Debian Linux Security Advisory 3978-1 - Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened.
92eb019192491487bee25ce39aeaf919Debian Linux Security Advisory 3975-1 - Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).
1c717296dc95acc705d595fd391da5b0Debian Linux Security Advisory 3976-1 - Marcin 'Icewall' Noga of Cisco Talos discovered two vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.
8b3157a35081512438053a2d850fe273Debian Linux Security Advisory 3970-1 - Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).
2a4790329f389c572f197b7d6fece70eDebian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.
6090bbf6fd99aeda841cc87bed7996d4Debian Linux Security Advisory 3965-1 - Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed.
c9633fd31116612969a16f1cfdeed9fbDebian Linux Security Advisory 3963-1 - Several issues were discovered in Mercurial, a distributed revision control system.
6aeb98348838421a94646e4643318c97Debian Linux Security Advisory 3962-1 - A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.
38887629192c594f9fc095a348cb6496Debian Linux Security Advisory 3961-1 - A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.
b24ba28981489977ea7ad995c8b838dcDebian Linux Security Advisory 3956-1 - Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in the host running the service.
8118b9dbba4beccdd09c311bdaace319Debian Linux Security Advisory 3957-1 - Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code.
e5f35727547fe9b23ecc37c88142fd54Debian Linux Security Advisory 3953-1 - Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated users without a Keystone token with knowledge of trust IDs to perform unspecified authenticated actions by adding alarm actions.
fcc554c09a1127cfb414195415e49304Debian Linux Security Advisory 3951-1 - Sebastian Krahmer discovered that a programming error in the mount helper binary of the Smb4k Samba network share browser may result in local privilege escalation.
cd62ea77e544e3c16423e462608118a7Debian Linux Security Advisory 3950-1 - Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS (Denial of Service) with craft KDC or TIFF file.
6b2dcf3f03044b5b372b42ba49189156Debian Linux Security Advisory 3948-1 - A read buffer overflow was discovered in the idtech3 (Quake III Arena) family of game engines. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.
a4caa5617ae8118e654214e10ca2ae48Debian Linux Security Advisory 3946-1 - It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code.
41203652aeeaba8153a6dec73c153cfaDebian Linux Security Advisory 3928-2 - The update shipped in DSA 3928-1 failed to build on the mips, mipsel and powerpc architectures for the oldstable distribution (jessie). This has been fixed in 52.3.0esr-1~deb8u2.
f8ffe2607beda5e41f6f8336af63750dDebian Linux Security Advisory 3943-1 - Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made opt-in via the 'remote_commands' option.
aeb716720eb86a45d8df119616aeac12Debian Linux Security Advisory 3940-1 - A read buffer overflow was discovered in the idtech3 (Quake III Arena) family of game engines. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.
d2bbba38f316625984d21d51d5e72be5Debian Linux Security Advisory 3937-1 - Lilith Wyatt discovered two vulnerabilities in the Zabbix network monitoring system which may result in execution of arbitrary code or database writes by malicious proxies.
4e39e1a2b21cd15359b992ab8129dbb9Debian Linux Security Advisory 3932-1 - Several problems were discovered in Subversion, a centralized version control system.
e6e2004bd7b5ebc1f82e6e9a4aefb940Debian Linux Security Advisory 3933-1 - Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service.
20454fb03ef957efa6356d28b2bfb7caDebian Linux Security Advisory 3929-1 - Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash (denial of service), or potentially execute arbitrary code.
bf9f0e7122198d80786be78570d59aeeDebian Linux Security Advisory 3936-1 - Several vulnerabilities have been found in the PostgreSQL database system.
e5d7f36a6d99bd92c60054bb8484e26aDebian Linux Security Advisory 3935-1 - Several vulnerabilities have been found in the PostgreSQL database system.
f2f637b15a495bfb5d3e55c922c9bc91
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed