Debian LTS Linux Distribution - Page 130
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that there was an arbitrary code execution vulnerability in libcamunrar, a library to add unrar support to the Clam anti-virus software. This was caused by an integer overflow resulting in a negative value of the
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution.
vorbis-tools is vulnerable to multiple issues that can result in denial of service. CVE-2014-9638
Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing.
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167
CVE-2017-7375 Missing validation for external entities in xmlParsePEReference CVE-2017-9047
Multiple denial of services vulnerabilities have been identified in libarchive when manipulating specially crafted archives. CVE-2016-10209
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to
The security update announced as DLA-993-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue. For reference, the relevant part of the original
It was reported that unrar fixed a VMSF_DELTA memory corruption issue in their latest version unrarsrc-5.5.5.tar.gz. This problem was reported to Sophos AV in 2012 but never reach upstream rar.
Sebastian Krahmer from SUSE discovered that smb4k, a Samba (SMB) share advanced browser, contains a logic flaw in which the mount helper binary does not properly verify the mount command it is being asked to run.
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution.
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service if malformed MNG, JNG, ICON, PALM, MPC,
CVE-2017-1000381 The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response
It was discovered that there were multiple out-of-bounds memory read vulnerabilities in openvpn, a popular virtual private network (VPN) daemon. If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries.
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the