Advisory: Debian LTS Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".
Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
It was discovered that there was a local denial of service vulnerability in lxterminal, the terminal emulator for the LXDE desktop environment. This was caused by an insecure use of temporary files for a socket file.
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
Roundcube Webmail allows arbitrary password resets by authenticated users. The issue is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed.
It was found that a malformed font could result in denial of service or the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version
It was discovered that there was a remote application crash vulnerability in libxstream-java, a Java library to serialize objects to XML and back again. This was due to mishandled attempts to create an instance of the primitive type 'void' during unmarshalling.
Several heap-based buffer overflows, integer overflows and NULL pointer dereferences have been discovered in libpodofo, a library for manipulating PDF files, that allow remote attackers to cause a denial of service (application crash) or other unspecified impact via a
Multiple vulnerabilities were found in libsndfile, a popular library for reading/writing audio files. CVE-2017-7585
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is
An information disclosure vulnerability was found in kedpm, a password manager compatible with the figaro password manager file format. The history file can reveal the master password if it is provided on the commandline. The name of entries created or read in the password
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is
Two security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2017-5647
It was discovered that partclone, an utility to backup partitions, was prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. This could allow remote attackers to cause a 'Denial of Service attack' in the context
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.
With this vulnerability arbitrary files can be overwritten on nodes running jobs provided that the user can run a job that is able to trigger a failure of a Prolog script.
CVE-2016-9591 Use-after-free on heap in jas_matrix_destroy The vulnerability exists in code responsible for re-encoding the
WeeChat before allows a remote crash by sending a filename via DCC to the IRC plugin. For Debian 7 "Wheezy", these problems have been fixed in version