Download
| Alert*
|
oval:org.secpod.oval:def:601803
Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process. oval:org.secpod.oval:def:600952 Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web browser. oval:org.secpod.oval:def:600833 It was discovered that ffmpeg, Debian"s version of the libav media codec suite, contains vulnerabilities in the DPCM codecs , H.264 , ADPCM , and the KMVC decoder . In addition, this update contains bug fixes from the libav 0.5.9 upstream release. oval:org.secpod.oval:def:600954 It was discovered that a bug in the server capability negotiation code of ircd-ratbox could result in denial of service. oval:org.secpod.oval:def:600832 A buffer overflow was discovered in OpenConnect, a client for the Cisco AnyConnect VPN, which could result in denial of service. oval:org.secpod.oval:def:600953 An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries. oval:org.secpod.oval:def:600950 An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges. oval:org.secpod.oval:def:600838 Several vulnerabilities were discovered in Xen, a hypervisor. CVE-2012-0217 Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges. AMD processors, HVM and i386 guests are not affected. CVE-2012-0218 Xen does not pr ... oval:org.secpod.oval:def:600959 Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name function. An attacker sending carefully crafted SSDP queries t ... oval:org.secpod.oval:def:600835 It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service. oval:org.secpod.oval:def:600956 A buffer overflow problem has been found in nagios3, a host/service/network monitoring and management system. A mailicious client could craft a request to history.cgi and cause application crashes. oval:org.secpod.oval:def:600713 Julien Tinnes reported a buffer overflow in the bip multiuser irc proxy which may allow arbitrary code execution by remote users. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:600837 It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute force attacks on such keys. oval:org.secpod.oval:def:600715 It was discovered that the last security update for Ruby on Rails, DSA-2301-1, introduced a regression in the libactionpack-ruby package. oval:org.secpod.oval:def:600836 Several vulnerabilities were discovered in Mantis, am issue tracking system. CVE-2012-1118 Mantis installation in which the private_bug_view_threshold configuration option has been set to an array value do not properly enforce bug viewing restrictions. CVE-2012-1119 Copy/clone bug report actions fai ... oval:org.secpod.oval:def:600820 Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn"t validating certificates against trusted system root CAs when using an https connection. oval:org.secpod.oval:def:600940 Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to "safe". oval:org.secpod.oval:def:600701 Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts. CVE-2010-2642 A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of ... oval:org.secpod.oval:def:600822 Steve Grubb from Red Hat discovered that a patch for arpwatch in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses. oval:org.secpod.oval:def:600700 Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it e ... oval:org.secpod.oval:def:600821 Sebastian Pohle discovered that upsd, the server of Network UPS Tools is vulnerable to a remote denial of service attack. oval:org.secpod.oval:def:600707 Robert Luberda discovered a buffer overflow in the syslog logging code of Super, a tool to execute scripts as if they were root. The default Debian configuration is not affected. oval:org.secpod.oval:def:600828 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-1937 Mozilla developers discovered several memory corruption bugs, which may lead to the e ... oval:org.secpod.oval:def:600706 Several problems have been discovered in ecryptfs-utils, a cryptographic filesystem for Linux. CVE-2011-1831 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrar ... oval:org.secpod.oval:def:600708 It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash. The squid package and the version of squid3 shipped in lenny lack IPv6 support and are not affected by this issue. oval:org.secpod.oval:def:600829 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. CVE-2012-1937 Mozilla developers discovered several memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-1940 Abhishek Arya discovered a use-after-free problem when ... oval:org.secpod.oval:def:600703 Several vulnerabilities have been discovered in openttd, a transport business simulation game. Multiple buffer overflows and off-by-one errors allow remote attackers to cause denial of service. oval:org.secpod.oval:def:600824 Kaspar Brand discovered that Mozilla"s Network Security Services library did insufficient length checking in the QuickDER decoder, allowing to crash a program using the library. oval:org.secpod.oval:def:600702 Ray Morris discovered that the PowerDNS authoritative sever responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service. oval:org.secpod.oval:def:600826 The recent security updates for request-tracker3.8, DSA-2480-1 and DSA-2480-2, contained another regression when running under mod_perl. Please note that if you run request-tracker3.8 under the Apache web server, you must stop and start Apache manually. The "restart" mechanism is not recom ... oval:org.secpod.oval:def:600947 It has been discovered that in ProFTPd, an FTP server, an attacker on the same physical host as the server may be able to perform a symlink attack allowing to elevate privileges in some configurations. oval:org.secpod.oval:def:600704 timtai1 discovered that simpleSAMLphp, an authentication and federation platform, is vulnerable to a cross site scripting attack, allowing a remote attacker to access sensitive client data. The oldstable distribution does not contain a simplesamlphp package. oval:org.secpod.oval:def:600611 Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS cry ... oval:org.secpod.oval:def:600732 Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. oval:org.secpod.oval:def:600853 Rafal Wojtczuk from Bromium discovered that FreeBSD wasn"t handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users. oval:org.secpod.oval:def:600852 Marek Vavruša and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. his can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of service attacks. oval:org.secpod.oval:def:600976 Several vulnerabilities have been discovered in python-django, a high-level python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4520 James Kettle discovered that django did not properly filter the HTTP Host header when proces ... oval:org.secpod.oval:def:600612 Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4214 A cross-site scripting vulnerability had been found in the strip_tags function. An attacker may inject non-pri ... oval:org.secpod.oval:def:600733 It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed. oval:org.secpod.oval:def:600854 Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered. CVE-2012-3571 Markus Hietava of the Codenomicon CROSS project discovered that it is possible to force the server to enter an infinite loop via messages with malformed clien ... oval:org.secpod.oval:def:600851 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-1948 Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several ... oval:org.secpod.oval:def:600850 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-1948 Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several memory safety problems that may lead to the execution of arbitrary code. CVE-2012-1954 Abhishek ... oval:org.secpod.oval:def:600618 Several vulnerabilities were found in Mantis, a web-based bug tracking system: Insufficient input validation could result in local file inclusion and cross-site scripting. oval:org.secpod.oval:def:600857 Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered. Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additio ... oval:org.secpod.oval:def:600614 Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS cry ... oval:org.secpod.oval:def:600735 It was discovered that mumble, a VoIP client, does not probably manage permission on its user-specific configuration files, allowing other local users on the system to access them. oval:org.secpod.oval:def:600856 Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol. CVE-2012-1014 By sending specially crafted AS-REQ to a KDC , an attacker could make it free an uninitialized pointer, corrupting the heap. This can lead ... oval:org.secpod.oval:def:600977 Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories. oval:org.secpod.oval:def:600737 Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that ... oval:org.secpod.oval:def:600858 It was discovered that the recent update for isc-dhcp, did not contain the patched code included in the source package. Due to quirk in the build system those patches were deapplied during the build process. oval:org.secpod.oval:def:600979 Malcolm Scott discovered a remote-exploitable buffer overflow in the rfc1413 client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. oval:org.secpod.oval:def:600600 Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks oval:org.secpod.oval:def:600842 It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language patterns, allowing attackers to access sensitive information using HTTP requests. NOTE: This update adds a springJspExpressionSupport context parameter which ... oval:org.secpod.oval:def:600963 This update to the previous ircd-ratbox DSA only raises the version number to ensure that a higher version is used than a previously binNMU on some architectures. oval:org.secpod.oval:def:600720 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in pot ... oval:org.secpod.oval:def:600962 Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. CVE-2013-0276 The blacklist provided by the attr_protected method could be bypassed with crafted requests, having an application-specific impact. CVE-2013-0277 In some applications, the +serialize ... oval:org.secpod.oval:def:600602 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-0084 "regenrecht" discovered that incorrect pointer handling in the SVG processi ... oval:org.secpod.oval:def:600601 David Zych discovered that the ISC DHCP crashes when processing certain packets, leading to a denial of service. oval:org.secpod.oval:def:600843 It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges. oval:org.secpod.oval:def:600840 Several vulnerabilities have been discovered in icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards and a use-after-free issues . oval:org.secpod.oval:def:600960 Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an Internet Relay Chat server. A remote attacker may use an error in the masks validation and crash the server. oval:org.secpod.oval:def:600608 Tomas Hoger found a buffer overflow in the X.Org libXfont library, which may allow for a local privilege escalation through crafted font files. oval:org.secpod.oval:def:600729 Several vulnerabilities have been discovered in Icedove, Debian"s variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a ... oval:org.secpod.oval:def:600607 Various vulnerabilities have been found in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2010-4554 SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote attac ... oval:org.secpod.oval:def:600849 Marcus Meissner discovered that the web server included in Mono performed insufficient sanitising of requests, resulting in cross-site scripting. oval:org.secpod.oval:def:600609 Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2011-0084 "regenrecht" discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. CVE-2011-2378 "regenrecht& ... oval:org.secpod.oval:def:600604 It was discovered that insufficient input saniting in Freetype"s code to parse Type1 could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600725 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corr ... oval:org.secpod.oval:def:600846 Ulf Härnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution. oval:org.secpod.oval:def:600603 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0084 "regenrecht" discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. CVE-2011-2378 "regenrecht" disc ... oval:org.secpod.oval:def:600966 Multiple vulnerabilities were discovered in the dissectors for the CLNP, DTLS, DCP-ETSI and NTLMSSP protocols, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:600848 John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability allows users to perform certain actions via HTTP requests without performing any validity ... oval:org.secpod.oval:def:600847 Several security vulnerabilities have been found in Puppet, a centralized configuration management: CVE-2012-3864 Authenticated clients could read arbitrary files on the puppet master. CVE-2012-3865 Authenticated clients could delete arbitrary files on the puppet master. CVE-2012-3866 The report of ... oval:org.secpod.oval:def:600968 Kevin Cernekee discovered that a malicious VPN gateway can send crafted responses which trigger stack-based buffer overflows. oval:org.secpod.oval:def:600754 Markus Vervier discovered a double free in the Python interface to the PAM library, which could lead to denial of service. oval:org.secpod.oval:def:600875 It was discovered that otrs2, a ticket request system, contains a cross-site scripting vulnerability when email messages are viewed using Internet Explorer. This update also improves the HTML security filter to detect tag nesting. oval:org.secpod.oval:def:600996 A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the "displaymode" parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user"s browser session in the cont ... oval:org.secpod.oval:def:600874 It was discovered that rtfm, the Request Tracker FAQ Manager, contains multiple cross-site scripting vulnerabilities in the topic administration page. oval:org.secpod.oval:def:600995 Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the P ... oval:org.secpod.oval:def:600635 Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning: * MSA-11-0020 Continue links in error messages can lead offsite * MSA-11-0024 Recaptcha images were being authenticated from an older server * MSA-11-0025 Group n ... oval:org.secpod.oval:def:600756 Dominic Hargreaves and Niko Tyni discovered two format string vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml library. oval:org.secpod.oval:def:600755 Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters. oval:org.secpod.oval:def:600750 Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images: CVE-2012-0247 When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid ... oval:org.secpod.oval:def:600871 Sébastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers. oval:org.secpod.oval:def:600870 Several denial-of-service vulnerabilities have been discovered in Xen, the popular virtualization software. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-3432 Guest mode unprivileged code, which has been granted the privilege to access MMIO regions, may l ... oval:org.secpod.oval:def:600991 Multiple vulnerabilities were discovered in zoneminder, a Linux video camera security and surveillance solution. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0232 Brendan Coles discovered that zoneminder is prone to an arbitrary command execution vulne ... oval:org.secpod.oval:def:600752 Niko Tyni discovered two format string vulnerabilities in DBD::Pg, a Perl DBI driver for the PostgreSQL database server, which can be exploited by a rogue database server. oval:org.secpod.oval:def:600994 The recent security update for libvirt was found to cause a regression. The kvm/qemu processes weren"t run as the `kvm` user anymore in order to fix the file/device ownership changes, but the processes where not correctly configured to use the `kvm` group either. When the user would try to run a vir ... oval:org.secpod.oval:def:600630 It was discovered that the encryption support for BSD telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet port to execute arbitrary code with root privileges. oval:org.secpod.oval:def:600751 Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects oval:org.secpod.oval:def:600872 It was discovered that Performance Co-Pilot , a framework for performance monitoring, contains several vulnerabilites. CVE-2012-3418 Multiple buffer overflows in the PCP protocol decoders can cause PCP clients and servers to crash or, potentially, execute arbitrary code while processing crafted PDUs ... oval:org.secpod.oval:def:600637 It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is con ... oval:org.secpod.oval:def:600879 It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. Systems that have the python-pycryptopp package should not be vulnera ... oval:org.secpod.oval:def:600757 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javas ... oval:org.secpod.oval:def:600878 It was discovered that Moin, a Python clone of WikiWiki, incorrectly evaluates ACLs when virtual groups are involved. This may allow certain users to have additional permissions or lack expected permissions. oval:org.secpod.oval:def:600999 It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program. oval:org.secpod.oval:def:600639 Leo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:600759 Matthew Daley discovered a memory disclosure vulnerability in nginx. In previous versions of this web server, an attacker can receive the content of previously freed memory if an upstream server returned a specially crafted HTTP response, potentially exposing sensitive information. oval:org.secpod.oval:def:600990 A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:600864 Two denial of service vulnerabilities have been discovered in the server component of OpenTTD, a free reimplementation of Transport Tycoon Deluxe. oval:org.secpod.oval:def:600621 Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar"s signing certificates can no longer be trusted. ... oval:org.secpod.oval:def:600742 Two vulnerabilities were discovered in Puppet, a centralized configuration management tool. CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. CVE-2012-1054 The k5login type writes to untrusted locations, enabling local users to escalate ... oval:org.secpod.oval:def:600863 It was discovered that the GridFTP component from the Globus Toolkit, a toolkit used for building Grid systems and applications performed insufficient validation of a name lookup, which could lead to privilege escalation. oval:org.secpod.oval:def:600624 It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack. oval:org.secpod.oval:def:600987 A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager. oval:org.secpod.oval:def:600986 Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. CVE-2013-1640 An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the `temp ... oval:org.secpod.oval:def:600860 Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:600980 Multiple buffer overflows were discovered in OpenAFS, the implementation of the distributed filesystem AFS, which might result in denial of service or the execution of arbitrary code oval:org.secpod.oval:def:600620 It has been discovered that the bcfg2 server, a configuration management server for bcfg2 clients, is not properly sanitizing input from bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a bcfg2 client to execute arbitrary commands on the server with r ... oval:org.secpod.oval:def:600740 It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem. oval:org.secpod.oval:def:600629 It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. In Tor"s default configuration this issue can ... oval:org.secpod.oval:def:600747 It was discovered that the XML::Atom Perl module did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. oval:org.secpod.oval:def:600868 Several vulnerabilities were discovered in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. CVE-2012-1948 Multiple unspecified vulnerabilities in the browser engine were fixed. CVE-2012-1950 The underlying browser engine allows address bar spoofing through drag-and-drop. CV ... oval:org.secpod.oval:def:600989 Multiple vulnerabilities were discovered in the dissectors for the MS-MMS, RTPS, RTPS2, Mount, ACN, CIMD and DTLS protocols, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:600746 Several vulnerabilities were discovered in Movable Type, a blogging system: Under certain circumstances, a user who has "Create Entries" or "Manage Blog" permissions may be able to read known files on the local file system. The file management system contains shell command inject ... oval:org.secpod.oval:def:600867 Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework. The Common Vulnerabilities and Exposures project defines the following issues: CVE-2012-3442 Two functions do not validate the scheme of a redirect target, which might allow remote attackers to conduct cros ... oval:org.secpod.oval:def:600988 Bastian Blank discovered that libvirtd, a daemon for management of virtual machines, network and storage, would change ownership of devices files so they would be owned by user `libvirt-qemu` and group `kvm`, which is a general purpose group not specific to libvirt, allowing unintended write access ... oval:org.secpod.oval:def:600627 It was discovered that Mojarra, an implementation of JavaServer Faces, evaluates untrusted values as EL expressions if includeViewParameters is set to true. oval:org.secpod.oval:def:600748 It was discovered that PLIB, a library used by TORCS, contains a buffer overflow in error message processing, which could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:600869 Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access. oval:org.secpod.oval:def:600655 Tim Starling discovered that the Debian-native CGI wrapper for man2html, a program to convert UNIX man pages to HTML, is not properly escaping user-supplied input when displaying various error messages. A remote attacker can exploit this flaw to conduct cross-site scripting attacks. oval:org.secpod.oval:def:600776 It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select as well as the value passed to select.limit/offset. This allows an attacker to perform SQL injection attacks against applications using sql ... oval:org.secpod.oval:def:600775 It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query. oval:org.secpod.oval:def:600896 Several vulnerabilities were discovered in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. This includes several instances of use-after-free and buffer overflow issues. The reported vulnerabilities could lead to the execution of arbitrary code, and additionally to the bypa ... oval:org.secpod.oval:def:600536 Wouter Coekaerts discovered that the jabber server component of citadel, a complete and feature-rich groupware server, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service ... oval:org.secpod.oval:def:600778 Niels Heinen noticed a security issue with the default Apache configuration on Debian if certain scripting modules like mod_php or mod_rivet are installed. The problem arises because the directory /usr/share/doc, which is mapped to the URL /doc, may contain example scripts that can be executed by re ... oval:org.secpod.oval:def:600899 It was discovered that bacula, a network backup service, does not properly enforce console ACLs. This could allow information about resources to be dumped by an otherwise-restricted client. oval:org.secpod.oval:def:600535 Wouter Coekaerts discovered that jabberd14, an instant messaging server using the Jabber/XMPP protocol, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against ... oval:org.secpod.oval:def:600656 It was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges. oval:org.secpod.oval:def:600898 Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed. oval:org.secpod.oval:def:600892 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. The reported vulnerabilities could lead to the execution of arbitrary code or the bypass of content ... oval:org.secpod.oval:def:600532 It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place. oval:org.secpod.oval:def:600653 It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service. CVE-2011-4528 Unbound attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone. ... oval:org.secpod.oval:def:600774 It was discovered that incorrect memory handling in the png_set_text2 function of the PNG library could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600895 Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey. The reported vulnerabilities could lead to the execution of arbitrary code or the bypass of content-loading restrictions via the location object. oval:org.secpod.oval:def:600531 Several vulnerabilities have been discovered Mojolicious, a Perl Web Application Framework. The link_to helper was affected by cross-site scripting and implementation errors in the MD5 HMAC and CGI environment handling have been corrected. The oldstable distribution doesn"t include libmojolicious-p ... oval:org.secpod.oval:def:600652 It was discovered that ChaSen, a Japanese morphological analysis system, contains a buffer overflow, potentially leading to arbitrary code execution in programs using the library. oval:org.secpod.oval:def:600538 Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0446 Multiple cross-site scripting vulnerabilities when JavaScript encoding is used, allow remote attackers to inje ... oval:org.secpod.oval:def:600537 Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the serv ... oval:org.secpod.oval:def:600539 Several vulnerabilities were discovered in Subversion, the version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1752 The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. CVE- ... oval:org.secpod.oval:def:600770 The openarena update DSA-2442-1 introduced a regression in which servers would cease to respond to status requests after an uptime of several weeks. oval:org.secpod.oval:def:600891 Glen Eustace discovered that the ISC DHCP server, a server for automatic IP address assignment, is not properly handling changes in the expiration times of a lease. An attacker may use this flaw to crash the service and cause denial of service conditions, by reducing the expiration time of an active ... oval:org.secpod.oval:def:600523 Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, ... oval:org.secpod.oval:def:600644 It was discovered that the Kerberos support for telnetd contains a pre-authentication buffer overflow, which may enable remote attackers who can connect to the Telnet to execute arbitrary code with root privileges. oval:org.secpod.oval:def:600522 It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code. The oldstable distribution is not affected by this problem because it does not contain DKIM su ... oval:org.secpod.oval:def:600643 Two vulnerabilities have been found in SPIP, a website engine for publishing, which allow privilege escalation to site administrator privileges and cross-site scripting. The oldstable distribution doesn"t include spip. oval:org.secpod.oval:def:600646 Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec. The oldstable distribution does not contain the policykit-1 package. oval:org.secpod.oval:def:600888 Severel vulnerabilities have been discovered in Tor, an online privacy tool. CVE-2012-3518 Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote, resulting in denial of service. CVE-2012-3519 Try to leak less i ... oval:org.secpod.oval:def:600645 Several vulnerabilities were discovered in the Xen virtual machine hypervisor. CVE-2011-1166 A 64-bit guest can get one of its vCPU"ss into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. CVE-2011-1583, CVE-2011-3262 Local users can cause a d ... oval:org.secpod.oval:def:600766 It has been discovered that spoofed "getstatus" UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine . These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of service. oval:org.secpod.oval:def:600761 Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library. oval:org.secpod.oval:def:600521 Multiple cross-site scripting vulnerabilities were discovered in Open Ticket Request System , a trouble-ticket system. In addition, this security update a failure when upgrading the package from lenny to squeeze. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:600642 Issues were found in the handling of XML encryption in simpleSAMLphp, an application for federated authentication. The following two issues have been addressed: It may be possible to use an SP as an oracle to decrypt encrypted messages sent to that SP. It may be possible to use the SP as a key oracl ... oval:org.secpod.oval:def:600763 Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds ... oval:org.secpod.oval:def:600884 Multiple denial of service vulnerabilities have been discovered in xen, an hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-3494: It was discovered that set_debugreg allows writes to reserved bits of the DR7 debug control register on amd64 par ... oval:org.secpod.oval:def:600641 The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto oval:org.secpod.oval:def:600762 Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue. oval:org.secpod.oval:def:600526 It was discovered that Exim, Debian"s default mail transfer agent, is vulnerable to command injection attacks in its DKIM processing code, leading to arbitrary code execution. The default configuration supplied by Debian does not expose this vulnerability. The oldstable distribution is not affecte ... oval:org.secpod.oval:def:600768 It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field. oval:org.secpod.oval:def:600889 The security updates for request-tracker3.8, DSA-2480-1, DSA-2480-2, and DSA-2480-3, contained minor regressions. Namely: * The calendar popup page in Internet Explorer would be blocked by the CSRF protection mechanism. * Search results pages could not be shared without saving, sharing, and then loa ... oval:org.secpod.oval:def:600528 Kevin Chen discovered that incorrect processing of framebuffer requests in the Vino VNC server could lead to denial of service. oval:org.secpod.oval:def:600880 Emanuel Bronshtein discovered that Mahara, an electronic portfolio, weblog, and resume builder, contains multiple cross-site scripting vulnerabilities due to missing sanitization and insufficient encoding of user-supplied data. oval:org.secpod.oval:def:600555 Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0777 Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have uns ... oval:org.secpod.oval:def:600797 It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP"s. oval:org.secpod.oval:def:600558 Two security vulnerabilities have been discovered in Mahara, a fully featured electronic portfolio, weblog, resume builder and social networking system: CVE-2011-0439 A security review commissioned by a Mahara user discovered that Mahara processes unsanitized input which can lead to cross-site scrip ... oval:org.secpod.oval:def:600679 Multiple security issues have been discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid ... oval:org.secpod.oval:def:600678 Advisory DSA 2363-1 did not include a package for the Debian 5.0 "Lenny" suite at that time. This update adds that package. The original advisory text follows. It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities: A remote attacker could execute ... oval:org.secpod.oval:def:600552 It has been discovered that the Quagga routing daemon contains two denial-of-service vulnerabilities in its BGP implementation: CVE-2010-1674 A crafted Extended Communities attribute triggers a null pointer dereference which causes the BGP daemon to crash. The crafted attributes are not propagated b ... oval:org.secpod.oval:def:600673 Joernchen of Phenoelit discovered several vulnerabilities in Redmine, a project management web application: Logged in users may be able to access private data. The Textile formatter allowed for cross site scripting, exposing sensitive data to an attacker. The Bazaar repository adapter could be used ... oval:org.secpod.oval:def:600794 Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory corruptio ... oval:org.secpod.oval:def:600551 Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1108 Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of servi ... oval:org.secpod.oval:def:600675 Buffer overflow in the "linux emulation" support in FreeBSD kernel allows local users to cause a denial of service and possibly execute arbitrary code by calling the bind system call with a long path for a UNIX-domain socket, which is not properly handled when the address is used by other ... oval:org.secpod.oval:def:600796 Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document. oval:org.secpod.oval:def:600553 Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2011-1402 It was discovered that previous versions of Mahara did not check user credentials before adding a secret ... oval:org.secpod.oval:def:600674 A cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki. oval:org.secpod.oval:def:600795 The recent quagga update, DSA-2459-1, introduced a memory leak in the bgpd process in some configurations. oval:org.secpod.oval:def:600790 Several vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site scripting, script code injection and bypass of restrictions. oval:org.secpod.oval:def:600671 David Wheeler discovered a buffer overflow in ldns"s code to parse RR records, which could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600792 Ivano Cristofolini discovered that insufficient security checks in Samba"s handling of LSA RPC calls could lead to privilege escalation by gaining the "take ownership" privilege. oval:org.secpod.oval:def:600670 Multiple security issues have been discovered in cyrus-imapd, a highly scalable mail system designed for use in enterprise environments. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3208 Coverity discovered a stack-based buffer overflow in the NNTP ser ... oval:org.secpod.oval:def:600787 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Ho ... oval:org.secpod.oval:def:600547 Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0779 Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial o ... oval:org.secpod.oval:def:600668 It was discovered that missing input sanitising in Freetype"s processing of CID-keyed fonts could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600788 Several vulnerabilities have been discovered in Quagga, a routing daemon. CVE-2012-0249 A buffer overflow in the ospf_ls_upd_list_lsa function in the OSPFv2 implementation allows remote attackers to cause a denial of service via a Link State Update packet that is smaller than the length specified ... oval:org.secpod.oval:def:600662 Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the Cups printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files. oval:org.secpod.oval:def:600540 It was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denial of service through malformed mail headers. The oldstable distribution is not affected. oval:org.secpod.oval:def:600661 Multiple vulnerabilities were found in the acpid, the Advanced Configuration and Power Interface event daemon: CVE-2011-1159 Vasiliy Kulikov of OpenWall discovered that the socket handling is vulnerable to denial of service. CVE-2011-2777 Oliver-Tobias Ripka discovered that incorrect process handlin ... oval:org.secpod.oval:def:600543 Several vulnerabilities were in Request Tracker, an issue tracking system. CVE-2011-1685 If the external custom field feature is enabled, Request Tracker allows authenticated users to execute arbitrary code with the permissions of the web server, possible triggered by a cross-site request forgery at ... oval:org.secpod.oval:def:600664 It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the "certdnsnames" option was used. This could lead to man in the middle attacks oval:org.secpod.oval:def:600785 Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place. oval:org.secpod.oval:def:600542 OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user coul ... oval:org.secpod.oval:def:600784 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds read in th ... oval:org.secpod.oval:def:600548 Two XSS bugs and one potential information disclosure issue were discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0700 Input passed via the post title when performing a "Quick Edit" or "Bulk Edit&qu ... oval:org.secpod.oval:def:600669 Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing FastCGI applications, is incorrectly restoring environment variables of a prior request in subsequent requests. In some cases this may lead to authentication bypasses or worse. The oldstable distribution is not affected by this ... oval:org.secpod.oval:def:600660 It was discovered that the Piston framework can deserializes untrusted YAML and Pickle data, leading to remote code execution. The old stable distribution does not contain a python-django-piston package. oval:org.secpod.oval:def:600781 It was discovered that the last security update for gajim, DSA-2453-1, introduced a regression in certain environments. oval:org.secpod.oval:def:600780 Several vulnerabilities have been discovered in gajim, a feature-rich jabber client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-1987 gajim is not properly sanitizing input before passing it to shell commands. An attacker can use this flaw to execute ... oval:org.secpod.oval:def:600577 Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-afte ... oval:org.secpod.oval:def:600698 It was discovered that the foomatic-filters, a support package for setting up printers, allowed authenticated users to submit crafted print jobs which would execute shell commands on the print servers. CVE-2011-2697 was assigned to the vulnerability in the Perl implementation included in lenny, and ... oval:org.secpod.oval:def:600579 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" di ... oval:org.secpod.oval:def:600210 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSi ... oval:org.secpod.oval:def:600576 Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client"s security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously ... oval:org.secpod.oval:def:600697 It was discovered that the Key Distribution Center in Kerberos 5 crashes when processing certain crafted requests: CVE-2011-1528 When the LDAP backend is used, remote users can trigger a KDC daemon crash and denial of service. CVE-2011-1529 When the LDAP or Berkeley DB backend is used, remote users ... oval:org.secpod.oval:def:600696 It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger thi ... oval:org.secpod.oval:def:600570 Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning: * MSA-11-0002 Cross-site request forgery vulnerability in RSS block * MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete * MSA-11-0008 IMS enterpr ... oval:org.secpod.oval:def:600572 Mark Martinec discovered that Perl incorrectly clears the tainted flag on values returned by case conversion functions such as "lc". This may expose preexisting vulnerabilities in applications which use these functions while processing untrusted input. No such applications are known at thi ... oval:org.secpod.oval:def:600693 Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework: CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remo ... oval:org.secpod.oval:def:600571 It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities: A remote attacker could execute arbitrary code in a logged-in users" web browser. A remote attacker could read or modify the contents in the system under certain circumstances. oval:org.secpod.oval:def:600692 The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code. oval:org.secpod.oval:def:600204 It was discovered that the ISC DHCPv6 server does not correctly process requests which come from unexpected source addresses, leading to an assertion failure and a daemon crash. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:600567 It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in p ... oval:org.secpod.oval:def:600203 It was discovered that telepathy-gabble, the Jabber/XMMP connection manager for the Telepathy framework, is processing google:jingleinfo updates without validating their origin. This may allow an attacker to trick telepathy-gabble into relaying streamed media data through a server of his choice and ... oval:org.secpod.oval:def:600687 Bartlomiej Balcerek discovered several buffer overflows in torque server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names. The oldstable distribution does not contain torque. oval:org.secpod.oval:def:600568 It was discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all, can bypass the authentication procedure. The ... oval:org.secpod.oval:def:600689 Several vulnerabilities were discovered in ProFTPD, an FTP server: ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditio ... oval:org.secpod.oval:def:600563 It was discovered that pam-pgsql, a PAM module to authenticate using a PostgreSQL database, was vulnerable to a buffer overflow in supplied IP-addresses. oval:org.secpod.oval:def:600684 Several weak certificates were issued by Malaysian intermediate CA "Digicert Sdn. Bhd." This event, along with other issues, has lead to Entrust Inc. and Verizon Cybertrust to revoke the CA"s cross-signed certificates. This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this d ... oval:org.secpod.oval:def:600202 Philip Martin discovered that HTTP-based Subversion servers crash when processing lock requests on repositories which support unauthenticated read access. oval:org.secpod.oval:def:600208 It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service. The oldstable distribution is not affected. oval:org.secpod.oval:def:600209 Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. CVE-2011-0053 Crashes in the layout engine may lead to the executio ... oval:org.secpod.oval:def:600680 It was discovered that missing input sanitising in Freetype"s glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:600560 Chris Evans discovered that libxml was vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code. oval:org.secpod.oval:def:600681 Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder: CVE-2011-2771 Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. CVE-2011-2772 Richard Mansfield discovered that insufficient upload restriction ... oval:org.secpod.oval:def:600237 Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification. oval:org.secpod.oval:def:600236 It was discovered that Doctrine, a PHP library for implementing object persistence, contains SQL injection vulnerabilities. The exact impact depends on the application which uses the Doctrine library. oval:org.secpod.oval:def:601204 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. These fixes require extr ... oval:org.secpod.oval:def:601207 Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize PHP function. A remote attacker could specially-crafted one of those variables allowing her to load and execute code. oval:org.secpod.oval:def:600238 Christoph Martin discovered that incorrect ACL processing in TinyProxy, a lightweight, non-caching, optionally anonymizing http proxy could lead to unintended network access rights. The oldstable distribution is not affected. oval:org.secpod.oval:def:600233 Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrar ... oval:org.secpod.oval:def:600596 Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2703 Several instances of insufficient escaping of user inpu ... oval:org.secpod.oval:def:601201 A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban. oval:org.secpod.oval:def:600235 Viacheslav Tykhanovskyi discovered a directory traversal vulnerability in Mojolicious, a Perl Web Application Framework. The oldstable distribution doesn"t contain libmojolicious-perl. oval:org.secpod.oval:def:601203 Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the app ... oval:org.secpod.oval:def:601202 Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. oval:org.secpod.oval:def:601209 It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition. oval:org.secpod.oval:def:600592 It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery. oval:org.secpod.oval:def:600591 Sebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation and an off-by-one error, which can lead to the execution of arbitrary code . Adam Zabrocki and Maksymilian Arciemowicz also discovered another off-by-o ... oval:org.secpod.oval:def:600594 Tim Zingelmann discovered that due an incorrect configure script the kerborised FTP server failed to set the effective GID correctly, resulting in privilege escalation. The oldstable distribution is not affected. oval:org.secpod.oval:def:600230 Daniel Danner discovered that tmux, a terminal multiplexer, is not properly dropping group privileges. Due to a patch introduced by Debian, when invoked with the -S option, tmux is not dropping permissions obtained through its setgid installation. The oldstable distribution is not affected by this ... oval:org.secpod.oval:def:600593 It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user paramter. oval:org.secpod.oval:def:600590 Jamie Strandboge noticed that the patch propoused to fix CVE-2011-1760 in OProfile has been incomplete. For reference, the description of the original DSA, is: OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to ... oval:org.secpod.oval:def:600228 Dylan Simon discovered that gitolite, a SSH-based gatekeeper for git repositories, is prone to directory traversal attacks when restricting admin defined commands . This allows an attacker to execute arbitrary commands with privileges of the gitolite server via crafted command names. Please note tha ... oval:org.secpod.oval:def:600222 Sebastian Krahmer discovered that the gdm3, the GNOME Desktop Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges. The oldstable distribution does not contain a gdm3 package. The gdm package is not affec ... oval:org.secpod.oval:def:600221 Moritz Naumann discovered that imp4, a webmail component for the horde framework, is prone to cross-site scripting attacks by a lack of input sanitising of certain fetchmail information. oval:org.secpod.oval:def:600587 Paul Belanger reported a vulnerability in Asterisk identified as AST-2011-008 through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures. Jared Mauch reported a vulnerability in ... oval:org.secpod.oval:def:600223 This update for the Network Security Service libraries marks several fraudulent HTTPS certificates as unstrusted. oval:org.secpod.oval:def:600580 It was discovered that Perl"s Safe module - a module to compile and execute code in restricted compartments - could by bypassed. Please note that this update is known to break Petal, an XML-based templating engine . A fix is not yet available. If you use Petal, you might consider to put the previous ... oval:org.secpod.oval:def:601106 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. Thi ... oval:org.secpod.oval:def:601105 Multiple vulnerabilities were discovered in the dissectors for LDAP, RTPS and NBAP and in the Netmon file parser, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601229 Multiple cross-site scripting vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attackers can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copy_move.php, functions.php, header.php a ... oval:org.secpod.oval:def:601107 It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords. A non-authenticated remote attacker could mount a denial of service by submitting arbitrarily large passwords, tying up server resources in the expe ... oval:org.secpod.oval:def:601228 It was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly the ... oval:org.secpod.oval:def:601102 It was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialized variable being passed to longjmp. This is a differ ... oval:org.secpod.oval:def:601101 Andreas Beckmann discovered that phpBB, a web forum, as installed in Debian, sets incorrect permissions for cached files, allowing a malicious local user to overwrite them. oval:org.secpod.oval:def:601103 Rainer Koirikivi discovered a directory traversal vulnerability with "ssi" template tags in python-django, a high-level Python web development framework. It was shown that the handling of the "ALLOWED_INCLUDE_ROOTS" setting, used to represent allowed prefixes for the {% ssi %} template tag, is vulne ... oval:org.secpod.oval:def:601224 Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the app ... oval:org.secpod.oval:def:601220 Several vulnerabilities were discovered in otrs2, the Open Ticket Request System. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-1471 Norihiro Tanaka reported missing challenge token checks. An attacker that managed to take over the session of a logged i ... oval:org.secpod.oval:def:601217 A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and ... oval:org.secpod.oval:def:600244 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bon ... oval:org.secpod.oval:def:600243 A vulnerability has been found in SPIP, a website engine for publishing, which allows a malicious registered author to disconnect the website from its database, resulting in denial of service. The oldstable distribution doesn"t include spip. oval:org.secpod.oval:def:601213 The security update released in DSA-2850-1 for libyaml introduced a regression in libyaml failing to parse a subset of valid yaml documents. For reference the original advisory text follows. Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, ... oval:org.secpod.oval:def:600241 Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren ... oval:org.secpod.oval:def:601006 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1917 The SYSENTER instruction can be used by PV guests to accelerate system call processing. This instruction, however, leaves the EFLAGS ... oval:org.secpod.oval:def:601009 Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution. When using the openssl plugin for ECDSA based authentication, an empty, zeroed or otherwise invalid signature is handled as a legitimate one. An attacker could use a forged signature to authenticate like a legitim ... oval:org.secpod.oval:def:601008 Martin Schobert discovered a stack-based vulnerability in tinc, a virtual private network daemon. When packets are forwarded via TCP, packet length is not checked against the stack buffer length. Authenticated peers could use this to crash the tinc daemon and maybe execute arbitrary code. Note that ... oval:org.secpod.oval:def:601129 A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the generator when multiple processes are forked from the same parent. This would lead it to generate identical output on all proce ... oval:org.secpod.oval:def:601003 Nicolas Gregoire discovered that libxslt, an XSLT processing runtime library, is prone to denial of service vulnerabilities via crafted xsl stylesheets. oval:org.secpod.oval:def:601004 Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a remote attacker, could ... oval:org.secpod.oval:def:601125 Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery. oval:org.secpod.oval:def:601120 Hamid Zamani discovered multiple security problems , which could lead to the execution of arbitrary code. oval:org.secpod.oval:def:601240 Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to c ... oval:org.secpod.oval:def:601122 It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure. The software offers no runtime configuration options to disable these. This update disables the use of SSLv2 and weak ciphers. The updated package for Debian 7 also c ... oval:org.secpod.oval:def:601242 Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to c ... oval:org.secpod.oval:def:601116 Kingcope discovered that the mod_sftp and mod_sftp_pam modules of proftpd, a powerful modular FTP/SFTP/FTPS server, are not properly validating input, before making pool allocations. An attacker can use this flaw to conduct denial of service attacks against the system running proftpd . oval:org.secpod.oval:def:601119 John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system. The torque authentication model revolves around the use of privileged ports. If a request is not made from a privileged port then it is assumed not to be ... oval:org.secpod.oval:def:601239 Multiple vulnerabilities have been discovered in pidgin, a multi-protocol instant messaging client. In addition to fixing the vulnerabilities, this revision specific to the oldstable distribution , reduces the supported protocols to: IRC, Jabber/XMPP, Sametime, and SIMPLE. Users of other protocols a ... oval:org.secpod.oval:def:601234 Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed. oval:org.secpod.oval:def:601112 It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field. A remote attacker in the position to obtain a certificate for "www.foo.org\0.example.com" from a CA that a SSL client trust ... oval:org.secpod.oval:def:601236 It was discovered that the recent file update, DSA-2873-1, introduced a regression in the recognition of Perl scripts containing BEGIN code blocks. oval:org.secpod.oval:def:601114 Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation. oval:org.secpod.oval:def:601235 Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86 virtualisation solution, resulting in denial of service, privilege escalation and an information leak. oval:org.secpod.oval:def:601230 Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:601232 Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module . This only affects installations with the lighttpd-mod-my ... oval:org.secpod.oval:def:601149 Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain. The de ... oval:org.secpod.oval:def:601146 Several vulnerabilities have been discovered in the lighttpd web server. CVE-2013-4508 It was discovered that lighttpd uses weak ssl ciphers when SNI is enabled. This issue was solved by ensuring that stronger ssl ciphers are used when SNI is selected. CVE-2013-4559 The clang static analyzer was us ... oval:org.secpod.oval:def:601145 Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system. A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands ... oval:org.secpod.oval:def:601026 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601142 Multiple vulnerabilities were discovered in the dissectors for IEEE 802.15.4, NBAP, SIP and TCP, which could result in denial of service. The oldstable distribution is only affected by CVE-2013-6340. This problem has been fixed in version 1.2.11-6+squeeze13. oval:org.secpod.oval:def:600173 Several vulnerabilities were discovered in the django web development framework: CVE-2011-0696 For several reasons the internal CSRF protection was not used to validate ajax requests in the past. However, it was discovered that this exception can be exploited with a combination of browser plugins an ... oval:org.secpod.oval:def:601141 Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client ha ... oval:org.secpod.oval:def:601144 Several vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site request forgery on logout, cross-site scripting on author page, and PHP injection. oval:org.secpod.oval:def:600172 Two vulnerabilities were discovered the distributed filesystem AFS: CVE-2011-0430 Andrew Deason discovered that a double free in the Rx server process could lead to denial of service or the execution of arbitrary code. CVE-2011-0431 It was discovered that insufficient error handling in the kernel mo ... oval:org.secpod.oval:def:600171 Volker Lendecke discovered that missing range checks in Samba"s file descriptor handling could lead to memory corruption, resulting in denial of service. oval:org.secpod.oval:def:601139 A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links. By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a denial of service or an authorization bypass . oval:org.secpod.oval:def:601013 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1918 Several long latency operations are not preemptible Some page table manipulation operations for PV guests were not made preemptible, ... oval:org.secpod.oval:def:601016 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-3368 The rt command line tool uses semi-predictable temporary files. A malicious user can use t ... oval:org.secpod.oval:def:600165 The changes in python-django DSA-2163 necessary to fix the issues CVE-2011-0696 and CVE-2011-0697 introduced an unavoidable backward incompatibility, which caused a regression in dajaxice, which depends on python-django. This update supplies fixed packages for dajaxice. oval:org.secpod.oval:def:600199 Matthew Nicholson discovered a buffer overflow in the SIP channel driver of Asterisk, an open source PBX and telephony toolkit, which could lead to the execution of arbitrary code. oval:org.secpod.oval:def:601048 Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a ... oval:org.secpod.oval:def:601166 A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service via a GET request with trailing whitespace characters and no URI. oval:org.secpod.oval:def:600192 It was discovered that pango did not check for memory allocation failures, causing a NULL pointer dereference with an adjustable offset. This can lead to application crashes and potentially arbitrary code execution. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:601160 Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service via application crash or high memory consumption, possible code execution through heap buffer overflows , information disclosure , or yet another heap buffer overflow that only ap ... oval:org.secpod.oval:def:600191 Dominik George discovered that logwatch does not guard against shell meta-characters in crafted log file names . As a result, an attacker might be able to execute shell commands on the system running logwatch. oval:org.secpod.oval:def:601041 A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website. oval:org.secpod.oval:def:601162 Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute ... oval:org.secpod.oval:def:601157 Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon: CVE-2013-2236 A buffer overflow was found in the OSPF API-server . CVE-2013-6051 bgpd could be crashed through BGP updates. This only affects Wheezy/stable. oval:org.secpod.oval:def:600188 It was discovered that python-webdav, a WebDAV server implementation, contains several SQL injection vulnerabilities in the processing of user credentials. The oldstable distribution does not contain a python-webdav package. oval:org.secpod.oval:def:601159 joernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email. CVE-2013-4478 Sup wrongly handled the filename of attachments. CVE-2013-4479 Sup did not sanitize the content ... oval:org.secpod.oval:def:601032 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601152 It was discovered that nbd-server, the server for the Network Block Device protocol, did incorrect parsing of the access control lists, allowing access to any hosts with an IP address sharing a prefix with an allowed address. oval:org.secpod.oval:def:600187 Neel Mehta discovered that an incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications may be vulnerable to expos ... oval:org.secpod.oval:def:601155 Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode. oval:org.secpod.oval:def:600181 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. CVE-2011-0051 Zach Hoffmann discovered that incorrect parsing of recursive ev ... oval:org.secpod.oval:def:601151 The update for curl in DSA-2798-1 uncovered a regression affecting the curl command line tool behaviour . This update disables host verification too when using the --insecure option. For the oldstable distribution , this problem has been fixed in version 7.21.0-2.1+squeeze6. For the stable distribut ... oval:org.secpod.oval:def:601150 It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification. oval:org.secpod.oval:def:601069 Multiple vulnerabilities were discovered in the poppler PDF rendering library. CVE-2013-1788 Multiple invalid memory access issues, which could potentially lead to arbitrary code execution if the user were tricked into opening a malformed PDF document. CVE-2013-1790 An uninitialized memory issue, wh ... oval:org.secpod.oval:def:601189 Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-4971 Stefan Bucur reported that memcached could be caused to crash by sending a specially crafted packet. ... oval:org.secpod.oval:def:601180 Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: vulnerabilities due to optimistic cross-site request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation. In order to avoid the rem ... oval:org.secpod.oval:def:601066 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. Thi ... oval:org.secpod.oval:def:601181 An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. oval:org.secpod.oval:def:601063 It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master. oval:org.secpod.oval:def:601057 James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2153 The implementation of XML digital signa ... oval:org.secpod.oval:def:601059 Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code. CVE-2013-1912 Buffer overflow in the HTTP keepalive code. CVE-2013-2175 Denial of service in parsing HTTP headers. oval:org.secpod.oval:def:601054 Krzysztof Katowicz-Kowalewski discovered a vulnerability in fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using fail2ban to monitor Apache logs, improper input validation in log parsing could enable a ... oval:org.secpod.oval:def:601177 It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the ... oval:org.secpod.oval:def:601173 Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to ... oval:org.secpod.oval:def:601080 It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. oval:org.secpod.oval:def:601087 Two security issues were found in Cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:601088 Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework. The is_safe_url utility function used to validate that a used URL is on the current host to avoid potentially dangerous redirects from maliciously-constructed querystrin ... oval:org.secpod.oval:def:601084 Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4206 Mark Wooding discovered a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication. ... oval:org.secpod.oval:def:601191 A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine. oval:org.secpod.oval:def:601075 A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow. oval:org.secpod.oval:def:601199 The fix for CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource. The oldstable distribution is not affected by this regression. For the stable distribution , this problem has been fixed in version 2.7.23-1~deb7u3. For the testing distribution ... oval:org.secpod.oval:def:601077 OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect oval:org.secpod.oval:def:601193 It was discovered that djvulibre, the Open Source DjVu implementation project, can be crashed or possibly make it execute arbitrary code when processing a specially crafted djvu file. oval:org.secpod.oval:def:601192 Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco"s reference implementation of the Secure Real-time Transport Protocol , in how the crypto_policy_set_from_profile_for_rtp function applies cryptographic profiles to an srtp_policy. A remote attacker could expl ... oval:org.secpod.oval:def:601194 Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-0978 It was discovered that user-supplied input used in the yyerror function in lib/cgraph/scan.l is not ... oval:org.secpod.oval:def:601097 Several denial-of-service vulnerabilities were discovered in the dcraw code base, a program for procesing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package. oval:org.secpod.oval:def:601095 Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems: CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. CVE-2013-5589 cacti/host.php contained an SQL injection vulnerability, allowing an attacker to exec ... oval:org.secpod.oval:def:600910 Multiple vulnerabilities have been discovered in Icedove, Debian"s version of the Mozilla Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-3982 Multiple unspecified vulnerabilities in the browser engine allow remote attackers to ca ... oval:org.secpod.oval:def:600918 James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned: CVE-2012-2251 ... oval:org.secpod.oval:def:600917 Andy Lutomirski discovered that tcsd was missing a of input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault. oval:org.secpod.oval:def:600912 Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey: CVE-2012-3982 Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. CVE-2012-3986 Icedove do ... oval:org.secpod.oval:def:600914 Ralf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up pre- and post-handshake verification of clients. This vulnerability may wrongly accept clients without checking their certificate chain under certain configurations. Raphael Geissert spotted that the fix for CVE-2012-4523 was ... oval:org.secpod.oval:def:600913 The Red Hat Security Response Team discovered that libproxy, a library for automatic proxy configuration management, applied insufficient validation to the Content-Length header sent by a server providing a proxy.pac file. Such remote server could trigger an integer overflow and consequently overflo ... oval:org.secpod.oval:def:600909 It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code. oval:org.secpod.oval:def:600908 Several vulnerabilities were discovered in Request Tracker, an issue tracking system. CVE-2012-4730 Authenticated users can add arbitrary headers or content to mail generated by RT. CVE-2012-4732 A CSRF vulnerability may allow attackers to toggle ticket bookmarks. CVE-2012-4734 If users follow a cra ... oval:org.secpod.oval:def:600905 Multiple vulnerabilities have been discovered in Iceweasel, Debian"s version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-3982 Multiple unspecified vulnerabilities in the browser engine allow remote attackers to caus ... oval:org.secpod.oval:def:600904 cups-pk-helper, a PolicyKit helper to configure cups with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The user would have to explicitly approv ... oval:org.secpod.oval:def:600907 IT was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class. oval:org.secpod.oval:def:600900 Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files. CVE-2012-2812: A heap-based out-of-bounds array read in the exif_entry_get_value function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information f ... oval:org.secpod.oval:def:600930 Multiple vulnerabilities have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. CVE-2012-4201 The evalInSandbox implementation uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers t ... oval:org.secpod.oval:def:600811 intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin. This could be exploited by a remote attacker to cause arbitrary code to be executed on the user"s machine. The problem is only in pidgin-otr. Other applications which use libotr are not affected. oval:org.secpod.oval:def:600932 "halfdog" discovered that incorrect interrupt handling in Virtualbox, a x86 virtualization solution - can lead to denial of service. oval:org.secpod.oval:def:600810 Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users. oval:org.secpod.oval:def:600931 Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:600938 Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries mis-issued two intermediate CA"s which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CA"s. The two existing TurkTr ... oval:org.secpod.oval:def:600816 It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl. Please note that if you run request-tracker3.8 under the Apache web server, you must stop and start Apache manually. The "restart" ... oval:org.secpod.oval:def:600937 It was discovered that missing input validation in the twikidraw and anywikidraw actions can result in the execution of arbitrary code. This security issue in being actively exploited. This update also addresses path traversal in AttachFile. oval:org.secpod.oval:def:600818 An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder. ... oval:org.secpod.oval:def:600939 Yury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information. oval:org.secpod.oval:def:600813 It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command. oval:org.secpod.oval:def:600933 Thorsten Glaser discovered that the RSSReader extension for mediawiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the mediawiki pages. oval:org.secpod.oval:def:600814 Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:600800 It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine. oval:org.secpod.oval:def:600921 Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:600920 Multiple vulnerabilities were discovered in libssh by Florian Weimer and Xi Wang: CVE-2012-4559: multiple double free flaws CVE-2012-4561: multiple invalid free flaws CVE-2012-4562: multiple improper overflow checks Those could lead to a denial of service by making an ssh client linked to libssh cra ... oval:org.secpod.oval:def:600805 The latest security update, DSA-2464-1, for Icedove, Debian"s version of the Mozilla Thunderbird mail client, contained a regression: the removal of UTF-7 support resulted in incorrect display of IMAP folder names. oval:org.secpod.oval:def:600807 Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes. oval:org.secpod.oval:def:600928 A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution. oval:org.secpod.oval:def:600802 The updates DSA-2457 and DSA-2458 for Iceweasel and Icedove introduced a regression, which could lead to crashes when interpreting some Javascript statements. For the stable distribution , this problem has been fixed in version 3.5.16-15 oval:org.secpod.oval:def:600801 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. Thi ... oval:org.secpod.oval:def:600925 : oval:org.secpod.oval:def:600924 Multiple vulnerabilities have been found in Iceweasel, the Debian web browser based on Mozilla Firefox: CVE-2012-5829 Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. CVE-2012-5842 Multiple unspecified vulnerabilities in the b ... oval:org.secpod.oval:def:601237 Florian Weimer discovered a buffer overflow in udisks"s mount path parsing code which may result in privilege escalation. oval:org.secpod.oval:def:601174 Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601169 Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code. oval:org.secpod.oval:def:601065 Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Refe ... oval:org.secpod.oval:def:601029 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601000 Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. oval:org.secpod.oval:def:601179 Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled. oval:org.secpod.oval:def:601134 The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine . Updated packages are available to address this problem. For reference, the original advisory text follows: Several vulnerabilities were discovered in Rack, a modular Ruby ... oval:org.secpod.oval:def:601132 Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilites and Exposures project identifies the following vulnerabilities: CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions predic ... oval:org.secpod.oval:def:600973 Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi: CVE-2012-5643 squid"s cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service att ... oval:org.secpod.oval:def:600929 The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code. oval:org.secpod.oval:def:600738 It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. A ... oval:org.secpod.oval:def:600881 Multiple vulnerabilities have been discovered in xen-qemu-dm-4.0, the Xen Qemu Device Model virtual machine hardware emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-3515: The device model for HVM domains does not properly handle VT100 escape seq ... oval:org.secpod.oval:def:600882 Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2652: The snapshot mode of Qemu incorrectly handles temporary files used to store the current state ... oval:org.secpod.oval:def:600883 Multiple vulnerabilities have been discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2652: The snapshot mode of QEMU incorrectly handles temporary files used to store the current state, making it vulnerable to ... oval:org.secpod.oval:def:600916 It was discovered that ppm2tiff of the tiff tools, a set of utilities for TIFF manipulation and conversion, is not properly checking the return value of an internal function used in order to detect integer overflows. As a consequence, ppm2tiff suffers of a heap-based buffer overflow. This allows att ... oval:org.secpod.oval:def:600902 It was discovered that a buffer overflow in libtiff"s parsing of files using PixarLog compression could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600906 gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers. oval:org.secpod.oval:def:600934 Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code. oval:org.secpod.oval:def:600974 CVE-2009-5030 Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. CVE-2012-3358 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. CVE-2012-3535 Huzaifa Sidhpurwala of the Red Hat Security Res ... oval:org.secpod.oval:def:600865 Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform den ... oval:org.secpod.oval:def:600893 Several vulnerabilities were discovered in Tiff, a library set and tools to support the Tag Image File Format , allowing denial of service and potential privilege escalation. These vulnerabilities can be exploited via a specially crafted TIFF image. CVE-2012-2113 The tiff2pdf utility has an integer ... oval:org.secpod.oval:def:600844 Qualys Vulnerability & Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both "Content:Disposition: attachment" and "Content-Type: multipart" were present in HTTP headers, the vulernability could allow an attacker to ... oval:org.secpod.oval:def:600744 Several security issues have been fixed in Moodle, a course management system for online learning: CVE-2011-4308 / CVE-2012-0792 Rossiani Wijaya discovered an information leak in mod/forum/user.php CVE-2011-4584 MNET authentication didn"t prevent a user using "Login As" from jumping to a r ... oval:org.secpod.oval:def:600830 The Phar extension for PHP does not properly handle crafted tar files, leading to a heap-based buffer overflow. PHP applications processing tar files could crash or, potentially, execute arbitrary code. In addition, this update addresses a regression which caused a crash when accessing a global obje ... oval:org.secpod.oval:def:600716 It was discovered that a buffer overflow in the Unicode libraray ICU could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600530 Nelson Elhage discovered that incorrect memory handling during the removal of ISA devices in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code. oval:org.secpod.oval:def:600578 It was discovered that incorrect sanitising of virtio queue commands in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:600597 Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2527 Andrew Griffiths discovered that group p ... oval:org.secpod.oval:def:600242 Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-0011 Setting the VNC password to an empty string silently disabled all authentication. CVE-2011-1750 The virtio-blk driver performed insufficient validation of read/write I/O from the guest ... oval:org.secpod.oval:def:600760 Several vulnerabilities have been identified in Gnash, the GNU Flash player. CVE-2012-1175 Tielei Wang from Georgia Tech Information Security Center discovered a vulnerability in GNU Gnash which is caused due to an integer overflow error and can be exploited to cause a heap-based buffer overflow by ... oval:org.secpod.oval:def:600793 The initial update introduced a regression, which could lead to errors when processing some JPEG files. oval:org.secpod.oval:def:600791 Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:600773 Alexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened. oval:org.secpod.oval:def:600617 The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a regression that can result in an oops during invalid accesses to /proc/<pid>/maps files. The text of the original advisory is reproduced for reference: Several vulnerabilities have been discovered in the Linux kernel that ... oval:org.secpod.oval:def:600622 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local use ... oval:org.secpod.oval:def:600753 Mateusz Jurczyk from the Google Security Team discovered several vulnerabilties in Freetype"s parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed. oval:org.secpod.oval:def:600798 De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code. Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices. oval:org.secpod.oval:def:600723 Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. oval:org.secpod.oval:def:600714 Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation. This update also fixes a guest-triggerable memory corruption in VNC handling. oval:org.secpod.oval:def:600721 Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges. The old stable distribution does not c ... oval:org.secpod.oval:def:600769 Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue. oval:org.secpod.oval:def:600819 Multiple cross-site scripting vulnerabilities were discovered in IMP, the webmail component in the Horde framework. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various crafted parameters. oval:org.secpod.oval:def:600665 Two vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmd.php is not properly sanitised before being returned to t ... oval:org.secpod.oval:def:600623 Two security issue have been discovered that affect vsftpd, a lightweight, efficient FTP server written for security. CVE-2011-2189 It was discovered that Linux kernels less than 2.6.35 are considerably slower in releasing than in the creation of network namespaces. As a result of this and because v ... oval:org.secpod.oval:def:600589 It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow . Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe . For the stable distribution , these problems have been ... oval:org.secpod.oval:def:600599 Hossein Lotfi discovered an integer overflow in libsndfile"s code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code. oval:org.secpod.oval:def:600588 It has been discovered that xml-security-c, an implementation of the XML Digital Signature and Encryption specifications, is not properly handling RSA keys of sizes on the order of 8192 or more bits. This allows an attacker to crash applications using this functionality or potentially execute arbitr ... oval:org.secpod.oval:def:600565 Tavis Ormandy discovered that the Tag Image File Format library is vulnerable to a buffer overflow triggered by a crafted OJPEG file which allows for a crash and potentially execution of arbitrary code. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:600215 It was discovered that libvirt, a library for interfacing with different virtualization systems, did not properly check for read-only connections. This allowed a local attacker to perform a denial of service or possibly escalate privileges. The oldstable distribution is not affected by this proble ... oval:org.secpod.oval:def:600575 The recent tiff update DSA-2210-1 introduced a regression that could lead to encoding problems of tiff files. This update fixes this problem . For reference, the description of the original DSA, which fixed CVE-2011-0191 CVE-2011-0192 CVE-2011-1167 CVE-2011-0191 A buffer overflow allows to execute a ... oval:org.secpod.oval:def:600561 Several vulnearbilities were discovered in the TIFF manipulation and conversion library: CVE-2011-0191 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. This issue affects the Debian 5.0 Lenny package only. CVE-2011-0192 A bu ... oval:org.secpod.oval:def:600944 joernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to find_by_* methods. Depending on how the ruby on rails application is using these methods, this allows an attacker to perform SQL injection ... oval:org.secpod.oval:def:600634 Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux: CVE-2011-2503 It was discovered that a race condition in staprun could lead to privilege escalation. CVE-2010-4170 It was discovered that insufficient validation of environment variables in staprun could lead ... oval:org.secpod.oval:def:600626 Kees Cook of the ChromeOS security team discovered a buffer overflow in pam_env, a PAM module to set environment variables through the PAM stack, which allowed the execution of arbitrary code. An additional issue in argument parsing allows denial of service. The oldstable distribution is not affect ... oval:org.secpod.oval:def:600815 Several vulnerabilities were discovered in Request Tracker, an issue tracking system: CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users. CVE-2011-2083 Several cross-site scripting issues have been discovered. CVE-2011- ... oval:org.secpod.oval:def:600765 Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. oval:org.secpod.oval:def:600726 Several vulnerabilities have been found in the Apache HTTPD Server: CVE-2011-3607: An integer overflow in ap_pregsub could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. CVE-2011-3368 CVE-2011-3639 CVE-2011-4317: The Apache HTTP Server did not pro ... oval:org.secpod.oval:def:600632 Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon: CVE-2011-3323 A stack-based buffer overflow while decoding Link State Update packets with a malformed Inter Area Prefix LSA can cause the ospf6d process to crash or execute arb ... oval:org.secpod.oval:def:600619 Ben Hawkes discovered that squid3, a full featured Web Proxy cache , is vulnerable to a buffer overflow when processing gopher server replies. An attacker can exploit this flaw by connecting to a gopher server that returns lines longer than 4096 bytes. This may result in denial of service conditions ... oval:org.secpod.oval:def:600727 Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written ... oval:org.secpod.oval:def:600610 The apache2 Upgrade from DSA-2298-1 has caused a regression that prevented some video players from seeking in video files served by Apache HTTPD. This update fixes this bug. The text of the original advisory is reproduced for reference: Two issues have been found in the Apache HTTPD web server: CVE- ... oval:org.secpod.oval:def:600613 Two issues have been found in the Apache HTTPD web server: CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denia ... oval:org.secpod.oval:def:600595 Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2505 Possible session manipulation in Swekey authentication. CVE-2011-2506 Possible code injection in setup s ... oval:org.secpod.oval:def:600749 Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program. CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin allows user-assisted remote attackers to c ... oval:org.secpod.oval:def:600598 The PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image. The other vulnerabilities are l ... oval:org.secpod.oval:def:600903 Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories. CVE-2009-5024: remote attackers can bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks via the limit parameter. CVE-2012-3356: the remote SVN views ... oval:org.secpod.oval:def:600524 Several vulnerabilities were discovered in Postfix, a mail transfer agent. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct sy ... oval:org.secpod.oval:def:600550 CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to ... oval:org.secpod.oval:def:600234 Aliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially cra ... oval:org.secpod.oval:def:600943 Two security issues have been discovered in Weechat a, fast, light and extensible chat client: CVE-2011-1428 X.509 certificates were incorrectly validated. CVE-2012-5534 The hook_process function in the plugin API allowed the execution of arbitrary shell commands. oval:org.secpod.oval:def:600214 Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system . When upgrading your php5-common package take special care to _accept_ the changes to the /etc/cron.d/php5 file. Ignoring them would ... oval:org.secpod.oval:def:600212 Several issues have been discovered in libcgroup, a library to control and monitor control groups: CVE-2011-1006 Heap-based buffer overflow by converting list of controllers for given task into an array of strings could lead to privilege escalation by a local attacker. CVE-2011-1022 libcgroup did no ... oval:org.secpod.oval:def:600227 Ricardo Narvaja discovered that missing input sanitising in VLC, a multimedia player and streamer, could lead to the execution of arbitrary code if a user is tricked into opening a malformed media file. This update also provides updated packages for oldstable for vulnerabilities, which have already ... oval:org.secpod.oval:def:600196 Dan Rosenberg discovered that insufficient input validation in VLC"s processing of Matroska/WebM containers could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600186 Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine: CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. CVE-2011-0534 I ... oval:org.secpod.oval:def:600705 Several vulnerabilities have been discovered in cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands. oval:org.secpod.oval:def:600556 Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1292 Use-after-free vulnerability in the frame-loader implementation in Google Chrome allows remote attackers to cause a denial of service or ... oval:org.secpod.oval:def:601128 Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project"s XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. oval:org.secpod.oval:def:601137 The Google Chrome Security Team discovered two issues in the International Components for Unicode library. oval:org.secpod.oval:def:600615 Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2818 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other imp ... oval:org.secpod.oval:def:600710 Many security problems had been fixed in libxml2, a popular library to handle XML data files. CVE-2011-3919: Jüri Aedla discovered a heap-based buffer overflow that allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011 ... oval:org.secpod.oval:def:600711 Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code This update also addresses several bugs, which can lead to crashes of Wireshark. These are not treated as security issues, but are fi ... oval:org.secpod.oval:def:600834 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects. The packages in Debian stable are not ... oval:org.secpod.oval:def:600941 Jann Horn discovered that users of the CUPS printing system who are part of the lpadmin group could modify several configuration parameters with security impact. Specifically, this allows an attacker to read or write arbitrary files as root which can be used to elevate privileges. This update splits ... oval:org.secpod.oval:def:600730 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1072 It was discoverd that insecure handling of temporary files in the PEAR installer could lead to denial of service. CVE-2011- ... oval:org.secpod.oval:def:600978 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4544 Insufficient validation of kernel or ramdisk sizes in the Xen PV domain builder could result in denial of service. CVE-2012-5511 Seve ... oval:org.secpod.oval:def:600964 Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid ... oval:org.secpod.oval:def:600969 Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed "CRIME", allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update to nginx disables SSL compression. oval:org.secpod.oval:def:600998 Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing st ... oval:org.secpod.oval:def:600997 The security fix applied to the perl package due to CVE-2013-1667 introduced a test failure in libapache2-mod-perl2 source package specific to the rehash mechanism in Perl. See Debian Bug #702821 for details. This update fixes that problem. For reference, the original advisory text for perl follows. ... oval:org.secpod.oval:def:600631 It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file. oval:org.secpod.oval:def:600985 Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the clock is ... oval:org.secpod.oval:def:600984 Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion. oval:org.secpod.oval:def:600981 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2012-3499 The modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities. CVE-2012-4558 Mod_proxy_balancer did ... oval:org.secpod.oval:def:600982 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4544 Insufficient validation of kernel or ramdisk sizes in the Xen PV domain builder could result in denial of service. CVE-2012-5511 Seve ... oval:org.secpod.oval:def:600885 Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the ... oval:org.secpod.oval:def:600786 Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier. For reference, the original description of CVE-2012-2110 from DSA-2454-1 is quoted below: CVE-2012-2110 Tavis Ormandy, Google Security Te ... oval:org.secpod.oval:def:600782 Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack ... oval:org.secpod.oval:def:600690 It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file. The original announcement didn"t contain corrections for the Debian 5.0 "lenny" ... oval:org.secpod.oval:def:600685 Huzaifa Sidhpurwala discovered a buffer overflow in Wireshark"s ERF dissector, which could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600584 Huzaifa Sidhpurwala, David Maciejak and others discovered several vulnerabilities in the X.509if and DICOM dissectors and in the code to process various capture and dictionary files, which could lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601007 Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tailmatch function when matching domain names, it was possible that cookies set for a domain "ample.com ... oval:org.secpod.oval:def:601046 It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition. oval:org.secpod.oval:def:601161 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming all ... oval:org.secpod.oval:def:601064 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementaton errors may lead to the execution of arbitrary code, ... oval:org.secpod.oval:def:601061 Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function. The curl command line tool is not affected by this problem as it doesn"t use the curl_easy_unescape function. oval:org.secpod.oval:def:601086 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity exp ... oval:org.secpod.oval:def:601071 It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. oval:org.secpod.oval:def:601073 Two security issues have been found in the Tomcat servlet and JSP engine: CVE-2012-3544 The input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service. CVE-2013-2067 The FormAuthenticator module was vulnerable ... oval:org.secpod.oval:def:600812 It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service oval:org.secpod.oval:def:600936 Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate. oval:org.secpod.oval:def:600927 It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers. oval:org.secpod.oval:def:600926 Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195 The "x" operator could cause the Perl interpreter to crash if very long strings were created. CVE-2012-5526 The CGI module does not properly escape LF characters in the Set-Cookie and ... oval:org.secpod.oval:def:600923 Multiple denial of service vulnerabilities have been discovered in the xen hypervisor. One of the issue could even lead to privilege escalation from guest to host. Some of the recently published Xen Security Advisories are not fixed by this update and should be fixed in a future release. CVE-2011- ... oval:org.secpod.oval:def:600922 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. Additionally, CVE-2012-5611 has been fi ... oval:org.secpod.oval:def:600919 A vulnerability has been found in the Apache HTTPD Server: CVE-2012-4557 A flaw was found when mod_proxy_ajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until ... oval:org.secpod.oval:def:600949 It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames . oval:org.secpod.oval:def:600948 It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames . oval:org.secpod.oval:def:600945 KB Sriram discovered that GnuPG, the GNU Privacy Guard did not sufficiently sanitise public keys on import, which could lead to memory and keyring corruption. The problem affects both version 1, in the "gnupg" package, and version two, in the "gnupg2" package. oval:org.secpod.oval:def:600961 A buffer overflow was found in the e1000e emulation, which could be triggered when processing jumbo frames. oval:org.secpod.oval:def:600745 The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File format, leading to crashes. Note that after this update, file may return different detection results for CDF files . The new detections are believed ... oval:org.secpod.oval:def:600866 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-2688 A buffer overflow in the scandir function could lead to denial of service of the execution of arbitrary code. CVE-2012-3450 ... oval:org.secpod.oval:def:600983 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files readab ... oval:org.secpod.oval:def:600799 A regression was discovered in the security update for file, which lead to false positives on the CDF format. This update fixes that regression. For reference the original advisory text follows. The file type identification tool, file, and its associated library, libmagic, do not properly process ma ... oval:org.secpod.oval:def:601226 Multiple vulnerabilities were discovered in Wireshark: CVE-2014-2281 Moshe Kaplan discovered that the NFS dissector could be crashed, resulting in denial of service. CVE-2014-2283 It was discovered that the RLC dissector could be crashed, resulting in denial of service. CVE-2014-2299 Wesley Neelen d ... oval:org.secpod.oval:def:601222 It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID ... oval:org.secpod.oval:def:601225 Several vulnerabilities have been found in file, a file type classification tool. Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable format files, the executable format used on Windows. When processing a defective or intentionally prepared PE execut ... oval:org.secpod.oval:def:601215 It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID ... oval:org.secpod.oval:def:601219 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. ... oval:org.secpod.oval:def:601124 Two vulnerabilities were discovered in GnuPG, the GNU privacy guard, a free PGP replacement. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4351 When a key or subkey had its "key flags" subpacket set to all bits off, GnuPG currently would treat ... oval:org.secpod.oval:def:601241 Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution. oval:org.secpod.oval:def:601121 Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard, a free PGP replacement. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4351 When a key or subkey had its "key flags" subpacket set to all bits off, GnuPG currently would tre ... oval:org.secpod.oval:def:601130 This DSA updates the MySQL database to 5.1.72 oval:org.secpod.oval:def:601049 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1968 Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A ... oval:org.secpod.oval:def:601164 Two security issues were found in Samba, a SMB/CIFS file, print, and login server: CVE-2013-4408 It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code. CVE-2013-4475 Hemanth Thummala discovered that ACLs were not checked whe ... oval:org.secpod.oval:def:601158 Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library . With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. oval:org.secpod.oval:def:601188 It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts could result in the execution of arbitrary code. oval:org.secpod.oval:def:601058 Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion. CVE-2013-1960 Emmanuel Bouillon discovered a heap-based buffer overflow in the tp_process_jpeg_strip function in the tiff2pdf tool. This could potentially lead to a crash or arbitra ... oval:org.secpod.oval:def:601176 Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts. oval:org.secpod.oval:def:601171 Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601082 Multiple vulnerabilities were discovered in the dissectors for DVB-CI, GSM A Common and ASN.1 PER and in the Netmon file parser. oval:org.secpod.oval:def:601079 Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. oval:org.secpod.oval:def:601197 This DSA updates the MySQL 5.1 database to 5.1.73 oval:org.secpod.oval:def:601078 Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. This update fixes this issue for the 1.4 series of GnuPG. GnuPG 2.x is affected through its use of the libgc ... oval:org.secpod.oval:def:601091 Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:600683 Two buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600174 It was discovered that avahi, an implementation of the zeroconf protocol, can be crashed remotely by a single UDP packet, which may result in a denial of service. oval:org.secpod.oval:def:600777 Several vulnerabilities have been discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-1906 Puppet is using predictable temporary file names when downloading Mac OS X package files. This allo ... oval:org.secpod.oval:def:600546 Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1783 WebKit does not properly handle dynamic modification of a text node, which allows remote attackers to execu ... oval:org.secpod.oval:def:600709 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4107 The XML import plugin allowed a remote attacker to read arbitrary files via XML data containing exter ... oval:org.secpod.oval:def:601168 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse. CVE-2 ... oval:org.secpod.oval:def:601223 Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported sucessfully even in cases were an error would prevent all verification steps to be performed. An attacker doing a man-in-the-middle of a TLS ... oval:org.secpod.oval:def:600975 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0231 Jan Beulich provided a fix for an issue in the Xen PCI backend drivers. Use ... oval:org.secpod.oval:def:600841 An XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used. oval:org.secpod.oval:def:600695 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2183 Andrea Righi reported an issue in KSM, a memory-saving de-duplication featu ... oval:org.secpod.oval:def:601014 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues ... oval:org.secpod.oval:def:600803 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4086 Eric Sandeen reported an issue in the journaling layer for EXT4 filesystems ... oval:org.secpod.oval:def:600935 Multiple security issues have been found in Mahara - an electronic portfolio, weblog, and resume builder -, which can result in cross-site scripting, clickjacking or arbitrary file execution. oval:org.secpod.oval:def:600955 Lawrence Pit discovered that Ruby on Rails, a web development framenwork, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. The vulnerability has been addressed by removing the YAML backend and ad ... oval:org.secpod.oval:def:600942 It was discovered that Rails, the Ruby web application development framework, performed insufficient validation on input parameters, allowing unintended type conversions. An attacker may use this to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a ... oval:org.secpod.oval:def:600972 Sumit Soni discovered that PostgreSQL,an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service. oval:org.secpod.oval:def:600873 Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488 contrib/xml2"s xslt_process can be used to read and write external files and URLs. CVE-2012-3489 xml_parse fetches external files or URLs to resolve DTD and entity references in XML values. Th ... oval:org.secpod.oval:def:600741 Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked. This could ... oval:org.secpod.oval:def:601002 A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. oval:org.secpod.oval:def:600764 It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure. oval:org.secpod.oval:def:600574 Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code. CVE-2010-2531 An information leak was found in the var_export function. CVE-2011-0421 The Zip module could crash. CVE-2011-0708 An integer overflow was discovered in ... oval:org.secpod.oval:def:600862 It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling. oval:org.secpod.oval:def:600767 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4307 Nageswara R Sastry reported an issue in the ext4 filesystem. Local users wi ... oval:org.secpod.oval:def:601090 It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be ab ... oval:org.secpod.oval:def:600967 Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing c ... oval:org.secpod.oval:def:600827 Two vulnerabilities were discovered in PostgreSQL, an SQL database server: CVE-2012-2143 The crypt function in the pgcrypto contrib module did not handle certain passwords correctly, ignoring characters after the first character which does not fall into the ASCII range. CVE-2012-2655 SECURITY DEFINE ... oval:org.secpod.oval:def:600527 A flaw was found in the APR library, which could be exploited through Apache HTTPD"s mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used ... oval:org.secpod.oval:def:600529 The recent APR update DSA-2237-1 introduced a regression that could lead to an endless loop in the apr_fnmatch function, causing a denial of service. This update fixes this problem . For reference, the description of the original DSA, which fixed CVE-2011-0419: A flaw was found in the APR library, w ... oval:org.secpod.oval:def:600717 Several vulnerabilities have been discovered in Curl, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3389 This update enables OpenSSL workarounds against the "BEAST" attack oval:org.secpod.oval:def:600772 cURL is a command-line tool and library for transferring data with URL syntax. It was discovered that the countermeasures against the Dai/Rogaway chosen-plaintext attack on SSL/TLS cause interoperability issues with some server implementations. This update ads the the CURLOPT_SSL_OPTIONS and CURLSS ... oval:org.secpod.oval:def:601115 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2141 Emese Revfy provided a fix for an information leak in the ... oval:org.secpod.oval:def:600659 Several vulnerabilities have been discovered in Icedove, a mail client based on Thunderbird. CVE-2011-3647 The JSSubScriptLoader does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a craft ... oval:org.secpod.oval:def:600647 This update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority oval:org.secpod.oval:def:600649 CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to ... oval:org.secpod.oval:def:600667 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings c ... oval:org.secpod.oval:def:600663 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjami ... oval:org.secpod.oval:def:600691 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon han ... oval:org.secpod.oval:def:601074 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. oval:org.secpod.oval:def:600718 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. CVE-2011-2483 The crypt_blowf ... oval:org.secpod.oval:def:600719 A regression was found in the fix for PHP"s XSLT transformations . Updated packages are now available to address this regression. For reference, the original advisory text follows. Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposur ... |
