Debian Linux Security Advisory 4141-1 - Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.
5a57ecf5eec97959eed766a4814a5629Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.
c1009e26e8fe5261ade18b3611632454Debian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.
aa54004a5bc8a82e1f64044c06bdd517Debian Linux Security Advisory 2528-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.
31a3e0efb329cec09b717d8863928340Debian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
a80818cca6a2d9c6f86f619a3eebb81eDebian Linux Security Advisory 2526-1 - Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code.
44b562511685ea6c899304c4ec4d04f2Debian Linux Security Advisory 2525-1 - It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.
bee79272ea2be6e83d58703f36c60b28Debian Linux Security Advisory 2524-1 - Two denial of service vulnerabilities have been discovered in the server component of OpenTTD, a free reimplementation of Transport Tycoon Deluxe.
423f3664cc2747b3279e2236615bbbc1Debian Linux Security Advisory 2523-1 - It was discovered that the GridFTP component from the Globus Toolkit, a toolkit used for building Grid systems and applications performed insufficient validation of a name lookup, which could lead to privilege escalation.
25b65d162abb514141c1ba7195d4d1f5Debian Linux Security Advisory 2522-1 - Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web.
100eefb85fdd8d16cdec885637c78dbaDebian Linux Security Advisory 2521-1 - Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service.
f926e7a35665469d8f26ca467346dd40Debian Linux Security Advisory 2519-2 - It was discovered that the recent update for isc-dhcp, did not contain the patched code included in the source package. Due to quirk in the build system those patches were deapplied during the build process.
c5916597a21533fdfb1e3245d73547d0Debian Linux Security Advisory 2520-1 - Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution.
38da5b2350a1a010763130819f9e66fdDebian Linux Security Advisory 2519-1 - Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered. Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additional update.
9809d9fb5ab7de7ca4c84c1abd546a24Debian Linux Security Advisory 2518-1 - Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol.
f397bbb4b71f029257a2c149b36d7d69Debian Linux Security Advisory 2517-1 - Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation.
db2dc5ecc716dc162af2354786fe1bf0Debian Linux Security Advisory 2516-1 - Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered.
b5069f4092d4a796bec29a2f0d40d4cbDebian Linux Security Advisory 2508-1 - Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users.
8a6f7c22e18fe0913aca5494b2f79a20Debian Linux Security Advisory 2515-1 - Marek Varusa and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. his can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of service attacks.
106a2fef6ee434499ab04147fdf698a4Debian Linux Security Advisory 2513-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
f45efe0e557249aa444e41fed1beef03Debian Linux Security Advisory 2514-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
aa18e62756e300c3b2ad38b09f44d16fDebian Linux Security Advisory 2510-1 - John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks.
170f3e2629d8a7bbe5fd46d836c8c535Debian Linux Security Advisory 2512-1 - Marcus Meissner discovered that the web server included in Mono performed insufficient sanitizing of requests, resulting in cross-site scripting.
d2d9a7ba8f6475b0194c747ce416958fDebian Linux Security Advisory 2511-1 - Several security vulnerabilities have been found in Puppet, a centralized configuration management.
fcdba1fd04ebb02566f9813a18b2fc84Debian Linux Security Advisory 2509-1 - Ulf Harnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution.
115936ee5b8ee3811dfb2899a15d662bDebian Linux Security Advisory 2507-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.
d9b6b83dad3872b001ed1a6d15d5405a
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed