Debian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
19d56ac85b34319b9d93e656f85139e1d5a6ad3686507f40c07541d97d990968Debian Linux Security Advisory 2483-1 - An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder.
7609f91a664792688a1457f9e5c23da2922dfbaaf34996f4ab7c713b94406d26Debian Linux Security Advisory 2480-2 - It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl.
e07b2f00d518d311c1eeb0eea530260835e3164ea995c4f29764a08ebe15c712Debian Linux Security Advisory 2480-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
4d0921714e92a3caf9ffbb786ca18511edabedc064e7f7072f96aa34077367e0Debian Linux Security Advisory 2479-1 - Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code.
5e62d60e907638254c3219bad9aae0a157a50cc91b3cbaa54606ea417f886ce3Debian Linux Security Advisory 2478-1 - It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command.
fa49469a07a4c2e333f036a694c17b0a83d1f089b43d38e1c25cb2dfb19e3c66Debian Linux Security Advisory 2476-1 - intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin.
e57ae6aa0760a5f43cc903ff3100cee9013a4fa2821d2834ae9efeb3bd7cf380Debian Linux Security Advisory 2477-1 - Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users.
37cb6256cfe6274a5cb1a1b9b1e0069e644afac7767a82dbb30bc47bf7edababDebian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
66c8c21a9d5a67bd12535ff58d7285885abd5e746fc2188a45920751e9870d71Debian Linux Security Advisory 2474-1 - Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks.
a77c6364ff42f6e4ec36b1b89e3dd029f590700100d32902704980fbb69b522dDebian Linux Security Advisory 2473-1 - Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.
68e370faf2beb6cdbf84c61722cf35114006eff0082075706e518107a0b26ec1Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.
fb5e1c809897c9f19723eac2b149d18e7bbd0d84cf8545cb5f93e9b78c5c44fbDebian Linux Security Advisory 2457-2 - The updates DSA-2457 and DSA-2458 for Iceweasel and Icedove introduced a regression, which could lead to crashes when interpreting some Javascript statements.
28db1b69a2c5d62243306c2364dcc29f83636de6719b9ff7c57c5aa770957268Debian Linux Security Advisory 2471-1 - Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code.
a752e73c0cc9d4582a8cb0c918c857c8195a4a7f08461bb000946a973352da1fDebian Linux Security Advisory 2670-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from release announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.
0653a473faa390234b73508340d08c8214f4c4547676ce3bc7b489056f6b8a4dDebian Linux Security Advisory 2469-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
a3855fca7a7b37d79b7f6bcc79e55a1eb3f3c10c58793ebd4569091d400c8937Debian Linux Security Advisory 2468-1 - It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine.
920a70bfc04b0acc0425ec067ac9afcca3536a5264b0f2d72e8aaeffc68e9fdeDebian Linux Security Advisory 2422-2 - A regression was discovered in the security update for file, which lead to false positives on the CDF format. This update fixes that regression.
da5587655e5758f4b0e013bb717efdacb652bee005900188f3319cb5f1be004bDebian Linux Security Advisory 2467-1 - It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's.
5dee642e0bd8295239c7653b2351ced32900bd0db2c2ba222a7b00678aca31fdDebian Linux Security Advisory 2466-1 - Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document.
45fc779659d12b3f4006e50d93f3790391de6edf2d1948ba64eb85d6500c30e4Debian Linux Security Advisory 2465-1 - De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code.
132dc392faa1d0ed24275c516bc3f43d8f2d89f20f9fd699ba65d12b22ac8eddDebian Linux Security Advisory 2464-2 - The latest security update, DSA-2464-1, for Icedove, Debian's version removal of UTF-7 support resulted in incorrect display of IMAP folder names.
6428e14a34c1a90ad19d320cf656e9c43d169f7e94cff32e164d6036e9c100b4Debian Linux Security Advisory 2459-2 - The recent quagga update, DSA-2459-1, introduced a memory leak in the bgpd process in some configurations.
b954ad008ccfa5e3a0dbee09eaa7d47d98f98c3c657670892ac259c2d0552c0dDebian Linux Security Advisory 2464-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
de1b1c55cd9c3d5c90de543ad9cd2940ad37ba970418465acaa631fec87fd43aDebian Linux Security Advisory 2462-2 - Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. The initial update introduced a regression, which could lead to errors when processing some JPEG files.
28fcbb1e90ae72c09e69a3ee5e5b21c7f4e25a9ac41f8c2362ab810ece6c687cDebian Linux Security Advisory 2463-1 - Ivano Cristofolini discovered that insufficient security checks in Samba's handling of LSA RPC calls could lead to privilege escalation by gaining the "take ownership" privilege.
65c8de9a46a2e00007a474ced85b5cba1598c033fe88ece3b0f770eacd08ccf7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed