorrectly checked permissions when connecting to certain wireless networks. Impact...

OpenSLP: Multiple vulnerabilities

Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition o...

VLC: Multiple vulnerabilities

Background VLC is a cross-platform media player and streaming server. Description Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a specially crafted subtitles file, could...

RoundCube: Security bypass

Background Free and open source webmail software for the masses, written in PHP. Description Authenticated users can arbitrarily reset passwords due to a problem caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. Impact Authenticated users can...

libsndfile: Multiple vulnerabilities

Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially...

virglrenderer: Multiple vulnerabilities

Background A virtual 3D GPU library, that allows the guest operating system to use the host GPU to accelerate 3D rendering. Description Multiple vulnerabilities have been discovered in virglrenderer. Please review the CVE identifiers referenced below for details. Impact A local attacker could cau...

phpMyAdmin: Security bypass

Background phpMyAdmin is a web-based management tool for MySQL databases. Description A vulnerability was discovered where the restrictions caused by “$cfg‘Servers’$i‘AllowNoPassword’ = false” are bypassed under certain PHP versions. This can lead compromised user accounts, who have no passwords...

JasPer: Multiple vulnerabilities

Background JasPer is a software-based implementation of the codec specified in the JPEG-2000 Part-1 standard. Description Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...

IcedTea: Multiple vulnerabilities

Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers...

FreeRADIUS: Security bypass

Background FreeRADIUS is an open source RADIUS authentication server. Description It was discovered that the implementation of TTLS and PEAP in FreeRADIUS skips inner authentication when it handles a resumed TLS connection. The affected versions of FreeRADIUS fails to reliably prevent the...

KAuth and KDELibs: Privilege escalation

Background KAuth provides a convenient, system-integrated way to offload actions that need to be performed as a privileged user root, for example to small hopefully secure helper utilities. The KDE libraries, basis of KDE and used by many open source projects. Description KAuth and KDELibs contai...

LibreOffice: Multiple vulnerabilities

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Description Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact A...

Graphite: User-assisted execution of arbitrary code

Background Graphite is a “smart font” system developed specifically to handle the complexities of lesser-known languages of the world. Description An out-of-bounds write has been found in the Graphite 2 library. Impact A remote attacker could entice a user to open a specially crafted document usi...

jbig2dec: Multiple vulnerabilities

Background jbig2dec is a decoder implementation of the JBIG2 image compression format. Description Multiple vulnerabilities have been discovered in jbig2dec. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user or automated system to process...

nettle: Information disclosure

Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description It was found that nettle’s RSA and DSA...

Vim, gVim: Remote execution of arbitrary code

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact A remote attacker...

libksba: Denial of Service and information disclosure

Background Libksba is a X.509 and CMS PKCS7 library. Description It was found that an unproportionate amount of memory is allocated when parsing crafted certificates in libskba, which may lead to Denial of Service condition. Moreover in libksba 1.3.4, allocated memory is uninitialized and could...

Urban Terror: Multiple vulnerabilities

Background Urban Terror is a free multiplayer first person shooter developed by FrozenSand, that will run on any Quake III Arena compatible engine. Description Multiple vulnerabilities have been discovered in Urban Terror. Please review the CVE identifiers referenced below for details. Impact A...

Kodi: Multiple vulnerabilities

Background Kodi formerly XBMC is a free and open-source media player software application. Description Multiple vulnerabilities have been discovered in Kodi. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted...

GNU Wget: Header injection

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description It was discovered that there was a header injection vulnerability in GNU Wget which allowed remote attackers to inject arbitrary HTTP headers via CRL...

GNU C Library: Multiple vulnerabilities

Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers and Qualys’ security advisory referenced below for details. Impact An attacker could possibly...

Chromium: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details...

mbed TLS: Multiple vulnerabilities

Background mbed TLS previously PolarSSL is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Description Multiple vulnerabilities have been discovered in mbed TLS. Please review the...

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact A remote attack can use multiple vectors to execute arbitrary code or cause...

MuPDF: Multiple vulnerabilities

Background A lightweight PDF, XPS, and E-book viewer. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted PDF document or image using MuPDF,...

MUNGE: Privilege escalation

Background An authentication service for creating and validating credentials. Description It was discovered that Gentoo’s default MUNGE installation suffered from a privilege escalation vulnerability munge user to root due to improper permissions and a runscript which called chown on a user...

Git: Security bypass

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. Impact A remote attacker...

D-Bus: Multiple vulnerabilities

Background D-Bus is a message bus system which processes can use to talk to each other. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the original report referenced below for details. Impact An attacker could possibly overwrite arbitrary files named “once” with...

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted netwo...

minicom: Remote execution of arbitrary code

Background Minicom is a text-based serial port communications program. Description In minicom before version 2.7.1, the escparms buffer in vt100.c is vulnerable to an overflow. Impact A remote attacker, able to connect to a minicom port, could possibly execute arbitrary code with the privileges o...

ImageWorsener: Multiple vulnerabilities

Background ImageWorsener is a cross-platform command-line utility and library for image scaling and other image processing. Description Multiple vulnerabilities have been discovered in ImageWorsener. Please review the CVE identifiers referenced below for details. Impact A remote attacker could...

FileZilla: Buffer overflow

Background FileZilla is an open source FTP client. Description FileZilla is affected by the same vulnerability as reported in “GLSA 201703-03” because the package included a vulnerable copy of PuTTY. Please read the GLSA for PuTTY referenced below for details. Impact A remote attacker, utilizing...

Libtirpc and RPCBind: Denial of Service

Background The RPCBind utility is a server that converts RPC program numbers into universal addresses. Libtirpc is a port of Suns Transport-Independent RPC library to Linux. Description It was found that due to the way RPCBind uses libtirpc libntirpc, a memory leak can occur when parsing speciall...

PCRE library: Denial of service

Background PCRE library is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5. Description It was found that the compilebracketmatchingpath function in pcrejitcompile.c in PCRE library is vulnerable to an out-of-bounds read. Impact ...