Debian Linux Security Advisory 3917-1 - A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service (application crash) or have unspecified other impact, if a specially crafted file is processed.
f6daccf3faca48cbfae94615ba30b127Debian Linux Security Advisory 3914-1 - memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are processed.
c11221e064c251a1dfebe04b67b54f44Debian Linux Security Advisory 3908-1 - An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.
2d367b8f14fc73b9768c34d3df9ea843Debian Linux Security Advisory 3905-1 - Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak.
eec15ef958b064e5d22c3fbaa8454462Debian Linux Security Advisory 3904-1 - ClA(c)ment Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server.
614af9c12cc1f45c436a7ec95a3703dbDebian Linux Security Advisory 3903-1 - Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.
f22eb4c31adb069462aeb0325c0caef3Debian Linux Security Advisory 3902-1 - It was discovered that jabberd2, a Jabber instant messenger server, allowed anonymous SASL connections, even if disabled in the configuration.
cfd5ac1f570771e667c6d763bf8e068eDebian Linux Security Advisory 3901-1 - Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024.
d658be9eea9c2e1ac845a6372d57d1d4Debian Linux Security Advisory 3900-1 - Several issues were discovered in openvpn, a virtual private network application.
861615706841885d4df680f3df668402Debian Linux Security Advisory 3886-2 - The security update announced as DSA-3886-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue.
3255a76fe0614a8ebe91cede0fc3a48fDebian Linux Security Advisory 3899-1 - Several vulnerabilities have been found in VLC, the VideoLAN project's media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code.
a1d34c086e8bc1a03303567e05276337Debian Linux Security Advisory 3893-1 - Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.
b8ba5a4ab403058f5b4a58ef979ff381Debian Linux Security Advisory 3890-1 - Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.
82f7dc777ed288bd4614a107d13dbf01Debian Linux Security Advisory 3886-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
7ba642cce9cb63e641f1c54ff2f0b5a2Debian Linux Security Advisory 3887-1 - The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack.
0e67c7586caaf0743100d67a304537cbDebian Linux Security Advisory 3882-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
80b18128a471826de3f12427b008b450Debian Linux Security Advisory 3881-1 - Several security issues have been found in the Mozilla Firefox web and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing.
66a9fa3e07bdc4c6bfc06da38753d483Debian Linux Security Advisory 3880-1 - It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure.
8171c625f6e81ca504335f56b54b7a5bDebian Linux Security Advisory 3877-1 - It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. A remote attacker can take advantage of this flaw to cause a hidden service to crash with an assertion failure (TROVE-2017-005).
1e476c829efc322f92c73aebf558c5d8Debian Linux Security Advisory 3876-1 - Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges.
1a3f9bd0439566fcdca096177a335993Debian Linux Security Advisory 3875-1 - It was discovered that a buffer overflow in libmwaw, a library to open old Mac text documents might result in the execution of arbitrary code if a malformed document is opened.
f854e3e767281285277d9734e10d3046Debian Linux Security Advisory 3873-1 - The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value.
599f343c6f8c0a3ef16c7eb1a857ccb8Debian Linux Security Advisory 3870-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.
34393add3f849a2fcd80e1d68c82c1e4Debian Linux Security Advisory 3869-1 - It was discovered that tnef, a tool used to unpack MIME attachments of type "application/ms-tnef", did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash.
848a841d92659d1280501049cf8e0e33Debian Linux Security Advisory 3867-1 - The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.
11c5b86698e660269acf2d0a6591dfa5
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed