Debian Linux Security Advisory 4174-1 - The Citrix Security Response Team discovered that corosync, a cluster engine implementation, allowed an unauthenticated user to cause a denial-of-service by application crash.
5f23ac7a5ba39628411e6ab62fdeb422Debian Linux Security Advisory 4173-1 - Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files (via the integrated libxls library), which could result in the execution of arbitrary code if a malformed spreadsheet is processed.
8c5188ff11b94b3d16cadc20ec52e684Debian Linux Security Advisory 4079-2 - It was discovered that the poppler upload for the oldstable distribution (jessie), released as DSA-4079-1, did not correctly address CVE-2017-9776 and additionally caused regressions when rendering PDFs embedding JBIG2 streams. Updated packages are now available to correct this issue.
1cf02964f52e8fda0936f7708f41fea5Debian Linux Security Advisory 4169-1 - Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn't allow passing --debug parameter to prevent information leak, but the check wasn't sufficient.
51bfa5aecaaa4de3522694251000932dDebian Linux Security Advisory 4170-1 - Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys.
0c5990f900863cdc156172cf2fcd7b91Debian Linux Security Advisory 4168-1 - Florian Grunow und Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment.
d000cb85a6de6f1ddf529a8977b9d853Debian Linux Security Advisory 4167-1 - A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.
f45edf0e1ca9bff52faa495942d41a56Debian Linux Security Advisory 4166-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.
cd38ffe0e62498ca5f96a055f1652b09Debian Linux Security Advisory 4165-1 - Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories.
a66e7ec3056ac8043de009300dea5eecDebian Linux Security Advisory 4164-1 - Several vulnerabilities have been found in the Apache HTTPD server.
fb946d3e3116932e603a89dd798a5449Debian Linux Security Advisory 4163-1 - It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.
5c516dc597f2f23c07f27afaa1ff77d1Debian Linux Security Advisory 4160-1 - It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.
56083155a69e5261367f558feae2ff21Debian Linux Security Advisory 4162-1 - Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service.
fc1da0680dcfee8f43466552ff2db13eDebian Linux Security Advisory 4159-1 - Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code.
7d46391018b49422e0fef964bb7462d1Debian Linux Security Advisory 4161-1 - James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator's chars() and words() methods could craft a string that might stuck the execution of the application.
baa4d30e80f46f295485a3b682c445a0Debian Linux Security Advisory 4158-1 - It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.
e87b4f5609a3e61a6f9556d1dfb3d503Debian Linux Security Advisory 4157-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.
5983e5ea100d06ba1385d6480f4e7b75Debian Linux Security Advisory 4156-1 - A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework.
5c7eb9e82a3ad090341dc8f2e2914e62Debian Linux Security Advisory 4155-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.
600c18f716e0f7776e3c103447191184Debian Linux Security Advisory 4154-1 - A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process (causing a denial of service) or, potentially, execute arbitrary code with the privileges of the user running snmpd.
da63ee7b3cb55c040eac4a016689e8e2Debian Linux Security Advisory 4153-1 - It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code.
be410d856ff58899e89127536e8efaf2Debian Linux Security Advisory 4152-1 - Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute code in the context in which the application is running.
612aecfb7e7d14f07f6a2298f6f1fc5bDebian Linux Security Advisory 4151-1 - Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for remote code execution by sending a specially crafted x509 certificate.
52a24650c3f259d56ee6b6f2a99a993fDebian Linux Security Advisory 4150-1 - It was discovered that an integer overflow in the International Components for Unicode (ICU) library could result in denial of service and potentially the execution of arbitrary code.
69840597b5c92833dcbd67e232653903Debian Linux Security Advisory 4149-1 - Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.
a87c86c6e125862540db4cdd0f7ccf12
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed